blog.malwarebytes.com Open in urlscan Pro
130.211.198.3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://sl.malwarebytes.com/t/10924/c/a86b06de-3b5b-4aa3-97be-1bf1c4012637/NB2HI4DTHIXS6YTMN5TS43LBNR3WC4TFMJ4XIZLTFZRW63JPO...
Effective URL:
https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Submission: On June 13 via manual (June 13th 2022, 6:41:29 pm UTC) from US — Scanned from US

Summary HTTP 152 Redirects Links 109 Behaviour Indicators

Summary

This website contacted 40 IPs in 3 countries across 33 domains to perform 152 HTTP transactions. The main IP is 130.211.198.3, located in Council Bluffs, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is blog.malwarebytes.com. The Cisco Umbrella rank of the primary domain is 288597.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on July 1st 2021. Valid for: a year.

This is the only time blog.malwarebytes.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	3.213.223.212 3.213.223.212	14618 (AMAZON-AES) (AMAZON-AES)
1 1	52.0.186.20 52.0.186.20	14618 (AMAZON-AES) (AMAZON-AES)
74	130.211.198.3 130.211.198.3	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2607:f8b0:400... 2607:f8b0:4006:807::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 15	2600:9000:21c... 2600:9000:21c3:da00:16:26c7:ff80:93a1	16509 (AMAZON-02) (AMAZON-02)
2	52.239.137.4 52.239.137.4	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2606:4700:10:... 2606:4700:10::6814:b944	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2607:f8b0:400... 2607:f8b0:4006:80e::2008	15169 (GOOGLE) (GOOGLE)
2	54.243.245.81 54.243.245.81	14618 (AMAZON-AES) (AMAZON-AES)
3	2a03:2880:f01... 2a03:2880:f012:10c:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
6	2607:f8b0:400... 2607:f8b0:4006:81e::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:7caf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:20f... 2600:9000:20fc:be00:8:8845:1500:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f11... 2a03:2880:f112:182:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2607:f8b0:400... 2607:f8b0:4004:c09::9d	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:80c::2004	15169 (GOOGLE) (GOOGLE)
2	2a04:4e42:79::84 2a04:4e42:79::84	54113 (FASTLY) (FASTLY)
1	2600:141b:13:... 2600:141b:13::17d7:82d9	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	65.9.44.119 65.9.44.119	16509 (AMAZON-02) (AMAZON-02)
1	52.70.45.34 52.70.45.34	14618 (AMAZON-AES) (AMAZON-AES)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	104.18.98.194 104.18.98.194	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	151.101.192.84 151.101.192.84	54113 (FASTLY) (FASTLY)
1	2620:1ec:49::40 2620:1ec:49::40	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2600:1f18:730... 2600:1f18:730:b120:4ab9:a165:6787:58f	14618 (AMAZON-AES) (AMAZON-AES)
1	34.202.82.185 34.202.82.185	14618 (AMAZON-AES) (AMAZON-AES)
4	104.45.184.134 104.45.184.134	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	142.251.32.98 142.251.32.98	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:823::2002	15169 (GOOGLE) (GOOGLE)
1	54.243.191.164 54.243.191.164	14618 (AMAZON-AES) (AMAZON-AES)
2 2	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
1 2	65.9.44.122 65.9.44.122	16509 (AMAZON-02) (AMAZON-02)
1	13.225.223.21 13.225.223.21	16509 (AMAZON-02) (AMAZON-02)
1 2	142.251.40.230 142.251.40.230	15169 (GOOGLE) (GOOGLE)
1 2	20.110.81.91 20.110.81.91	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2606:4700::68... 2606:4700::6813:9308	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	199.232.36.157 199.232.36.157	54113 (FASTLY) (FASTLY)
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
1	69.16.175.10 69.16.175.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	2607:f8b0:400... 2607:f8b0:4006:80b::2002	15169 (GOOGLE) (GOOGLE)
3	192.132.33.46 192.132.33.46	18568 (BIDTELLECT) (BIDTELLECT)
152	40

1 3.213.223.212 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-213-223-212.compute-1.amazonaws.com

sl.malwarebytes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.0.186.20 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-0-186-20.compute-1.amazonaws.com

app.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

74 130.211.198.3 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.198.211.130.bc.googleusercontent.com

blog.malwarebytes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:807::200a (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2600:9000:21c3:da00:16:26c7:ff80:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

www.malwarebytes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.239.137.4 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

optanon.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:b944 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:80e::2008 (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.243.245.81 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-243-245-81.compute-1.amazonaws.com

genesis.malwarebytes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f012:10c:face:b00c:0:3 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4006:81e::200e (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7caf (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20fc:be00:8:8845:1500:93a1 (United States)

ASN16509 (AMAZON-02, US)

b-code.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f112:182:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c09::9d (Ashburn, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80c::2004 (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:79::84 (United States)

ASN54113 (FASTLY, US)

s.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:13::17d7:82d9 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.44.119 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-44-119.arn54.r.cloudfront.net

scripts.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.70.45.34 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-70-45-34.compute-1.amazonaws.com

q.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.98.194 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

p.adsymptotic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.192.84 (United States)

ASN54113 (FASTLY, US)

ct.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:49::40 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:730:b120:4ab9:a165:6787:58f (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

rp.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.202.82.185 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-202-82-185.compute-1.amazonaws.com

rp4.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.45.184.134 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

a.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.32.98 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s77-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:823::2002 (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.243.191.164 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-243-191-164.compute-1.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.60.146 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.44.122 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-65-9-44-122.arn54.r.cloudfront.net

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.223.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-223-21.jfk51.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.40.230 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s39-in-f6.1e100.net

5118230.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.110.81.91 (Boydton, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9308 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.36.157 (New York, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.16.175.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: tlb.hwcdn.net

cdn.bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80b::2002 (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.132.33.46 (United States)

ASN18568 (BIDTELLECT, US)
PTR: 46.bidtellect.com

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
92	malwarebytes.com 2 redirects sl.malwarebytes.com blog.malwarebytes.com — Cisco Umbrella Rank: 288597 www.malwarebytes.com — Cisco Umbrella Rank: 33976 genesis.malwarebytes.com — Cisco Umbrella Rank: 336459	1 MB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 561 a.clarity.ms — Cisco Umbrella Rank: 5518 c.clarity.ms — Cisco Umbrella Rank: 1045	26 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 47	21 KB
5	linkedin.com 5 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 315 www.linkedin.com — Cisco Umbrella Rank: 482 px4.ads.linkedin.com — Cisco Umbrella Rank: 5732	4 KB
4	bttrack.com cdn.bttrack.com — Cisco Umbrella Rank: 7027 bttrack.com — Cisco Umbrella Rank: 826	6 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 341 c.bing.com — Cisco Umbrella Rank: 202	13 KB
4	doubleclick.net 1 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 104 googleads.g.doubleclick.net — Cisco Umbrella Rank: 48 5118230.fls.doubleclick.net	3 KB
4	gravatar.com secure.gravatar.com — Cisco Umbrella Rank: 1534	22 KB
3	company-target.com 1 redirects segments.company-target.com — Cisco Umbrella Rank: 1211 api.company-target.com — Cisco Umbrella Rank: 2867	2 KB
3	google.com www.google.com — Cisco Umbrella Rank: 4 adservice.google.com — Cisco Umbrella Rank: 82	1 KB
3	liadm.com 1 redirects b-code.liadm.com — Cisco Umbrella Rank: 3585 rp.liadm.com — Cisco Umbrella Rank: 2521 rp4.liadm.com — Cisco Umbrella Rank: 11099	12 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 152	130 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 80	207 KB
2	crazyegg.com script.crazyegg.com — Cisco Umbrella Rank: 1807	3 KB
2	rlcdn.com 2 redirects id.rlcdn.com — Cisco Umbrella Rank: 601	452 B
2	pinterest.com ct.pinterest.com — Cisco Umbrella Rank: 793	827 B
2	adsymptotic.com 1 redirects p.adsymptotic.com — Cisco Umbrella Rank: 518	537 B
2	pinimg.com s.pinimg.com — Cisco Umbrella Rank: 771	19 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 97	426 B
2	windows.net optanon.blob.core.windows.net — Cisco Umbrella Rank: 6203	27 KB
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 507	353 B
1	t.co t.co — Cisco Umbrella Rank: 467	337 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 632	14 KB
1	bidr.io match.prod.bidr.io — Cisco Umbrella Rank: 487	111 B
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 127	15 KB
1	quora.com q.quora.com — Cisco Umbrella Rank: 2818	421 B
1	demandbase.com scripts.demandbase.com — Cisco Umbrella Rank: 5669	19 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 775	3 KB
1	unpkg.com unpkg.com — Cisco Umbrella Rank: 910	2 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 733	257 B
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 434	2 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 55	1 KB
1	salesloft.com 1 redirects app.salesloft.com — Cisco Umbrella Rank: 27152	619 B
152	33

	Domain	Requested by
74	blog.malwarebytes.com	blog.malwarebytes.com www.malwarebytes.com
15	www.malwarebytes.com	1 redirects blog.malwarebytes.com www.googletagmanager.com
6	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com blog.malwarebytes.com
4	a.clarity.ms	www.clarity.ms a.clarity.ms
4	secure.gravatar.com	blog.malwarebytes.com secure.gravatar.com
3	bttrack.com	cdn.bttrack.com bttrack.com
3	px.ads.linkedin.com	3 redirects
3	bat.bing.com	www.googletagmanager.com bat.bing.com blog.malwarebytes.com
3	connect.facebook.net	www.googletagmanager.com connect.facebook.net
3	www.googletagmanager.com	blog.malwarebytes.com www.googletagmanager.com
2	script.crazyegg.com	www.googletagmanager.com script.crazyegg.com
2	c.clarity.ms	1 redirects
2	5118230.fls.doubleclick.net	1 redirects www.malwarebytes.com
2	segments.company-target.com	1 redirects blog.malwarebytes.com
2	id.rlcdn.com	2 redirects
2	ct.pinterest.com	s.pinimg.com blog.malwarebytes.com
2	p.adsymptotic.com	1 redirects blog.malwarebytes.com
2	s.pinimg.com	www.googletagmanager.com s.pinimg.com
2	www.google.com	blog.malwarebytes.com
2	www.facebook.com	blog.malwarebytes.com
2	genesis.malwarebytes.com	www.malwarebytes.com
2	optanon.blob.core.windows.net	blog.malwarebytes.com optanon.blob.core.windows.net
1	adservice.google.com	5118230.fls.doubleclick.net
1	cdn.bttrack.com	5118230.fls.doubleclick.net
1	analytics.twitter.com
1	t.co
1	static.ads-twitter.com	blog.malwarebytes.com
1	c.bing.com	1 redirects
1	api.company-target.com	scripts.demandbase.com
1	match.prod.bidr.io	blog.malwarebytes.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	www.googleadservices.com	www.googletagmanager.com
1	rp4.liadm.com	blog.malwarebytes.com
1	rp.liadm.com	1 redirects
1	www.clarity.ms	bat.bing.com
1	px4.ads.linkedin.com	1 redirects
1	www.linkedin.com	1 redirects
1	q.quora.com	blog.malwarebytes.com
1	scripts.demandbase.com	blog.malwarebytes.com
1	snap.licdn.com	www.googletagmanager.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	b-code.liadm.com	www.googletagmanager.com
1	unpkg.com	www.googletagmanager.com
1	geolocation.onetrust.com	www.malwarebytes.com
1	cdn.jsdelivr.net	blog.malwarebytes.com
1	fonts.googleapis.com	blog.malwarebytes.com
1	app.salesloft.com	1 redirects
1	sl.malwarebytes.com	1 redirects
152	48

This site contains links to these domains. Also see Links.

Domain
www.malwarebytes.com
resources.malwarebytes.com
press.malwarebytes.com
www.rsaconference.com
support.malwarebytes.com
forums.malwarebytes.com
www.youtube.com
jobs.malwarebytes.com
my.malwarebytes.com
cloud.malwarebytes.com
partners.malwarebytes.com
www.facebook.com
twitter.com
www.linkedin.com
go.malwarebytes.com
www.zdnet.com
www.teiss.co.uk
www.secplicity.org
arstechnica.com
www.tesorion.nl
www.fortinet.com
blog.talosintelligence.com
www.oracle.com
intel471.com
www.cvent.com
docs.microsoft.com
portal.msrc.microsoft.com
threatpost.com
marketplace.connectwise.com
www.twitter.com
www.instagram.com
de.malwarebytes.com
es.malwarebytes.com
fr.malwarebytes.com
it.malwarebytes.com
pt.malwarebytes.com
br.malwarebytes.com
nl.malwarebytes.com
pl.malwarebytes.com
ru.malwarebytes.com

Subject Issuer	Validity	Valid
blog.malwarebytes.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-01` - `2022-07-14`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-02` - `2023-06-01`	a year	crt.sh
www.malwarebytes.com Amazon	`2022-04-26` - `2023-05-25`	a year	crt.sh
*.blob.core.windows.net Microsoft RSA TLS CA 01	`2022-03-15` - `2023-03-15`	a year	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-01-12` - `2023-01-12`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
*.malwarebytes.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-08` - `2022-11-08`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-03-23` - `2022-06-21`	3 months	crt.sh
*.liadm.com Amazon	`2022-01-31` - `2023-03-01`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
*.pinterest.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-27` - `2022-08-05`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2022-06-10` - `2022-12-10`	6 months	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2021-10-18` - `2022-10-14`	a year	crt.sh
*.quora.com R3	`2022-03-27` - `2022-06-25`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-02-27` - `2023-02-27`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 02	`2022-06-07` - `2023-06-02`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
*.match.prod.bidr.io Amazon	`2022-01-27` - `2023-02-25`	a year	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2021-10-20` - `2022-09-26`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2022-02-22` - `2023-02-22`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-22` - `2023-02-22`	a year	crt.sh
*.bttrack.com Sectigo RSA Domain Validation Secure Server CA	`2022-03-21` - `2023-04-20`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Frame ID: 4EBD030AC55E92CDE31A6465388F633D
Requests: 145 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 4140A5F70364CDF2E7022B79494FBB49
Requests: 1 HTTP requests in this frame

Frame: https://5118230.fls.doubleclick.net/activityi;dc_pre=CNWZ7pSKq_gCFfsGaAgdw38Dhw;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=1057153790401.1263
Frame ID: B8BB5EBD982849308F1FF74F86D65F5C
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

[UPDATED] Threat Spotlight: Sodinokibi/REvil ransomware | Malwarebytes Labs The official Malwarebytes logo

Page URL History Show full URLs

https://sl.malwarebytes.com/t/10924/c/a86b06de-3b5b-4aa3-97be-1bf1c4012637/NB2HI4DTHIXS6YTMN5TS43LBNR3WC... HTTP 302
https://app.salesloft.com/t/10924/c/a86b06de-3b5b-4aa3-97be-1bf1c4012637/NB2HI4DTHIXS6YTMN5TS43LBNR3WC... HTTP 302
https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Lightbox (JavaScript Libraries) Expand

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

optanon\.blob\.core\.windows\.net

Underscore.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

underscore.*\.js(?:\?ver=([\d.]+))?

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

152
Requests

97 %
HTTPS

48 %
IPv6

33
Domains

48
Subdomains

40
IPs

3
Countries

1764 kB
Transfer

3947 kB
Size

44
Cookies

109 Outgoing links

These are links going to different origins than the main page.

URL: https://www.malwarebytes.com/premium/
Title: Malwarebytes for Windows

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/mac/
Title: Malwarebytes for Mac

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/chromebook/
Title: Malwarebytes for Chromebook

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/browserguard/
Title: Malwarebytes Browser Guard

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/for-home/
Title: Overview

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/android/
Title: Malwarebytes for Android

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/ios/
Title: Malwarebytes for iOS

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/vpn/
Title: Malwarebytes Privacy VPN

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/for-home/products/
Title: Explore all Personal Products

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/pricing/
Title: Explore Pricing

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/mwb-download/thankyou/
Title: Free Trial of Malwarebytes Premium Protect your devices, your data, and your privacy—at home or on the go. Get free trial

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/solutions
Title: Solutions

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/solutions/small-business
Title: Small Business

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/pricing/business

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/solutions/mid-market/
Title: Mid-size Businesses

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/solutions/enterprise/
Title: Large Enterprise

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/education/
Title: Education

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/finance/
Title: Finance

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/healthcare/
Title: Healthcare

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/government/
Title: Government

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/products
Title: Products

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/endpoint-protection/
Title: Endpoint Protection

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/endpoint-protection/server-security/
Title: Endpoint Protection for Servers

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/edr/
Title: Endpoint Detection & Response

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/edr/server-security/
Title: Endpoint Detection & Response for Servers

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/incident-response/
Title: Incident Response

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/services/malware-removal
Title: Malware Removal Service

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/cloud/
Title: Nebula Platform Architecture

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/vulnerability-patch-management
Title: Vulnerability & Patch Management

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/crowdstrike/
Title: Remediation for CrowdStrike®

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/teams
Title: For Teams

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/product-selector
Title: Help me choose a product

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/request_trial?ref=nav
Title: Get a free trial

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/partners/
Title: Explore Partnerships

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/partners/solution-providers/
Title: Resellers

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/partners/managed-service-providers/
Title: Managed Service Providers

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/techbench/
Title: Computer Repair

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/integrations/
Title: Technology Partners

Search URL Search Domain Scan URL

URL: https://resources.malwarebytes.com/casestudy/optimus-systems-delivers-trusted-desktop-security-services-malwarebytes-managed-services-provider/
Title: See full story

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/antivirus/
Title: Antivirus

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/malware/
Title: Malware

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/ransomware/
Title: Ransomware

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/cybersecurity/
Title: See all

Search URL Search Domain Scan URL

URL: https://resources.malwarebytes.com/#reviews
Title: Reviews

Search URL Search Domain Scan URL

URL: https://resources.malwarebytes.com/#analyst-reports
Title: Analyst Reports

Search URL Search Domain Scan URL

URL: https://resources.malwarebytes.com/casestudies/
Title: Case Studies

Search URL Search Domain Scan URL

URL: https://resources.malwarebytes.com/
Title: See all

Search URL Search Domain Scan URL

URL: https://press.malwarebytes.com/
Title: Learn more

Search URL Search Domain Scan URL

URL: https://www.rsaconference.com/usa
Title: See Event

Search URL Search Domain Scan URL

URL: https://support.malwarebytes.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/services/
Title: Premium Services

Search URL Search Domain Scan URL

URL: https://forums.malwarebytes.com/
Title: Forums

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/secure/
Title: Vulnerability Disclosure

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCB7JQhkZpiyvGPufW2RPBoQ
Title: Training for Personal Products

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/academy/
Title: Training for Business Products

Search URL Search Domain Scan URL

URL: https://support.malwarebytes.com/hc/en-us/articles/360046199873-Activate-Malwarebytes-Privacy-on-Windows-device
Title: See Content

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/contact/
Title: CONTACT US

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/company/
Title: About Malwarebytes

Search URL Search Domain Scan URL

URL: https://jobs.malwarebytes.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://my.malwarebytes.com/en/login/
Title: My Account

Search URL Search Domain Scan URL

URL: https://cloud.malwarebytes.com/
Title: Cloud Console

Search URL Search Domain Scan URL

URL: https://partners.malwarebytes.com/English/
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/newsletter/?email=&source=labs
Title: SUBSCRIBE

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Malwarebytes/

Search URL Search Domain Scan URL

URL: https://twitter.com/malwarebytes

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/malwarebytes

Search URL Search Domain Scan URL

URL: https://go.malwarebytes.com/CM_NA_MITREResults_0.1LP.html
Title: View Results >

Search URL Search Domain Scan URL

URL: https://www.zdnet.com/article/at-least-20-texas-local-governments-hit-in-coordinated-ransomware-attack/
Title: local governments

Search URL Search Domain Scan URL

URL: https://www.teiss.co.uk/revil-ransomware-gang-targets-law-firm/
Title: Grubman Shire Meiselas & Sacks

Search URL Search Domain Scan URL

URL: https://www.secplicity.org/2021/03/23/alleged-acer-revil-randomware-infection-breaks-record-with-50-million-demand/
Title: Acer

Search URL Search Domain Scan URL

URL: https://arstechnica.com/information-technology/2020/01/unpatched-vpn-makes-travelex-latest-victim-of-revil-ransomware/
Title: Travelex

Search URL Search Domain Scan URL

URL: https://www.tesorion.nl/aconnection-between-the-sodinokibi-and-gandcrab-ransomware-families/
Title: cybersecurity professionals

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/gandcrab/
Title: GandCrab ransomware

Search URL Search Domain Scan URL

URL: https://twitter.com/Damian1338B/
Title: Damian

Search URL Search Domain Scan URL

URL: https://www.fortinet.com/blog/threat-research/gandcrab-threat-actors-retire.html
Title: skepticism

Search URL Search Domain Scan URL

URL: https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html
Title: released

Search URL Search Domain Scan URL

URL: https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html
Title: a zero-day vulnerability

Search URL Search Domain Scan URL

URL: https://intel471.com/blog/revil-ransomware-as-a-service-an-analysis-of-a-ransomware-affiliate-operation/
Title: a blog post by Intel 471

Search URL Search Domain Scan URL

URL: https://www.cvent.com/events/awareness-briefing-chinese-cyber-activity-targeting-managed-service-providers/archived-4b6946484ee141ac8ebe76047f198e1c.aspx
Title: nation-state actors included

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/vss/shadow-copies-and-shadow-copy-sets
Title: according to the Windows Dev Center

Search URL Search Domain Scan URL

URL: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8453
Title: CVE-2018-8453

Search URL Search Domain Scan URL

URL: https://threatpost.com/fruityarmor-apt-exploits-yet-another-windows-graphics-kernel-flaw/138192/
Title: the FruitArmor APT

Search URL Search Domain Scan URL

URL: http://www.malwarebytes.com/premium
Title: premium consumer users

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/endpointprotectionandresponse/
Title: signature-less detection

Search URL Search Domain Scan URL

URL: https://marketplace.connectwise.com/kaseya
Title: the latest version

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D39588&t=%5BUPDATED%5D+Threat+Spotlight%3A+Sodinokibi%2FREvil+ransomware

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=%5BUPDATED%5D+Threat+Spotlight%3A+Sodinokibi%2FREvil+ransomware+https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D39588&via=Malwarebytes

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fblog.malwarebytes.com%2F%3Fp%3D39588&title=%5BUPDATED%5D+Threat+Spotlight%3A+Sodinokibi%2FREvil+ransomware&summary=&source=

Search URL Search Domain Scan URL

URL: https://www.twitter.com/joviannfeed

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/Malwarebytes

Search URL Search Domain Scan URL

URL: https://www.instagram.com/malwarebytesofficial/

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/business/
Title: FOR BUSINESS

Search URL Search Domain Scan URL

URL: https://my.malwarebytes.com/en/login
Title: SIGN IN

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/legal/
Title: Legal

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/legal/privacy-policy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/accessibility/
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/tos/
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/
Title: English

Search URL Search Domain Scan URL

URL: https://de.malwarebytes.com/
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://es.malwarebytes.com/
Title: Español

Search URL Search Domain Scan URL

URL: https://fr.malwarebytes.com/
Title: Français

Search URL Search Domain Scan URL

URL: https://it.malwarebytes.com/
Title: Italiano

Search URL Search Domain Scan URL

URL: https://pt.malwarebytes.com/
Title: Português (Portugal)

Search URL Search Domain Scan URL

URL: https://br.malwarebytes.com/
Title: Português (Brasil)

Search URL Search Domain Scan URL

URL: https://nl.malwarebytes.com/
Title: Nederlands

Search URL Search Domain Scan URL

URL: https://pl.malwarebytes.com/
Title: Polski

Search URL Search Domain Scan URL

URL: https://ru.malwarebytes.com/
Title: Pусский

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/jp/
Title: 日本語

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/se/
Title: Svenska

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://sl.malwarebytes.com/t/10924/c/a86b06de-3b5b-4aa3-97be-1bf1c4012637/NB2HI4DTHIXS6YTMN5TS43LBNR3WC4TFMJ4XIZLTFZRW63JPORUHEZLBOQWXG4DPORWGSZ3IOQXTEMBRHEXTANZPORUHEZLBOQWXG4DPORWGSZ3IOQWXG33ENFXG623JMJUS24TBNZZW63LXMFZGKLLBOR2GK3LQORZS25DPFVTGS3DMFVTWC3TEMNZGCYRNOZXWSZBP/blog-malwarebytes-com-threat-spotlight-2019-07-threat-spotlight-sodinokibi- HTTP 302
https://app.salesloft.com/t/10924/c/a86b06de-3b5b-4aa3-97be-1bf1c4012637/NB2HI4DTHIXS6YTMN5TS43LBNR3WC4TFMJ4XIZLTFZRW63JPORUHEZLBOQWXG4DPORWGSZ3IOQXTEMBRHEXTANZPORUHEZLBOQWXG4DPORWGSZ3IOQWXG33ENFXG623JMJUS24TBNZZW63LXMFZGKLLBOR2GK3LQORZS25DPFVTGS3DMFVTWC3TEMNZGCYRNOZXWSZBP/blog-malwarebytes-com-threat-spotlight-2019-07-threat-spotlight-sodinokibi- HTTP 302
https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 27

https://www.malwarebytes.com/css/NEW-NAV.css HTTP 301
https://www.malwarebytes.com/css/new-nav.css

Request Chain 118

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1655145683632&url=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1655145683632&url=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void%2F&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2594100%26time%3D1655145683632%26url%3Dhttps%253A%252F%252Fblog.malwarebytes.com%252Fthreat-spotlight%252F2019%252F07%252Fthreat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1655145683632&url=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void%2F&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1655145683632&url=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void%2F&cookiesTest=true&liSync=true&e_ipv6=AQLJmky0oFsNcAAAAYFeXtxS624JQmyHmyHNtAVunf3K0veY-urcEGlt8UerW8S8ECkmrB3zHSoulke3L74dn3QlvH8q4c4 HTTP 302
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=42136c69-dbe2-4bb0-ae4b-bab7c2e576a3 HTTP 302
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=42136c69-dbe2-4bb0-ae4b-bab7c2e576a3&_expected_cookie=9e5c6a61e0c9ad5b892c171e83a52c22

Request Chain 125

https://rp.liadm.com/j?dtstmp=1655145683726&aid=a-06kg&se=e30&duid=ff3668206ce6--01g5f5xpn3vqfshc18rwh2w2et&tna=v2.3.1&pu=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void%2F&wpn=lc-bundle&c=PHRpdGxlPgoKW1VQREFURURdIFRocmVhdCBTcG90bGlnaHQ6IFNvZGlub2tpYmkvUkV2aWwgcmFuc29td2FyZSB8IE1hbHdhcmVieXRlcyBMYWJzICA8L3RpdGxlPjxtZXRhIG5hbWU9ImRlc2NyaXB0aW9uIiBjb250ZW50PSJUaGVyZeKAmXMgYSBuZXcgcmFuc29td2FyZS1hcy1hLXNlcnZpY2UgKFJhYVMpIGluIHRvd24sIGFuZCBpdCBjYW4gdHdpc3QgdG9uZ3VlcyBmb3IgZ2lnZ2xlcyBhcyBtdWNoIGFzIHR3aXN0IG9yZ2FuaXphdGlvbnMnIGFybXMgZm9yIGNhc2guIEdldCB0byBrbm93IHRoZSBTb2Rpbm9raWJpL1JFdmlsIHJhbnNvbXdhcmUsIGluY2x1ZGluZyBob3cgdG8gcHJvdGVjdCBhZ2FpbnN0IHRoaXMgdGhyZWF0LiI-PGxpbmsgcmVsPSJjYW5vbmljYWwiIGhyZWY9Imh0dHBzOi8vYmxvZy5tYWx3YXJlYnl0ZXMuY29tL3RocmVhdC1zcG90bGlnaHQvMjAxOS8wNy90aHJlYXQtc3BvdGxpZ2h0LXNvZGlub2tpYmktcmFuc29td2FyZS1hdHRlbXB0cy10by1maWxsLWdhbmRjcmFiLXZvaWQvIj48dGl0bGUgaWQ9Im1hbHdhcmVieXRlcy1tYWluLWxvZ28tdGl0bGUiPlRoZSBvZmZpY2lhbCBNYWx3YXJlYnl0ZXMgbG9nbzwvdGl0bGU-PGgxIGNsYXNzPSJlbnRyeS10aXRsZSBwLW5hbWUiPgoJCQkJCVtVUERBVEVEXSBUaHJlYXQgU3BvdGxpZ2h0OiBTb2Rpbm9raWJpL1JFdmlsIHJhbnNvbXdhcmUJCQkJPC9oMT4 HTTP 302
https://rp4.liadm.com/j?dtstmp=1655145683726&aid=a-06kg&se=e30&duid=ff3668206ce6--01g5f5xpn3vqfshc18rwh2w2et&tna=v2.3.1&pu=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void%2F&wpn=lc-bundle&c=PHRpdGxlPgoKW1VQREFURURdIFRocmVhdCBTcG90bGlnaHQ6IFNvZGlub2tpYmkvUkV2aWwgcmFuc29td2FyZSB8IE1hbHdhcmVieXRlcyBMYWJzICA8L3RpdGxlPjxtZXRhIG5hbWU9ImRlc2NyaXB0aW9uIiBjb250ZW50PSJUaGVyZeKAmXMgYSBuZXcgcmFuc29td2FyZS1hcy1hLXNlcnZpY2UgKFJhYVMpIGluIHRvd24sIGFuZCBpdCBjYW4gdHdpc3QgdG9uZ3VlcyBmb3IgZ2lnZ2xlcyBhcyBtdWNoIGFzIHR3aXN0IG9yZ2FuaXphdGlvbnMnIGFybXMgZm9yIGNhc2guIEdldCB0byBrbm93IHRoZSBTb2Rpbm9raWJpL1JFdmlsIHJhbnNvbXdhcmUsIGluY2x1ZGluZyBob3cgdG8gcHJvdGVjdCBhZ2FpbnN0IHRoaXMgdGhyZWF0LiI-PGxpbmsgcmVsPSJjYW5vbmljYWwiIGhyZWY9Imh0dHBzOi8vYmxvZy5tYWx3YXJlYnl0ZXMuY29tL3RocmVhdC1zcG90bGlnaHQvMjAxOS8wNy90aHJlYXQtc3BvdGxpZ2h0LXNvZGlub2tpYmktcmFuc29td2FyZS1hdHRlbXB0cy10by1maWxsLWdhbmRjcmFiLXZvaWQvIj48dGl0bGUgaWQ9Im1hbHdhcmVieXRlcy1tYWluLWxvZ28tdGl0bGUiPlRoZSBvZmZpY2lhbCBNYWx3YXJlYnl0ZXMgbG9nbzwvdGl0bGU-PGgxIGNsYXNzPSJlbnRyeS10aXRsZSBwLW5hbWUiPgoJCQkJCVtVUERBVEVEXSBUaHJlYXQgU3BvdGxpZ2h0OiBTb2Rpbm9raWJpL1JFdmlsIHJhbnNvbXdhcmUJCQkJPC9oMT4&i6=MmEwZDo1NjAwOjI0OjE1MDA6MTAxMTo4NTQyOjZjZGQ6OTcyZg%3D%3D&n3pc=true

Request Chain 133

https://id.rlcdn.com/464526.gif HTTP 307
https://id.rlcdn.com/1000.gif?memo=CI6tHBoNCNSJnpUGEgUI6AcQAEIASgA HTTP 307
https://segments.company-target.com/log?vendor=liveramp&user_id=Xc129704f3LxFSeASGgkkeGjEiVzfrBZeiDhA7emWlqItqWF8 HTTP 303
https://segments.company-target.com/validateCookie?vendor=liveramp&user_id=Xc129704f3LxFSeASGgkkeGjEiVzfrBZeiDhA7emWlqItqWF8&verifyHash=bdce8f5002ef5b75ace9f052a7a830ce14ff6e48

Request Chain 137

https://5118230.fls.doubleclick.net/activityi;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=1057153790401.1263 HTTP 302
https://5118230.fls.doubleclick.net/activityi;dc_pre=CNWZ7pSKq_gCFfsGaAgdw38Dhw;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=1057153790401.1263

Request Chain 138

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=000034317D96444EA7E7D935264DD2F9&RedC=c.clarity.ms&MXFR=0E8F246F585561C102AD35AD5C556FD3 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=000034317D96444EA7E7D935264DD2F9&MUID=2415A82FD6C36FF13181B9EDD7A16E18

152 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Redirect Chain

https://sl.malwarebytes.com/t/10924/c/a86b06de-3b5b-4aa3-97be-1bf1c4012637/NB2HI4DTHIXS6YTMN5TS43LBNR3WC4TFMJ4XIZLTFZRW63JPORUHEZLBOQWXG4DPORWGSZ3IOQXTEMBRHEXTANZPORUHEZLBOQWXG4DPORWGSZ3IOQWXG33ENF...
https://app.salesloft.com/t/10924/c/a86b06de-3b5b-4aa3-97be-1bf1c4012637/NB2HI4DTHIXS6YTMN5TS43LBNR3WC4TFMJ4XIZLTFZRW63JPORUHEZLBOQWXG4DPORWGSZ3IOQXTEMBRHEXTANZPORUHEZLBOQWXG4DPORWGSZ3IOQWXG33ENFXG...
https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

168 KB
40 KB

140ms
60ms

Document
text/html

130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

3.198.211.130.bc.googleusercontent.com

Software

nginx / WP Engine

Resource Hash

c7c47e54bf89bbcb460c6c2fe8ce6feaa5fb248944d700ed4134ea52824c084c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors none;
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

cache-control: max-age=600, must-revalidate
content-encoding: br
content-security-policy: frame-ancestors none;
content-type: text/html; charset=UTF-8
date: Mon, 13 Jun 2022 18:41:21 GMT
link: <https://blog.malwarebytes.com/wp-json/>; rel="https://api.w.org/" <https://blog.malwarebytes.com/wp-json/wp/v2/posts/39588>; rel="alternate"; type="application/json" <https://blog.malwarebytes.com/?p=39588>; rel=shortlink
server: nginx
vary: Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: HIT: 1
x-cache-group: normal
x-cacheable: SHORT
x-frame-options: DENY
x-pingback: https://blog.malwarebytes.com/xmlrpc.php
x-powered-by: WP Engine

Redirect headers

Cache-Control: no-cache
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Date: Mon, 13 Jun 2022 18:41:21 GMT
Location: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
Vary: Origin
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Request-Id: 0a9908d47bad6b1d91b73596ebf45cf9
X-Runtime: 0.063452
X-XSS-Protection: 1; mode=block
transfer-encoding: chunked

GET
H2 200 related-posts.css
blog.malwarebytes.com/wp-content/plugins/jetpack/modules/related-posts/ 7 KB
2 KB 33ms
32ms Stylesheet
text/css 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/jetpack/modules/related-posts/related-posts.css?ver=20211209
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: f50dc78339a9052160c523d10e4412d402487375a296dccfd3b995174cd03e11

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:21 GMT
content-encoding: br
last-modified: Tue, 22 Feb 2022 22:04:00 GMT
server: nginx
etag: W/"62155dd0-1cf6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 style.min.css
blog.malwarebytes.com/wp-includes/css/dist/block-library/ 81 KB
11 KB 34ms
32ms Stylesheet
text/css 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/css/dist/block-library/style.min.css?ver=5.9.3
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:21 GMT
content-encoding: br
last-modified: Wed, 30 Mar 2022 11:30:25 GMT
server: nginx
etag: W/"62443f51-145db"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 mediaelementplayer-legacy.min.css
blog.malwarebytes.com/wp-includes/js/mediaelement/ 11 KB
3 KB 34ms
32ms Stylesheet
text/css 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:21 GMT
content-encoding: br
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
server: nginx
etag: W/"5f735862-2bf8"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 wp-mediaelement.min.css
blog.malwarebytes.com/wp-includes/js/mediaelement/ 4 KB
1 KB 40ms
35ms Stylesheet
text/css 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=5.9.3
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:21 GMT
content-encoding: br
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
server: nginx
etag: W/"5cfaccce-105a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 prettyPhoto.min.css
blog.malwarebytes.com/wp-content/plugins/responsive-lightbox/assets/prettyphoto/ 19 KB
3 KB 40ms
34ms Stylesheet
text/css 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/responsive-lightbox/assets/prettyphoto/prettyPhoto.min.css?ver=2.3.4
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 3df56cf5e9b367ce3a1f69c52fe68655893e7443d0b9df0a8a094606775657c0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:21 GMT
content-encoding: br
last-modified: Tue, 22 Feb 2022 22:04:27 GMT
server: nginx
etag: W/"62155deb-4bdc"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 css
fonts.googleapis.com/ 16 KB
1 KB 41ms
21ms Stylesheet
text/css 2607:f8b0:4006:807::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro%3A300%2C400%2C700%2C300italic%2C400italic%2C700italic%7CBitter%3A400%2C700&subset=latin%2Clatin-ext

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::200a Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

931e7ae800b3066e60fc60c7cbcd50a24487430821db127cac9ba0231a172c2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blog.malwarebytes.com/
Origin: https://blog.malwarebytes.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 13 Jun 2022 17:54:17 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 13 Jun 2022 18:41:21 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 13 Jun 2022 18:41:21 GMT

GET
H2 200 genericons.css
blog.malwarebytes.com/wp-content/plugins/jetpack/_inc/genericons/genericons/ 28 KB
16 KB 48ms
42ms Stylesheet
text/css 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/jetpack/_inc/genericons/genericons/genericons.css?ver=3.1
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 4ed10d0d64bb1515397e8666a63f484d640dbc5678fa62574e077b7aef1c3af2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:21 GMT
content-encoding: br
last-modified: Tue, 22 Feb 2022 22:04:01 GMT
server: nginx
etag: W/"62155dd1-6e6a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 related-posts.min.js Show response
blog.malwarebytes.com/wp-content/plugins/jetpack/_inc/build/related-posts/ 6 KB
2 KB 49ms
43ms Script
application/javascript 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/jetpack/_inc/build/related-posts/related-posts.min.js?ver=20211209
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: fe66ac5df69c78be7dfcf75943079129dbf24a254e89febc5a7e916d40de43bc

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:21 GMT
content-encoding: br
last-modified: Tue, 22 Feb 2022 22:04:01 GMT
server: nginx
etag: W/"62155dd1-160c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jquery.min.js Show response
blog.malwarebytes.com/wp-includes/js/jquery/ 87 KB
31 KB 57ms
51ms Script
application/javascript 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:21 GMT
content-encoding: br
last-modified: Wed, 10 Mar 2021 15:07:24 GMT
server: nginx
etag: W/"6048e0ac-15db1"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jquery-migrate.min.js Show response
blog.malwarebytes.com/wp-includes/js/jquery/ 11 KB
4 KB 66ms
60ms Script
application/javascript 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:21 GMT
content-encoding: br
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
server: nginx
etag: W/"5fb4e3fe-2bd8"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jquery.prettyPhoto.min.js Show response
blog.malwarebytes.com/wp-content/plugins/responsive-lightbox/assets/prettyphoto/ 22 KB
6 KB 66ms
60ms Script
application/javascript 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/responsive-lightbox/assets/prettyphoto/jquery.prettyPhoto.min.js?ver=2.3.4
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: ba0504cfd673e9fbf0bab2b70a67ac1bbea97891e12fc8cd3f94070f0c4898f8

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:21 GMT
content-encoding: br
last-modified: Tue, 22 Feb 2022 22:04:27 GMT
server: nginx
etag: W/"62155deb-5955"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 underscore.min.js Show response
blog.malwarebytes.com/wp-includes/js/ 19 KB
8 KB 73ms
67ms Script
application/javascript 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/underscore.min.js?ver=1.13.1
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 4f6366518c3d992d6a9a3aee342675532822d6b1d66217df7b284bb450dbb99a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:21 GMT
content-encoding: br
last-modified: Mon, 01 Nov 2021 21:47:13 GMT
server: nginx
etag: W/"61806061-4a7d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 infinite-scroll.pkgd.min.js Show response
blog.malwarebytes.com/wp-content/plugins/responsive-lightbox/assets/infinitescroll/ 22 KB
7 KB 76ms
70ms Script
application/javascript 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/responsive-lightbox/assets/infinitescroll/infinite-scroll.pkgd.min.js?ver=5.9.3
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 095834cc86bd018fdb4a9e31c99f9f96904b819be2b9dc16b3390383288d4d90

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:21 GMT
content-encoding: br
last-modified: Tue, 22 Feb 2022 22:04:27 GMT
server: nginx
etag: W/"62155deb-581b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 front.js Show response
blog.malwarebytes.com/wp-content/plugins/responsive-lightbox/js/ 26 KB
6 KB 79ms
73ms Script
application/javascript 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/responsive-lightbox/js/front.js?ver=2.3.4
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: dfb8eb0e0b152ba0c88f5281a71fbe5261cb76485928bd90150d04c7aa4ff4d6

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:21 GMT
content-encoding: br
last-modified: Tue, 22 Feb 2022 22:04:27 GMT
server: nginx
etag: W/"62155deb-6737"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 normalize.css
cdn.jsdelivr.net/npm/normalize.css@8.0.1/ 6 KB
2 KB 71ms
49ms Stylesheet
text/css 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/normalize.css@8.0.1/normalize.css

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

580818700724d42d7fcc4979b0197971fca1c6d2e0286769237a0ac897df5512

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:22 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 7291157
x-jsd-version: 8.0.1
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19181-FRA, cache-ewr18148-EWR
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"17fa-f/3jQ73xCt0fBS88QwihUYDrRAQ"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yaozbDTIVHon%2ByiD9LzWfhVmjwvZA3tH4JbAwQk4iixLgmJSj5YsSXAncYuqL1nFrRZ4oBU8HGVKc1L9jSJMU9JwAQWIrzOx%2B8cj5bjg89VhL0Tnsdl1vtEQhFXR8OIbdbDFp79KNkmFwoAi6aU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 71acf5c04c5ee84d-EWR

GET
H2 200 style.css
www.malwarebytes.com/css/ 222 KB
34 KB 723ms
446ms Stylesheet
text/css 2600:9000:21c3:da00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/css/style.css?12-20-2016

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21c3:da00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

106ff2dcabdf33e3a570650ebd622f534c02c6f751a8320ed879e172d767bbd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
last-modified: Tue, 20 Jul 2021 14:26:52 GMT
server: Microsoft-IIS/10.0
x-amz-cf-pop: ARN1-C1
x-powered-by: ASP.NET
etag: W/"60f6b548737dd71:0"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: text/css
via: 1.1 c908cbeaf223c80632fd467b8ff1278a.cloudfront.net (CloudFront)
cache-control: max-age=900
date: Mon, 13 Jun 2022 18:41:21 GMT
x-amz-cf-id: 1Q7PEIYRFdctgVHZryfHbqj_WhkFEZUolpOJi2Zlc1O_rd-aSbqrJQ==

GET
H2 200 style.css
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/ 192 KB
31 KB 78ms
73ms Stylesheet
text/css 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: cf126d092565c91c38831b0aa49000dd02c0f8160481d2f3969fbd6fdcba3c3d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:21 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-2ff5b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jquery-1.11.3.min.js Show response
www.malwarebytes.com/js/ 94 KB
33 KB 761ms
484ms Script
application/javascript 2600:9000:21c3:da00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/js/jquery-1.11.3.min.js

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21c3:da00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
last-modified: Tue, 20 Jul 2021 23:13:40 GMT
server: Microsoft-IIS/10.0
x-amz-cf-pop: ARN1-C1
x-powered-by: ASP.NET
etag: W/"2cfb9e0bc7dd71:0"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
via: 1.1 c908cbeaf223c80632fd467b8ff1278a.cloudfront.net (CloudFront)
cache-control: max-age=900
date: Mon, 13 Jun 2022 18:41:21 GMT
x-amz-cf-id: 8nR8w1rvkn_hgtarK-C8TPIJItIKLVkXjbEx6LM1Qmbd1aLsc4H86g==

GET
H/1.1 200
OK 9530a107-0af8-4204-a2c2-217efb78222b.js Show response
optanon.blob.core.windows.net/consent/ 140 KB
21 KB 332ms
79ms Script
application/x-javascript 52.239.137.4
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://optanon.blob.core.windows.net/consent/9530a107-0af8-4204-a2c2-217efb78222b.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.137.4 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: ec442600e3c090c1171e6d0aca38073cc048af3a7a301ec06bf933da6aa65c1b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 13 Jun 2022 18:41:21 GMT
Content-Encoding: GZIP
Last-Modified: Wed, 19 Aug 2020 23:29:25 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: NyuiOqvVdJMyWTtUb2ZlDA==
ETag: 0x8D84497B6030FBF
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
x-ms-request-id: 4692a8af-901e-0131-5555-7fc564000000
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control: public, max-age=14400
x-ms-version: 2009-09-19
Content-Length: 20591

GET
H2 200 bootstrap.js Show response
www.malwarebytes.com/js/ 74 KB
14 KB 654ms
377ms Script
application/javascript 2600:9000:21c3:da00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/js/bootstrap.js

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21c3:da00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

d4e61ea4aafc5da0b582e7e15077addf35379acc4b7b03df0128ed33ba589884

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
last-modified: Tue, 20 Jul 2021 22:24:54 GMT
server: Microsoft-IIS/10.0
x-amz-cf-pop: ARN1-C1
x-powered-by: ASP.NET
etag: W/"f29e8b10b67dd71:0"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
via: 1.1 c908cbeaf223c80632fd467b8ff1278a.cloudfront.net (CloudFront)
cache-control: max-age=900
date: Mon, 13 Jun 2022 18:41:21 GMT
x-amz-cf-id: 9ye3khs4a6_5TqRw4weOWA0eR4kovwHEnX6uOiSLhUWNZWYMr3lXuA==

GET
H2 200 respond.min.js Show response
www.malwarebytes.com/js/ie-fixes/ 4 KB
3 KB 743ms
467ms Script
application/javascript 2600:9000:21c3:da00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/js/ie-fixes/respond.min.js

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21c3:da00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

6252f8d40b521387483f57b7d0c812912a1d59ce038fdde2bcf67cf920486cac

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:22 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Tue, 20 Jul 2021 23:10:33 GMT
server: Microsoft-IIS/10.0
x-amz-cf-pop: ARN1-C1
x-powered-by: ASP.NET
etag: W/"3c795171bc7dd71:0"
strict-transport-security: max-age=63072000
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 c908cbeaf223c80632fd467b8ff1278a.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-id: HR0lgNzVT7YEFPpotQEAsf-nbRM_yIecPDmKeyJjmnQUXhOmJJ8hIQ==

GET
H2 200 modernizr.js Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/ 17 KB
7 KB 77ms
73ms Script
application/javascript 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/modernizr.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: da819542692b3f1c2a667ba34eff3465a82d9756953a1446ab7d0772f9b1edd5

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:21 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-434b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 nav-resize.js Show response
www.malwarebytes.com/js/ 12 KB
4 KB 631ms
356ms Script
application/javascript 2600:9000:21c3:da00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/js/nav-resize.js

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21c3:da00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

93e43a00cd73303f914fe90d7be15dc032f4796891b571bf6cd9d9f36f4c91eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
last-modified: Mon, 17 May 2021 00:58:50 GMT
server: Microsoft-IIS/10.0
x-amz-cf-pop: ARN1-C1
x-powered-by: ASP.NET
etag: W/"f16ddcccb74ad71:0"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
via: 1.1 c908cbeaf223c80632fd467b8ff1278a.cloudfront.net (CloudFront)
cache-control: max-age=900
date: Mon, 13 Jun 2022 18:41:22 GMT
x-amz-cf-id: 4doqH9fUhIAm8U6N7--lgfJ9Hjrc5XHo7gSfAH1EL2mPsVWaB0Luug==

GET
H2 200 flexibility.js Show response
www.malwarebytes.com/js/ 17 KB
6 KB 633ms
359ms Script
application/javascript 2600:9000:21c3:da00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/js/flexibility.js

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21c3:da00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

58c13e24cdfb6384c26836e3eac52d17701cd9d686c56ebf93efbbe9426f8cd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:21 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Tue, 20 Jul 2021 23:13:07 GMT
server: Microsoft-IIS/10.0
x-amz-cf-pop: ARN1-C1
x-powered-by: ASP.NET
etag: W/"4d1ec7ccbc7dd71:0"
strict-transport-security: max-age=63072000
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 c908cbeaf223c80632fd467b8ff1278a.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-id: S9XdeP5FPVMelmBKnPzOK-9-qGkONzPOaIDkbpB_J4Nk-Ksr8bmLpw==

GET
H2 200 global.js Show response
www.malwarebytes.com/js/ 21 KB
8 KB 808ms
533ms Script
application/javascript 2600:9000:21c3:da00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/js/global.js

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21c3:da00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

cabcba2fb0a11127afe1eba21cbdba800100f5a591ad7870aada8142379a955a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:22 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Tue, 05 Oct 2021 21:07:35 GMT
server: Microsoft-IIS/10.0
x-amz-cf-pop: ARN1-C1
x-powered-by: ASP.NET
etag: W/"a4be3752dbad71:0"
strict-transport-security: max-age=63072000
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 c908cbeaf223c80632fd467b8ff1278a.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-id: JQoq9yqZ3OeRvl4ySiE0lL-b5_SLVVroTF0RmSGRtciNp_k6MOjxJQ==

GET
H2 200 xs.js Show response
www.malwarebytes.com/js/ 9 KB
3 KB 636ms
362ms Script
application/javascript 2600:9000:21c3:da00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/js/xs.js

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21c3:da00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

c13527e6600d478c3cd7ae449acd6813e1c7209a97c0334702ee8d1a999a3a93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:22 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Tue, 20 Jul 2021 23:10:17 GMT
server: Microsoft-IIS/10.0
x-amz-cf-pop: ARN1-C1
x-powered-by: ASP.NET
etag: W/"f2378867bc7dd71:0"
strict-transport-security: max-age=63072000
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 c908cbeaf223c80632fd467b8ff1278a.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-id: 4gTivwvrw5GXL3c2kFWUtqiCv6XWx-kPCB8d01U0DnOZ9Oqbnov1MA==

GET
H2 200 search.js Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/ 1 KB
713 B 76ms
74ms Script
application/javascript 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/search.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 1dc2b8fb26c1a74260a66519a2a5fdf37a938d1b43bbe4d8da7fcd652acc61b9

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:21 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-55e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2

200

new-nav.css
www.malwarebytes.com/css/
Redirect Chain

https://www.malwarebytes.com/css/NEW-NAV.css
https://www.malwarebytes.com/css/new-nav.css

22 KB
4 KB

205ms
205ms

Stylesheet
text/css

2600:9000:21c3:da00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/css/new-nav.css

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Server

2600:9000:21c3:da00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

72622641b79819e5c8b5c0543d105a45e30f13b1a6c0b5c3701e72de5b57e427

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:22 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Thu, 22 Apr 2021 13:23:18 GMT
server: Microsoft-IIS/10.0
x-amz-cf-pop: ARN1-C1
x-powered-by: ASP.NET
etag: W/"55eeb1a87a37d71:0"
strict-transport-security: max-age=63072000
x-cache: Miss from cloudfront
content-type: text/css
via: 1.1 c908cbeaf223c80632fd467b8ff1278a.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-id: NSogcmolRZq07wVFWPZpE-5LI7CRmJYd5zp63tZ8yHs-6BivJNG17A==

Redirect headers

date: Mon, 13 Jun 2022 18:41:21 GMT
via: 1.1 c908cbeaf223c80632fd467b8ff1278a.cloudfront.net (CloudFront)
server: Microsoft-IIS/10.0
x-amz-cf-pop: ARN1-C1
x-powered-by: ASP.NET
strict-transport-security: max-age=63072000
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
location: https://www.malwarebytes.com/css/new-nav.css
cache-control: max-age=900
content-length: 167
x-amz-cf-id: fXJeJM52tiShqTbstV2RK0aMocu4cdIp4p0AGl_iVN27M3RkE66Q0A==

GET
H2 200 new-nav.js Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/ 6 KB
2 KB 76ms
74ms Script
application/javascript 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/new-nav.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2feca220db689e3d611ba517005ab3f14924016f9d133c57d5b22073560090e5

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:21 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-1734"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 call-to-action.min.js Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/ 2 KB
854 B 76ms
74ms Script
application/javascript 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/call-to-action.min.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 523d1af6ce4ee7e7193dd9d3f8b2145f525349131492d2defc81cbd653249e1a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:21 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-616"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 arrow.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/refreshed_homepage/ 2 KB
1 KB 65ms
57ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/refreshed_homepage/arrow.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: ad15e02b8d9bee31a51c502cff1977983fa2c8103b769db7ab097750f34016a9

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-94e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 personal-icon.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/ 2 KB
1 KB 65ms
57ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/personal-icon.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 9d815528e2ed7985b63e839cbeb0b684e1fa8da87da3c1a0962b1eecfe437614

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-6f4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 pricing-icon.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/ 2 KB
1022 B 66ms
58ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/pricing-icon.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 21da5195f86350f2b52a0ee70a668d4f72542d0413b57dd84f06593e0e0f7207

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-73c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 smb.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/nav/ 2 KB
1 KB 66ms
59ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/nav/smb.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 80f0eb912943ad0deab2ad7a8125b7404b726bac65dca9e6be97b063ca490662

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-9ac"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 buy-label.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/nav/ 3 KB
1 KB 67ms
59ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/nav/buy-label.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: b569dd28a56f53339cc04cc2e251dcfb426262bd7ad60ed44cc35da0dd3b2cc6

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-aa1"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 mid-size.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/nav/ 1 KB
1011 B 67ms
60ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/nav/mid-size.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 7e6aa30a919ae381fbcf4d4d6f970531bf513bf0847097e7927123bf032b0f09

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-5d2"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 large-ent.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/nav/ 2 KB
1 KB 68ms
60ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/nav/large-ent.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 5d09ea31b4f26497480482f539fdc221990ae192c8b8be5002f4f2b9bef26876

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-7bd"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 new.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/nav/ 1 KB
772 B 68ms
61ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/nav/new.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 542f9b9f9ed17fb168e1a1ce299413085d6559f316742f95ad22a291ffd67ffc

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-45d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 call.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/nav/ 2 KB
1 KB 70ms
63ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/nav/call.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: e2adf740376f608d5a3b6977b793a5e1c92c4de9e0a792921b8e24476e56c9ed

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-679"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 partner-icon.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/ 4 KB
2 KB 70ms
64ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/partner-icon.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: f8869aa9427c07872b91f3bb5485a65a0e389302f54ad6fe1b684c59d97d154a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-116b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 optimus-systems.webp
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/partners/ 2 KB
2 KB 75ms
68ms Image
image/webp 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/partners/optimus-systems.webp
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8528b83134ef333f8b4f3b722f422569b5121e6fa817c9942bcbb91f5f61ea93

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: "628560a5-728"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 1832

GET
H2 200 rsa2021.jpg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/ 27 KB
28 KB 90ms
83ms Image
image/jpeg 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/rsa2021.jpg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8a849c6ffa64946fefa17e874080dea467783d0e20857bbfbb23480739625648

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: "628560a5-6d66"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 28006

GET
H2 200 watch-personal-icon.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/ 1 KB
830 B 92ms
86ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/watch-personal-icon.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: fa07bfad3039513f81cc0551de10a79c7c823bce84a5fbfba5a547f96479a367

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-4f9"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 watch-business-icon.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/ 1 KB
824 B 92ms
86ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/watch-business-icon.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 361aabb783830d45d3de5f19c4fe47d295e11518fb0279dd99d589eea8d43319

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-504"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 privacy.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/ 4 KB
2 KB 93ms
87ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/privacy.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 0d8ac30d9520ce94e0246020e4bff9b6fea04f92ac0b5f09c7346104b9f5772a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-10a3"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 search.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/ 296 B
438 B 93ms
87ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/search.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8f796d398e512c5d19a2fecc943d19a204927ff3cf9ec2cb3f75a025535268cd

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-128"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 global_mwb.min.js Show response
www.malwarebytes.com/js/ 21 KB
7 KB 206ms
206ms Script
application/javascript 2600:9000:21c3:da00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/js/global_mwb.min.js?v=34556

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21c3:da00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

88281e6b9cf0efb09fede75df77011dc82b84f67deb77aea241d2ea006b2ed23

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:22 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Wed, 01 Jun 2022 19:05:52 GMT
server: Microsoft-IIS/10.0
x-amz-cf-pop: ARN1-C1
x-powered-by: ASP.NET
etag: W/"10b81e9dea75d81:0"
strict-transport-security: max-age=63072000
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 c908cbeaf223c80632fd467b8ff1278a.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-id: sAqlI-MfjU8v2NSqeaQeQjP7L0BcA04jiu1aCymrylGswYaNrXxB5A==

GET
H2 200 user.min.js Show response
www.malwarebytes.com/js/personalization/ 3 KB
1 KB 204ms
204ms Script
application/javascript 2600:9000:21c3:da00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/js/personalization/user.min.js?v=141053055

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21c3:da00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

89bb46ca9e1665e0e34f98ad788396746a1c65545b92674a150d397e1ae26374

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
last-modified: Tue, 07 Jun 2022 21:08:57 GMT
server: Microsoft-IIS/10.0
x-amz-cf-pop: ARN1-C1
x-powered-by: ASP.NET
etag: W/"8c407cdb27ad81:0"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
via: 1.1 c908cbeaf223c80632fd467b8ff1278a.cloudfront.net (CloudFront)
cache-control: max-age=900
date: Mon, 13 Jun 2022 18:41:22 GMT
x-amz-cf-id: 3PfgPOqyMIMSW5st_gi51RPMdzOLHzqsVq8BCFhZAL_KI_IRi-vfZw==

GET
H2 200 styles.promobanners.min.css
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/ 3 KB
1019 B 34ms
27ms Stylesheet
text/css 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/styles.promobanners.min.css
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: a6453b0bf49115380414b0823f6b4c5e699b7d0ea86bd6ce1ca6aad56e24e394

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-a76"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 close.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/ 868 B
708 B 94ms
88ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/close.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 4f7da1e8c51daecdde094d37ad6ed35f3f70a3a0026d7df53cc88e4533a69f87

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-364"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 promo-banner.min.js Show response
www.malwarebytes.com/components/promo-banner/ 1 KB
901 B 440ms
431ms Script
application/javascript 2600:9000:21c3:da00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/components/promo-banner/promo-banner.min.js?v=277391195

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21c3:da00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

af479055d8ab71820312f479d3ae324f2ed82c2fc68ef07c5bf6843720dc046d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:22 GMT
content-encoding: gzip
etag: W/"35e296206969d81:0"
last-modified: Mon, 16 May 2022 21:08:44 GMT
server: Microsoft-IIS/10.0
x-amz-cf-pop: ARN1-C1
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 c908cbeaf223c80632fd467b8ff1278a.cloudfront.net (CloudFront)
cache-control: max-age=900
strict-transport-security: max-age=63072000
x-amz-cf-id: 4qcBgrP6l5OGMzU9aXdo3V9Oq12hymonmQckW3oRs0AyEsDjJjEntw==

GET
H2 200 nodiscountcountries.js Show response
www.malwarebytes.com/js/ecommerce/ 499 B
890 B 218ms
210ms Script
application/javascript 2600:9000:21c3:da00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/js/ecommerce/nodiscountcountries.js

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21c3:da00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

7961789aed44f7b97f6f755bfae322b38dd398de4a1022821c7be836a47f01f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:22 GMT
via: 1.1 c908cbeaf223c80632fd467b8ff1278a.cloudfront.net (CloudFront)
etag: "996235a7cf0d71:0"
last-modified: Mon, 13 Dec 2021 23:49:16 GMT
server: Microsoft-IIS/10.0
x-amz-cf-pop: ARN1-C1
x-powered-by: ASP.NET
strict-transport-security: max-age=63072000
x-cache: Miss from cloudfront
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 499
x-amz-cf-id: D5lD-0SbthcEeDVarXHhFvLuOVgq0AjQurfBD0hkgGuA9MPYA1Cvgg==

GET
H2 200 wp-emoji-release.min.js Show response
blog.malwarebytes.com/wp-includes/js/ 18 KB
5 KB 94ms
88ms Script
application/javascript 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/wp-emoji-release.min.js?ver=5.9.3
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Tue, 08 Jun 2021 22:15:12 GMT
server: nginx
etag: W/"60bfebf0-4705"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 shutterstock_668030038-900x506.jpg
blog.malwarebytes.com/wp-content/uploads/2019/07/ 50 KB
50 KB 94ms
89ms Image
image/jpeg 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2019/07/shutterstock_668030038-900x506.jpg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: c3e32d63e4418902f8403a5745a0b97a8c578eb8d6a463e8d883da910a21b4ce

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
last-modified: Thu, 18 Jul 2019 16:42:10 GMT
server: nginx
etag: "5d30a162-c7ec"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 51180

GET
H2 200 mwb-telemetry-sodinokibi-2-600x313.png
blog.malwarebytes.com/wp-content/uploads/2019/07/ 45 KB
46 KB 94ms
89ms Image
image/png 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2019/07/mwb-telemetry-sodinokibi-2-600x313.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 636193ff074c00d5efbd27ff1699439723e7f62ad10a57bf2af36a715269ec2e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
last-modified: Mon, 22 Jul 2019 14:12:37 GMT
server: nginx
etag: "5d35c455-b5bb"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 46523

GET
H2 200 labs-nav.js Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/ 493 B
413 B 40ms
31ms Script
application/javascript 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/labs-nav.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 19333622f176d68bc17e307d8df96b15447864fbb0bbaac495e507fa64d96077

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-1ed"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 contributors.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 910 B
743 B 95ms
90ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/contributors.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 6429fe0ed81fca5f6bb18cb0a0aacae3bd9de79192635aeed4cbda438139d75d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-38e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 threat-center.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 2 KB
852 B 95ms
90ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/threat-center.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 32d4b293bb7f25a21cc44e81184d4bbcb3bdd1837e026b98ed0ad85b3b1a5292

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-812"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 podcast.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 3 KB
1 KB 95ms
90ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/podcast.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: c2b61a7c5b7861eb46842ccf373e2524d90d14034f5d56e92ad50f27756156b0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-bc7"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 glossary.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 760 B
654 B 95ms
91ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/glossary.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: b4e6efb587f3fdfb8155148201d0c51ac95d249a6727e8256acdfe624ade69af

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-2f8"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 scams.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 842 B
698 B 96ms
91ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/scams.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 05a173cb58022e81eb499529ac56df6ad7bafe1c61b8128dca8b76f300b5b60e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-34a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 write.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 615 B
585 B 96ms
91ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/write.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: a6a97c4046257c7e4e063c9f76434c7ce2c1f105e46b07424fabfc054f2d4d24

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-267"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 ic-pin-map.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 1 KB
821 B 96ms
92ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ic-pin-map.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 928759d761adf61723feb7a9affc2b058cc9d5044831da66fcadd823e265ab1c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-45a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 world.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 4 KB
2 KB 66ms
62ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/world.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 05369fa3ab175c5ba5e63b7c60a872a64f82ddcb1de6a950d73004ed25930e69

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-1019"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 swiper-bundle.css
blog.malwarebytes.com/wp-content/plugins/jetpack/modules/carousel/ 14 KB
4 KB 40ms
31ms Stylesheet
text/css 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/jetpack/modules/carousel/swiper-bundle.css?ver=10.6
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 78e3802122f7016333437f9908ad30173eb681234d9ed7ebd74490abc525c8b7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Tue, 22 Feb 2022 22:04:01 GMT
server: nginx
etag: W/"62155dd1-375b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jetpack-carousel.css
blog.malwarebytes.com/wp-content/plugins/jetpack/modules/carousel/ 23 KB
5 KB 41ms
32ms Stylesheet
text/css 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/jetpack/modules/carousel/jetpack-carousel.css?ver=10.6
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 5b06b85bdf477d92de6f3c9e7c037b4d679f0b17bb633ca659c50bd630f29d09

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Tue, 22 Feb 2022 22:04:01 GMT
server: nginx
etag: W/"62155dd1-5bf6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 gprofiles.js Show response
secure.gravatar.com/js/ 23 KB
7 KB 24ms
4ms Script
application/javascript 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.gravatar.com/js/gprofiles.js?ver=202224
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: b8ddfe2786718750e37a2a7d2841e4e6a110a1877e21a03675d47c591d4a7f03

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Fri, 25 Feb 2022 16:03:16 GMT
server: nginx
etag: W/"6218fdc4-5df8"
content-type: application/javascript
cache-control: max-age=604800
expires: Mon, 20 Jun 2022 18:41:23 GMT

GET
H2 200 wpgroho.js Show response
blog.malwarebytes.com/wp-content/plugins/jetpack/modules/ 2 KB
1021 B 41ms
33ms Script
application/javascript 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/jetpack/modules/wpgroho.js?ver=10.6
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: ccd911729403decd6e3b74702fdc4d2c1b1e3ecf35a147f7e5373669932cc708

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Tue, 22 Feb 2022 22:04:00 GMT
server: nginx
etag: W/"62155dd0-7a1"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 imagesloaded.min.js Show response
blog.malwarebytes.com/wp-includes/js/ 5 KB
2 KB 42ms
33ms Script
application/javascript 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
server: nginx
etag: W/"5ee520a7-15fd"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 masonry.min.js Show response
blog.malwarebytes.com/wp-includes/js/ 24 KB
8 KB 42ms
34ms Script
application/javascript 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/masonry.min.js?ver=4.2.2
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
server: nginx
etag: W/"5ee520a7-5e4a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jquery.masonry.min.js Show response
blog.malwarebytes.com/wp-includes/js/jquery/ 2 KB
915 B 43ms
35ms Script
application/javascript 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: c2e606e1fc82ea3a554aad5d0520e25d2677b89a891dc5c49e7ace08fce92e25

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Thu, 18 Aug 2016 18:55:30 GMT
server: nginx
etag: W/"57b604a2-71b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 functions.js Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/ 2 KB
1 KB 43ms
35ms Script
application/javascript 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/functions.js?ver=2013-07-18
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 9fcb181721162ce0d395b7b9b1e5bb5ca82c5f79bde749d4d0467ec2e65fcb4a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-8f9"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jetpack-carousel.min.js Show response
blog.malwarebytes.com/wp-content/plugins/jetpack/_inc/build/carousel/ 24 KB
8 KB 62ms
54ms Script
application/javascript 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/plugins/jetpack/_inc/build/carousel/jetpack-carousel.min.js?ver=10.6
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 3d934946e478053820ccfc2e9902822114dc8c40e26669d9742c9fe6524ee661

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Tue, 22 Feb 2022 22:04:01 GMT
server: nginx
etag: W/"62155dd1-5eb7"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 standard-search-results-footer.js Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/ 2 KB
772 B 64ms
57ms Script
application/javascript 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/js/standard-search-results-footer.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 1532b16aa9cd1fef51c097aaf1abeac6cb6f239b026660e7105e49f4ae6549ff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-704"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H/1.1 200
OK optanon.css
optanon.blob.core.windows.net/skins/6.4.0/default_flat_bottom_two_button_white/v2/css/ 23 KB
6 KB 77ms
76ms Stylesheet
text/css 52.239.137.4
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://optanon.blob.core.windows.net/skins/6.4.0/default_flat_bottom_two_button_white/v2/css/optanon.css
Requested by: Host: optanon.blob.core.windows.net
URL: https://optanon.blob.core.windows.net/consent/9530a107-0af8-4204-a2c2-217efb78222b.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.239.137.4 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 8c20518cd7e51066b82e8a8a1e8035210741cf808c02268915747960f531061c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 13 Jun 2022 18:41:21 GMT
Content-Encoding: gzip
Last-Modified: Thu, 13 Aug 2020 04:48:01 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: E062TbpGx6vwVsuuNM/jFw==
ETag: 0x8D83F440F482A65
Content-Type: text/css
Access-Control-Allow-Origin: *
x-ms-request-id: 4692a9d7-901e-0131-5155-7fc564000000
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
Content-Length: 5561

GET
H2 200 EU Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/countries/ 33 B
257 B 78ms
52ms Script
text/javascript 2606:4700:10::6814:b944
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/countries/EU?callback=jQuery111307610516875657192_1655145682730&_=1655145682731

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/js/jquery-1.11.3.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74a177fc1af5246cc572eefeace79f1466d87bf27daf0f35aa2a601f15aac156

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 71acf5c70ac91791-EWR
content-length: 33

GET
H2 200 Locator-Light.woff
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/ 29 KB
29 KB 33ms
32ms Font
font/woff 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/Locator-Light.woff
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: ed2491fc7526ff0b5cfec3fe6f4cf8153796520fc845b735286b0f42183da98a

Request headers

Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Origin: https://blog.malwarebytes.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:22 GMT
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: "628560a5-7330"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 29488

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 295 KB
92 KB 42ms
20ms Script
application/javascript 2607:f8b0:4006:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2008 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

abfe43c323c4fd1dfabecdfff6aa005b8865d5f5dfa6eeb64bea435eed478bec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 94037
x-xss-protection: 0
last-modified: Mon, 13 Jun 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 13 Jun 2022 18:41:23 GMT

GET
H2 200 Graphik-Light.otf
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/ 132 KB
132 KB 65ms
64ms Font
application/octet-stream 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/Graphik-Light.otf
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 30b410ec60b2dda5e521206ed5b3a9318922f62828db7409240f047f21593bcc

Request headers

Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Origin: https://blog.malwarebytes.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: "628560a5-20e60"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 134752

GET
H2 200 Graphik-Medium.otf
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/ 134 KB
135 KB 86ms
85ms Font
application/octet-stream 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/Graphik-Medium.otf
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: a7d4e6165ce4042167fcaaa0623eab885d6992458eb05c4fc74184cee79a9eb3

Request headers

Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Origin: https://blog.malwarebytes.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: "628560a5-219c0"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 137664

GET
H2 200 box-link-rings-personal.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/backgrounds/ 1 KB
813 B 74ms
74ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/backgrounds/box-link-rings-personal.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2409f262a4b65de1c6867ad7d607898380900587b69a60b881a9b888bd53e625

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-52c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 Graphik-Regular.otf
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/ 128 KB
128 KB 72ms
72ms Font
application/octet-stream 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/Graphik-Regular.otf
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: f575112df5398271c1f04b48a995ccc6e17d69730e37304078178d46781152da

Request headers

Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Origin: https://blog.malwarebytes.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: "628560a5-20084"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 131204

GET
H2 200 Locator-Medium.woff
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/ 29 KB
29 KB 36ms
36ms Font
font/woff 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/Locator-Medium.woff
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: a52bbdb7b132e850fdaf5740012fcc0bc3f6ef0be520bc4b987d8761d40d015a

Request headers

Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Origin: https://blog.malwarebytes.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: "628560a5-734c"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 29516

GET
H2 200 socicon.woff
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/ 20 KB
20 KB 37ms
37ms Font
font/woff 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/socicon.woff
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 0ed37960a59a6ec6b443f9ef043864d09a51db6fd276ae578d9166467bf986d1

Request headers

Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Origin: https://blog.malwarebytes.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: "628560a5-4ff8"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 20472

GET
H2 200 wai.gif Show response
genesis.malwarebytes.com/api/v1/ 412 B
594 B 50ms
14ms XHR
application/json 54.243.245.81
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://genesis.malwarebytes.com/api/v1/wai.gif
Requested by: Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/js/global_mwb.min.js?v=34556
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.243.245.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-243-245-81.compute-1.amazonaws.com
Software: /
Resource Hash: 5db6c253c402042fd6a9f8163882a54a5b12090a8bacf2e422288338b4cb0d1d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-origin: https://blog.malwarebytes.com
date: Mon, 13 Jun 2022 18:41:23 GMT
content-length: 412
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 203 KB
72 KB 21ms
20ms Script
application/javascript 2607:f8b0:4006:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-K8KCHE3KSC&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2008 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

40836d2f7b903644cc6bd00e253ac70d500b250d3fbb361fca8941aaccc2bb42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 73579
x-xss-protection: 0
expires: Mon, 13 Jun 2022 18:41:23 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 100 KB
26 KB 19ms
5ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3d79854e01d0c79408c548889dcfddd23e4ef10f11c698c831b570573ee13b97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26344
x-xss-protection: 0
pragma: public
x-fb-debug: 4qD+yjcKvJ7XVVBK/s4prF4ZO8iwSn4uc43OB380PWtY6PVAcl+JDvNNcNDu28YavMIbKMzsWkEY2qaQ1UIHtA==
x-fb-trip-id: 1512268381
x-frame-options: DENY
date: Mon, 13 Jun 2022 18:41:23 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 25ms
5ms Script
text/javascript 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 7051
date: Mon, 13 Jun 2022 16:43:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 13 Jun 2022 18:43:52 GMT

GET
H2 200 web-vitals.umd.js Show response
unpkg.com/web-vitals@1.1.0/dist/ 4 KB
2 KB 54ms
20ms Script
application/javascript 2606:4700::6810:7caf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/web-vitals@1.1.0/dist/web-vitals.umd.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7caf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22f39a41a30342a5c51d150be48c4726245655a560d154af893337d1ae953f62

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 14901953
fly-request-id: 01FQK2A6A52VT8XXK7SFXX7JAZ
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"1060-9qPq4bqeRCeFWudNuS98Bp0PQDY"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 71acf5c8a9138c33-EWR

GET
H2 200 a-06kg.min.js Show response
b-code.liadm.com/ 27 KB
10 KB 303ms
99ms Script
application/javascript 2600:9000:20fc:be00:8:8845:1500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://b-code.liadm.com/a-06kg.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20fc:be00:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: a5d0b07c0a2ab31987cc081973636f62b6b625771d930e650cf72147f70b3420

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 02:50:32 GMT
via: 1.1 52bb5852b1acec80b918512e69d8f7dc.cloudfront.net (CloudFront)
age: 57051
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=86400
x-amz-cf-pop: ARN54-C1
content-encoding: gzip
x-amz-cf-id: fAw5Gl2pM5STyDClueyIrkPj6q9BaJ7GJnf4QElmgPMREA4k66mO5A==

GET
H3 200 identity.js Show response
connect.facebook.net/signals/plugins/ 63 KB
20 KB 13ms
5ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/identity.js?v=2.9.62

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e547fe50a764e43c4a31eee65d715869f35c7ad8d781584453561b87c4fcf7f3

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 20460
x-xss-protection: 0
pragma: public
x-fb-debug: fdpo4nfxzqjpgb2Ozc0jyo/GfJGJGytGQUtuUHa2mdOrrtq/+Y0+Zud2SAR/X6KA755TfwJem7dg8B0p3HHhvw==
x-frame-options: DENY
date: Mon, 13 Jun 2022 18:41:23 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 1480959392203028 Show response
connect.facebook.net/signals/config/ 291 KB
84 KB 16ms
9ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1480959392203028?v=2.9.62&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

43fd285ef1f2a9d088bedf7c9d508e4fecd80de8fc87794cc8bd097731e16205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 85516
x-xss-protection: 0
pragma: private
x-fb-debug: B4/S1vzu4w4fyah24Ecmhxyagp39ZToLfz09WCC9otIsoH4rOJ3VlgWK/ZPIOsxPcm4u2dPICWd3GBLmR/O7NQ==
x-frame-options: DENY
date: Mon, 13 Jun 2022 18:41:23 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: private
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 31ms
18ms Ping
text/plain 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-K8KCHE3KSC&gtm=2oe680&_p=1507731229&_z=ccd.tdB&cid=1739465330.1655145683&ul=en-us&sr=1600x1200&_s=1&sid=1655145683&sct=1&seg=0&dl=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void%2F&dt=%5BUPDATED%5D%20Threat%20Spotlight%3A%20Sodinokibi%2FREvil%20ransomware%20%7C%20Malwarebytes%20Labs&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K8KCHE3KSC&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81e::200e Mullica Hill, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 18:41:23 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.malwarebytes.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
884 B 7ms
6ms Script
text/javascript 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 17:54:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2795
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 13 Jun 2022 18:54:48 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
408 B 18ms
5ms Image
image/gif 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1480959392203028&ev=PageView&dl=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void%2F&rl=&if=false&ts=1655145683380&sw=1600&sh=1200&v=2.9.62&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=30&fbp=fb.1.1655145683379.1838120990&it=1655145683295&coo=false&tm=1&exp=p0&rqm=GET

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Mon, 13 Jun 2022 18:41:23 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 2 B
444 B 43ms
19ms XHR
text/plain 2607:f8b0:4004:c09::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-3347303-10&cid=1739465330.1655145683&jid=325051884&uid=CB0893BE-A86B-47EB-BB3F-A29AC96D709C&gjid=717701288&_gid=89761494.1655145683&_u=aCDAgEAjAAAAAE~&z=535497805

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::9d Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.malwarebytes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 13 Jun 2022 18:41:23 GMT
content-type: text/plain
access-control-allow-origin: https://blog.malwarebytes.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 5ms
5ms Image
image/gif 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1507731229&t=pageview&_s=1&dl=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void%2F&ul=en-us&de=UTF-8&dt=%5BUPDATED%5D%20Threat%20Spotlight%3A%20Sodinokibi%2FREvil%20ransomware%20%7C%20Malwarebytes%20Labs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCDAgEAj~&jid=325051884&gjid=717701288&cid=1739465330.1655145683&uid=CB0893BE-A86B-47EB-BB3F-A29AC96D709C&tid=UA-3347303-10&_gid=89761494.1655145683&gtm=2wg680MKSKW3&z=1158456113

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 04:43:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 50299
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 45ms
28ms Image
image/gif 2607:f8b0:4006:80c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3347303-10&cid=1739465330.1655145683&jid=325051884&_u=aCDAgEAjAAAAAE~&z=343156035

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2004 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 18:41:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gandcrab-farewell-by-damian-600x195.png
blog.malwarebytes.com/wp-content/uploads/2019/07/ 47 KB
47 KB 32ms
31ms Image
image/png 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2019/07/gandcrab-farewell-by-damian-600x195.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: ff0f8a9d7c8d5afa884a52772752f76ab0abda9fdcd6bffc40da366ebb6369d8

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
last-modified: Thu, 18 Jul 2019 17:04:53 GMT
server: nginx
etag: "5d30a6b5-bb17"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 47895

GET
H2 200 sodin-versions-with-dates.png
blog.malwarebytes.com/wp-content/uploads/2019/07/ 5 KB
5 KB 43ms
42ms Image
image/png 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2019/07/sodin-versions-with-dates.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: f0169c64a3d3266916052f8ac73d4960e7148eb3886125300b00b3e8d2e50dc2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
last-modified: Thu, 18 Jul 2019 17:07:04 GMT
server: nginx
etag: "5d30a738-1385"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 4997

GET
H2 200 instagram_icon.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/ 5 KB
2 KB 33ms
32ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/icons/instagram_icon.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: 5b62da3ed3fe1c94582c2a75526716000f7361ff70c0cc41aae4ee8212735c3e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-1225"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 ic-search.svg
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ 601 B
604 B 51ms
50ms Image
image/svg+xml 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/footer/ic-search.svg
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: d6f36a088f7c6dc6459a02c048b23e2407bf38a5249ecbc9547be2fce143f63a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: W/"628560a5-259"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 Locator-LightItalic.woff
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/ 30 KB
30 KB 33ms
33ms Font
font/woff 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/css/fonts/Locator-LightItalic.woff
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: ad2cc26b0fdde8f4eb637ed12b25364e85af0bfba227dad42cb997ff4ad23eeb

Request headers

Referer: https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/style.css?05-11-2021
Origin: https://blog.malwarebytes.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
last-modified: Wed, 18 May 2022 21:09:57 GMT
server: nginx
etag: "628560a5-7888"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 30856

GET
H2 200 f7ebd803bc18a18cd5f945f7148298b1
secure.gravatar.com/avatar/ 12 KB
12 KB 5ms
5ms Image
image/png 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/f7ebd803bc18a18cd5f945f7148298b1?s=96&d=identicon&r=g
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: c41517c93c6eb23ffc0a81503d8ed79cab09157c5f9b7b335d20bd974ed9a2a4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-nc: HIT ewr 2
date: Mon, 13 Jun 2022 18:41:23 GMT
last-modified: Tue, 04 Apr 2017 14:57:08 GMT
server: nginx
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="f7ebd803bc18a18cd5f945f7148298b1.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/f7ebd803bc18a18cd5f945f7148298b1?s=96&d=identicon&r=g>; rel="canonical"
content-length: 12028
expires: Mon, 13 Jun 2022 18:46:23 GMT

GET
H2 200 wai.gif Show response
genesis.malwarebytes.com/api/v1/ 412 B
593 B 15ms
14ms XHR
application/json 54.243.245.81
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://genesis.malwarebytes.com/api/v1/wai.gif
Requested by: Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/js/jquery-1.11.3.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.243.245.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-243-245-81.compute-1.amazonaws.com
Software: /
Resource Hash: 5db6c253c402042fd6a9f8163882a54a5b12090a8bacf2e422288338b4cb0d1d

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://blog.malwarebytes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-origin: https://blog.malwarebytes.com
date: Mon, 13 Jun 2022 18:41:23 GMT
content-length: 412
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json

GET
H2 200 Sodinokibi_infected-600x356.png
blog.malwarebytes.com/wp-content/uploads/2019/07/ 165 KB
166 KB 31ms
31ms Image
image/png 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.malwarebytes.com/wp-content/uploads/2019/07/Sodinokibi_infected-600x356.png
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 3.198.211.130.bc.googleusercontent.com
Software: nginx /
Resource Hash: e38eb259db1bb15b109bf536821a63941324e3505bc281beef61773b3fcd6528

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
last-modified: Thu, 18 Jul 2019 17:10:57 GMT
server: nginx
etag: "5d30a821-2949f"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 169119

GET
H2 200 / Show response
blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/ 2 KB
1 KB 46ms
45ms XHR
application/json 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/?relatedposts=1

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/wp-content/plugins/jetpack/_inc/build/related-posts/related-posts.min.js?ver=20211209

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

3.198.211.130.bc.googleusercontent.com

Software

nginx / WP Engine

Resource Hash

e23cc6f324b85c89550c0f752799f5d05441b46cc301ec1e492c5347af641393

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors none;
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
x-requested-with: XMLHttpRequest
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-pingback: https://blog.malwarebytes.com/xmlrpc.php
date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cacheable: SHORT
server: nginx
x-powered-by: WP Engine
x-frame-options: DENY
x-cache: HIT: 1
content-type: application/json; charset=utf-8
cache-control: max-age=600, must-revalidate
content-security-policy: frame-ancestors none;
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
x-cache-group: normal

GET
H2 200 pillarpages.json Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/ 100 B
414 B 37ms
37ms XHR
application/json 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/pillarpages.json

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/js/jquery-1.11.3.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

3.198.211.130.bc.googleusercontent.com

Software

nginx / WP Engine

Resource Hash

7e9bcd405af64ba784d4ead6dba8ed5c146a22c5bb6f264e756e3ded19a6fb6f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors none;
X-Frame-Options	DENY

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
X-Requested-With: XMLHttpRequest
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
vary: Accept-Encoding,Cookie
last-modified: Mon, 13 Jun 2022 18:33:58 GMT
server: nginx
x-cacheable: SHORT
x-powered-by: WP Engine
etag: W/"64-5e15888043dc0"
x-frame-options: DENY
x-cache: HIT: 243
content-type: application/json
cache-control: max-age=600, must-revalidate
content-security-policy: frame-ancestors none;
accept-ranges: bytes
content-length: 100
x-cache-group: normal

GET
H2 200 intl-sites.json Show response
blog.malwarebytes.com/wp-content/themes/mb-labs-theme/ 890 B
630 B 36ms
36ms XHR
application/json 130.211.198.3
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/intl-sites.json

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/js/jquery-1.11.3.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

130.211.198.3 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

3.198.211.130.bc.googleusercontent.com

Software

nginx / WP Engine

Resource Hash

728054ccf1f41ec0afdb688b6db421601bb60d505d9e1e2c2de16d9e4a14b774

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors none;
X-Frame-Options	DENY

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
X-Requested-With: XMLHttpRequest
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
last-modified: Mon, 13 Jun 2022 18:33:58 GMT
server: nginx
x-cacheable: SHORT
x-powered-by: WP Engine
etag: W/"37a-5e1588804da02"
x-frame-options: DENY
x-cache: HIT: 241
content-type: application/json
cache-control: max-age=600, must-revalidate
content-security-policy: frame-ancestors none;
x-cache-group: normal

GET
H2 200 hovercard.min.css
secure.gravatar.com/dist/css/ 8 KB
2 KB 5ms
5ms Stylesheet
text/css 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.gravatar.com/dist/css/hovercard.min.css?ver=202224
Requested by: Host: secure.gravatar.com
URL: https://secure.gravatar.com/js/gprofiles.js?ver=202224
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1a0b51af7ff79f11c0a779bf478304fa451ac5587675952b8378b47f0a97504d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Wed, 11 Nov 2020 15:57:10 GMT
server: nginx
etag: W/"5fac09d6-1e86"
content-type: text/css
cache-control: max-age=604800
expires: Mon, 20 Jun 2022 18:41:23 GMT

GET
H2 200 services.min.css
secure.gravatar.com/dist/css/ 3 KB
582 B 5ms
5ms Stylesheet
text/css 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.gravatar.com/dist/css/services.min.css?ver=202224
Requested by: Host: secure.gravatar.com
URL: https://secure.gravatar.com/js/gprofiles.js?ver=202224
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e9fc9b1878db1b13b973252b048d19a17abb34a8da464a552c6d401728ed1e86

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
last-modified: Thu, 22 Mar 2018 09:46:04 GMT
server: nginx
etag: W/"5ab37b5c-a54"
content-type: text/css
cache-control: max-age=604800
expires: Mon, 20 Jun 2022 18:41:23 GMT

GET
H2 200 core.js Show response
s.pinimg.com/ct/ 1 KB
1 KB 47ms
11ms Script
application/javascript 2a04:4e42:79::84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/core.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:79::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: f17de407562ed5814892a1b44c6e349761f067cf6f2360ebe2aef4f03a5bea4e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
fastly-restarts: 1
x-cdn: fastly
etag: "c4a0eea377c5e0da574e46f4d6e838e5"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=7200
content-length: 1142
access-control-expose-headers: X-CDN

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 29ms
6ms Script
application/x-javascript 2600:141b:13::17d7:82d9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:13::17d7:82d9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 13 Jun 2022 18:41:23 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Apr 2022 23:25:22 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=47307
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3085

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 45ms
21ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Wed, 09 Feb 2022 23:54:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 231C0FA48C144D26A2621BAFC6C392C9 Ref B: EWR311000106049 Ref C: 2022-06-13T18:41:23Z
etag: "806a236c101ed81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
date: Mon, 13 Jun 2022 18:41:23 GMT
accept-ranges: bytes
content-length: 11333

GET
H2 200 HWyTnY16.min.js Show response
scripts.demandbase.com/ 68 KB
19 KB 513ms
111ms Script
application/javascript 65.9.44.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://scripts.demandbase.com/HWyTnY16.min.js

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.44.119 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-44-119.arn54.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

821b2e61ecdbbd3e8e5272ede8ba824140773b2e54e29ed32d954d56f0c2ea5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-version-id: scSJhFCUQVGRPLVZniTnw3g3rCsBOoq0
content-encoding: gzip
etag: W/"268a61f1e6bae01e59aad72777653570"
age: 3162
x-cache: Hit from cloudfront
vary: Accept-Encoding
last-modified: Wed, 04 May 2022 20:23:15 GMT
server: AmazonS3
date: Mon, 13 Jun 2022 17:52:58 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
via: 1.1 9dc04feb591f6b5ae6ea4527a23d28da.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: z_3fORE5E84GJCO0dyK48Nh-3z6ntVStLpnsOMPgXDwWdX6fbizUEQ==

GET
H2 200 demandbase-forms.js Show response
www.malwarebytes.com/js/ 3 KB
1 KB 208ms
207ms Script
application/javascript 2600:9000:21c3:da00:16:26c7:ff80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/js/demandbase-forms.js?d=2020-02-04-15-03-08--0800

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21c3:da00:16:26c7:ff80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

5576e25dd8a4d45e90da43e0f127c4efb4d16eebcb7a1bc55fbb66e7cf504f9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Tue, 20 Jul 2021 23:12:41 GMT
server: Microsoft-IIS/10.0
x-amz-cf-pop: ARN1-C1
x-powered-by: ASP.NET
etag: W/"83427fbdbc7dd71:0"
strict-transport-security: max-age=63072000
x-cache: Miss from cloudfront
content-type: application/javascript
via: 1.1 c908cbeaf223c80632fd467b8ff1278a.cloudfront.net (CloudFront)
cache-control: max-age=900
x-amz-cf-id: o9GcSNJJEAE5grn64ZJkvuxphe63Ky41ghHZqY8yakJNteIhpuz2xg==

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 109 KB
42 KB 22ms
22ms Script
application/javascript 2607:f8b0:4006:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-930356311

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2008 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a46e75c69dd6aedc57752dae3c0871284866ff30f60d96d901313ab3d0a849e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43443
x-xss-protection: 0
last-modified: Mon, 13 Jun 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 13 Jun 2022 18:41:23 GMT

GET
H/1.1 200
OK pixel
q.quora.com/_/ad/64fab857ca52427587d3bd14a8d437b7/ 43 B
421 B 50ms
12ms Image
image/gif 52.70.45.34
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q.quora.com/_/ad/64fab857ca52427587d3bd14a8d437b7/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void%2F

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.70.45.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-70-45-34.compute-1.amazonaws.com

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 13 Jun 2022 18:41:23 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Q-Stat: ,b3075d60c41e2b2ff48a398ee952a017,10.0.0.141,27094,5.181.234.133,,37815368344,1,1655145683.633,0.002,,.,0,0,0.000,0.000,-,0,0,197,127,63,10,34729,,,,,,-,
Content-Type: image/gif

GET
H2

200

/
p.adsymptotic.com/d/px/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1655145683632&url=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat-spotlight-sodinokibi-ransomware-attempt...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1655145683632&url=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat-spotlight-sodinokibi-ransomware-attempt...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2594100%26time%3D1655145683632%26url%3Dhttps%253A%252F%252Fblog.malwarebytes.com%...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1655145683632&url=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat-spotlight-sodinokibi-ransomware-attempt...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2594100&time=1655145683632&url=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat-spotlight-sodinokibi-ransomware-attemp...
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=42136c69-dbe2-4bb0-ae4b-bab7c2e576a3
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=42136c69-dbe2-4bb0-ae4b-bab7c2e576a3&_expected_cookie=9e5c6a61e0c9ad5b892c171e...

43 B
142 B

24ms
24ms

Image
image/gif

104.18.98.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=42136c69-dbe2-4bb0-ae4b-bab7c2e576a3&_expected_cookie=9e5c6a61e0c9ad5b892c171e83a52c22
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Server: 104.18.98.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:24 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 71acf5cf6abd32fa-EWR
p3p: CP='NON DSP COR CONi OUR BUS CNT'
content-type: image/gif
content-length: 43

Redirect headers

location: https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=42136c69-dbe2-4bb0-ae4b-bab7c2e576a3&_expected_cookie=9e5c6a61e0c9ad5b892c171e83a52c22
date: Mon, 13 Jun 2022 18:41:24 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 71acf5cf3a6132fa-EWR
content-length: 0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

GET
H2 200 main.32155010.js Show response
s.pinimg.com/ct/lib/ 52 KB
18 KB 12ms
12ms Script
application/javascript 2a04:4e42:79::84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/lib/main.32155010.js
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/core.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:79::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 83912349e8bc8f0ec2084562dc5e71e06f33a3dfcad4899af80117a7174be14d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: gzip
fastly-restarts: 1
x-cdn: fastly
etag: "fd86de14455274a7c147dc95b77e18e3"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=1209600
content-length: 18298
access-control-expose-headers: X-CDN

GET
H2 200 4072696.js Show response
bat.bing.com/p/action/ 218 B
477 B 21ms
20ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/4072696.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

17cd20d8d2b12fb382778065141cb16e4200e0a75e4b2c3b2c549548ae9a05be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AD3A55AED7184FFDA513DE50D574B5D2 Ref B: EWR311000106049 Ref C: 2022-06-13T18:41:23Z
date: Mon, 13 Jun 2022 18:41:23 GMT
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private,max-age=60
content-length: 299

GET
H2 204 0
bat.bing.com/action/ 0
178 B 21ms
21ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=4072696&tm=gtm002&Ver=2&mid=c2c26b67-ae47-4d30-96c8-139e24789dd6&sid=6cc15d30eb4811ec870aafea7dba583e&vid=6cc181d0eb4811ecbd69c9683c90abc5&vids=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=%5BUPDATED%5D%20Threat%20Spotlight%3A%20Sodinokibi%2FREvil%20ransomware%20%7C%20Malwarebytes%20Labs&p=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void%2F&r=&lt=1981&evt=pageLoad&msclkid=N&sv=1&rn=945228

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C0CE6AACE8BC477699EC88EB5B56E345 Ref B: EWR311000106049 Ref C: 2022-06-13T18:41:23Z
date: Mon, 13 Jun 2022 18:41:23 GMT
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
ct.pinterest.com/user/ 488 B
735 B 33ms
15ms XHR
application/json 151.101.192.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/user/?tid=2614167509439&pd=%7B%22np%22%3A%22gtm%22%2C%22gtm_aem_configs%22%3A%5B%22em%22%5D%2C%22md_frequency%22%3A1%7D&cb=1655145683654
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.32155010.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.192.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 540548b12b5a362a5fa54de526a5870cc89ef6f431387c20cd25e82b4f6cd9d0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: gzip
referrer-policy: origin
x-cdn: fastly
content-type: application/json; charset=utf-8
access-control-allow-origin: https://blog.malwarebytes.com
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
pin-unauth: dWlkPU9HVTBaVFkzWWpZdE1EbGhOaTAwWVRoaUxXSTFNV1V0T1RnNVltUmlPVEZqWVRBNQ
x-pinterest-rid: 1003465829661226
x-envoy-upstream-service-time: 2
access-control-allow-credentials: true
content-length: 350
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
ct.pinterest.com/v3/ 35 B
92 B 32ms
15ms Image
image/gif 151.101.192.84
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ct.pinterest.com/v3/?tid=2614167509439&pd=%7B%22np%22%3A%22gtm%22%2C%22gtm_aem_configs%22%3A%5B%22em%22%5D%2C%22md_frequency%22%3A1%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void%2F%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%2232155010%22%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1655145683656
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.192.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 18:41:23 GMT
referrer-policy: origin
x-cdn: fastly
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 2
x-pinterest-rid: 1261097123814413
content-length: 35
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 4072696 Show response
www.clarity.ms/tag/uet/ 2 KB
2 KB 95ms
21ms Script
application/x-javascript 2620:1ec:49::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/4072696
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/4072696.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:49::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 168fb47bc756035848d3c79ad79538ce228eaa202abe6b51623d2cb5ea3d75ca

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
x-powered-by: ASP.NET
x-azure-ref: 004SnYgAAAAAQbRMJKRhGS6Wlg6eOoEg/TU5aMjIxMDYwNjE0MDUxADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
request-context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608
content-length: 1679
expires: -1

GET
H2

200

j Show response
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/j?dtstmp=1655145683726&aid=a-06kg&se=e30&duid=ff3668206ce6--01g5f5xpn3vqfshc18rwh2w2et&tna=v2.3.1&pu=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat...
https://rp4.liadm.com/j?dtstmp=1655145683726&aid=a-06kg&se=e30&duid=ff3668206ce6--01g5f5xpn3vqfshc18rwh2w2et&tna=v2.3.1&pu=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthrea...

13 B
551 B

131ms
12ms

XHR
application/json

34.202.82.185
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://rp4.liadm.com/j?dtstmp=1655145683726&aid=a-06kg&se=e30&duid=ff3668206ce6--01g5f5xpn3vqfshc18rwh2w2et&tna=v2.3.1&pu=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void%2F&wpn=lc-bundle&c=PHRpdGxlPgoKW1VQREFURURdIFRocmVhdCBTcG90bGlnaHQ6IFNvZGlub2tpYmkvUkV2aWwgcmFuc29td2FyZSB8IE1hbHdhcmVieXRlcyBMYWJzICA8L3RpdGxlPjxtZXRhIG5hbWU9ImRlc2NyaXB0aW9uIiBjb250ZW50PSJUaGVyZeKAmXMgYSBuZXcgcmFuc29td2FyZS1hcy1hLXNlcnZpY2UgKFJhYVMpIGluIHRvd24sIGFuZCBpdCBjYW4gdHdpc3QgdG9uZ3VlcyBmb3IgZ2lnZ2xlcyBhcyBtdWNoIGFzIHR3aXN0IG9yZ2FuaXphdGlvbnMnIGFybXMgZm9yIGNhc2guIEdldCB0byBrbm93IHRoZSBTb2Rpbm9raWJpL1JFdmlsIHJhbnNvbXdhcmUsIGluY2x1ZGluZyBob3cgdG8gcHJvdGVjdCBhZ2FpbnN0IHRoaXMgdGhyZWF0LiI-PGxpbmsgcmVsPSJjYW5vbmljYWwiIGhyZWY9Imh0dHBzOi8vYmxvZy5tYWx3YXJlYnl0ZXMuY29tL3RocmVhdC1zcG90bGlnaHQvMjAxOS8wNy90aHJlYXQtc3BvdGxpZ2h0LXNvZGlub2tpYmktcmFuc29td2FyZS1hdHRlbXB0cy10by1maWxsLWdhbmRjcmFiLXZvaWQvIj48dGl0bGUgaWQ9Im1hbHdhcmVieXRlcy1tYWluLWxvZ28tdGl0bGUiPlRoZSBvZmZpY2lhbCBNYWx3YXJlYnl0ZXMgbG9nbzwvdGl0bGU-PGgxIGNsYXNzPSJlbnRyeS10aXRsZSBwLW5hbWUiPgoJCQkJCVtVUERBVEVEXSBUaHJlYXQgU3BvdGxpZ2h0OiBTb2Rpbm9raWJpL1JFdmlsIHJhbnNvbXdhcmUJCQkJPC9oMT4&i6=MmEwZDo1NjAwOjI0OjE1MDA6MTAxMTo4NTQyOjZjZGQ6OTcyZg%3D%3D&n3pc=true

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Server

34.202.82.185 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-202-82-185.compute-1.amazonaws.com

Software

Resource Hash

efabba3678b85fcab831b778ea2ddaad1e2a1e952584d3566bc39b7ccb3429d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
x-pixel-event-id: 584ef38a-52e3-4d4e-b6a9-e1849b7570e6
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
x-frame-options: DENY
content-type: application/json
access-control-allow-origin: null
x-xss-protection: 1; mode=block
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
trace-id: cbe4bca7c1528de0
request-time: 0
content-length: 13
x-content-type-options: nosniff

Redirect headers

date: Mon, 13 Jun 2022 18:41:23 GMT
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
location: https://rp4.liadm.com/j?dtstmp=1655145683726&aid=a-06kg&se=e30&duid=ff3668206ce6--01g5f5xpn3vqfshc18rwh2w2et&tna=v2.3.1&pu=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void%2F&wpn=lc-bundle&c=PHRpdGxlPgoKW1VQREFURURdIFRocmVhdCBTcG90bGlnaHQ6IFNvZGlub2tpYmkvUkV2aWwgcmFuc29td2FyZSB8IE1hbHdhcmVieXRlcyBMYWJzICA8L3RpdGxlPjxtZXRhIG5hbWU9ImRlc2NyaXB0aW9uIiBjb250ZW50PSJUaGVyZeKAmXMgYSBuZXcgcmFuc29td2FyZS1hcy1hLXNlcnZpY2UgKFJhYVMpIGluIHRvd24sIGFuZCBpdCBjYW4gdHdpc3QgdG9uZ3VlcyBmb3IgZ2lnZ2xlcyBhcyBtdWNoIGFzIHR3aXN0IG9yZ2FuaXphdGlvbnMnIGFybXMgZm9yIGNhc2guIEdldCB0byBrbm93IHRoZSBTb2Rpbm9raWJpL1JFdmlsIHJhbnNvbXdhcmUsIGluY2x1ZGluZyBob3cgdG8gcHJvdGVjdCBhZ2FpbnN0IHRoaXMgdGhyZWF0LiI-PGxpbmsgcmVsPSJjYW5vbmljYWwiIGhyZWY9Imh0dHBzOi8vYmxvZy5tYWx3YXJlYnl0ZXMuY29tL3RocmVhdC1zcG90bGlnaHQvMjAxOS8wNy90aHJlYXQtc3BvdGxpZ2h0LXNvZGlub2tpYmktcmFuc29td2FyZS1hdHRlbXB0cy10by1maWxsLWdhbmRjcmFiLXZvaWQvIj48dGl0bGUgaWQ9Im1hbHdhcmVieXRlcy1tYWluLWxvZ28tdGl0bGUiPlRoZSBvZmZpY2lhbCBNYWx3YXJlYnl0ZXMgbG9nbzwvdGl0bGU-PGgxIGNsYXNzPSJlbnRyeS10aXRsZSBwLW5hbWUiPgoJCQkJCVtVUERBVEVEXSBUaHJlYXQgU3BvdGxpZ2h0OiBTb2Rpbm9raWJpL1JFdmlsIHJhbnNvbXdhcmUJCQkJPC9oMT4&i6=MmEwZDo1NjAwOjI0OjE1MDA6MTAxMTo4NTQyOjZjZGQ6OTcyZg%3D%3D&n3pc=true
x-frame-options: DENY
access-control-allow-origin: https://blog.malwarebytes.com
x-xss-protection: 1; mode=block
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
trace-id: ea09f374034eefa7
request-time: 0
content-length: 0
x-content-type-options: nosniff

GET
H2 200 clarity.js Show response
a.clarity.ms/s/0.6.34/ 53 KB
23 KB 51ms
12ms Script
application/javascript 104.45.184.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.clarity.ms/s/0.6.34/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/4072696
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.45.184.134 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ca63193ce799e4e00c9106349365981dc6e26cb77632ebf5df23dffba2aaccfa

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: br
etag: "1d87e8642decc54"
last-modified: Sun, 12 Jun 2022 18:00:12 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes
request-context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 72ms
39ms Script
text/javascript 142.251.32.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-930356311

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.32.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f2.1e100.net

Software

cafe /

Resource Hash

b13e8f56e638d96f185c3874dee84d41452c5026179e1b1260fa54cd32afe50f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15073
x-xss-protection: 0
server: cafe
etag: 14959697428163462746
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 13 Jun 2022 18:41:23 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 4140 0
18 B 12ms
6ms Document
text/plain 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://blog.malwarebytes.com
Referer: https://blog.malwarebytes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://blog.malwarebytes.com
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 13 Jun 2022 18:41:23 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/930356311/ 2 KB
2 KB 45ms
26ms Script
text/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/930356311/?random=1655145683919&cv=9&fst=1655145683919&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa680&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void%2F&tiba=%5BUPDATED%5D%20Threat%20Spotlight%3A%20Sodinokibi%2FREvil%20ransomware%20%7C%20Malwarebytes%20Labs&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9caf74ddfcf35efa3792e1464c27bd3753a45dee4a3f93bdd939438e337ce56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 18:41:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1110
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect Show response
a.clarity.ms/ 0
74 B 37ms
37ms XHR
text/plain 104.45.184.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.clarity.ms/collect
Requested by: Host: a.clarity.ms
URL: https://a.clarity.ms/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.45.184.134 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://blog.malwarebytes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-origin: https://blog.malwarebytes.com
date: Mon, 13 Jun 2022 18:41:23 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81

GET
H3 200 /
www.google.com/pagead/1p-user-list/930356311/ 42 B
64 B 37ms
23ms Image
image/gif 2607:f8b0:4006:80c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/930356311/?random=1655145683919&cv=9&fst=1655143200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa680&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void%2F&tiba=%5BUPDATED%5D%20Threat%20Spotlight%3A%20Sodinokibi%2FREvil%20ransomware%20%7C%20Malwarebytes%20Labs&async=1&fmt=3&is_vtc=1&random=3371320779&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2004 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 18:41:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 503
Service Unavailable: Back-end server is at capacity demandbase
match.prod.bidr.io/cookie-sync/ 0
111 B 57ms
11ms Image
text/plain 54.243.191.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.prod.bidr.io/cookie-sync/demandbase
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.243.191.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-243-191-164.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/
Redirect Chain

https://id.rlcdn.com/464526.gif
https://id.rlcdn.com/1000.gif?memo=CI6tHBoNCNSJnpUGEgUI6AcQAEIASgA
https://segments.company-target.com/log?vendor=liveramp&user_id=Xc129704f3LxFSeASGgkkeGjEiVzfrBZeiDhA7emWlqItqWF8
https://segments.company-target.com/validateCookie?vendor=liveramp&user_id=Xc129704f3LxFSeASGgkkeGjEiVzfrBZeiDhA7emWlqItqWF8&verifyHash=bdce8f5002ef5b75ace9f052a7a830ce14ff6e48

26 B
409 B

313ms
313ms

Image
image/gif

65.9.44.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=liveramp&user_id=Xc129704f3LxFSeASGgkkeGjEiVzfrBZeiDhA7emWlqItqWF8&verifyHash=bdce8f5002ef5b75ace9f052a7a830ce14ff6e48
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: HTTP/1.1
Server: 65.9.44.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-44-122.arn54.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 13 Jun 2022 18:41:24 GMT
Via: 1.1 d42e11d52edd8bb7c6c82444d8414824.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN54-C1
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
trace-id: 739f1399a5310c58
X-Amz-Cf-Id: 9UKajRrg8m0uT2t8jT4qwXPe2C78NRYo6kIjwAFcWSR96T3-OiVTIg==

Redirect headers

Date: Mon, 13 Jun 2022 18:41:24 GMT
Via: 1.1 d42e11d52edd8bb7c6c82444d8414824.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN54-C1
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=liveramp&user_id=Xc129704f3LxFSeASGgkkeGjEiVzfrBZeiDhA7emWlqItqWF8&verifyHash=bdce8f5002ef5b75ace9f052a7a830ce14ff6e48
Connection: keep-alive
trace-id: e1cd648070a931ef
Content-Length: 0
X-Amz-Cf-Id: xuPNob7NH45QhJqVrzuUrF31rXQplsrL36P4FDTsVIcCyFV721najA==

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 453 B
952 B 62ms
42ms XHR
application/json 13.225.223.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void%2F&page_title=%5BUPDATED%5D%20Threat%20Spotlight%3A%20Sodinokibi%2FREvil%20ransomware%20%7C%20Malwarebytes%20Labs&src=tag&auth=TcuHErVpEQlFNgsvW0BgkLmoffXoRf8c17jto6PU
Requested by: Host: scripts.demandbase.com
URL: https://scripts.demandbase.com/HWyTnY16.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.223.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-223-21.jfk51.r.cloudfront.net
Software: nginx /
Resource Hash: 14de539d3e171b5e84eecd02af1c79db9587bf3e53abcdd865ffc5e2e679940d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:24 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: JFK51-C1
x-cache: Miss from cloudfront
request-id: 886cb7e2-4535-4a28-bdb4-17a6cdb35228
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://blog.malwarebytes.com
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 9e89086b4bc4697bea1e1dec6ddc5c5c.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: msz9F6VgIeBW6y1XLdEX8pBOjhV0BIRwpINxJO_1FO7LIteJxxotSw==
expires: Sun, 12 Jun 2022 18:41:24 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 5ms
5ms Image
image/gif 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1507731229&t=event&ni=1&_s=2&dl=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void%2F&ul=en-us&de=UTF-8&dt=%5BUPDATED%5D%20Threat%20Spotlight%3A%20Sodinokibi%2FREvil%20ransomware%20%7C%20Malwarebytes%20Labs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aDDAgEAjAAAAAE~&jid=&gjid=&cid=1739465330.1655145683&uid=CB0893BE-A86B-47EB-BB3F-A29AC96D709C&tid=UA-3347303-10&_gid=89761494.1655145683&gtm=2wg680MKSKW3&cd2=(Non-Company%20Visitor)&cd3=Bot&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=(Non-Company%20Visitor)&cd8=(Non-Company%20Visitor)&cd9=(Non-Company%20Visitor)&cd10=(Non-Company%20Visitor)&cd11=New%20York&cd12=NY&cd13=(Non-Company%20Visitor)&cd14=(Non-Company%20Visitor)&cd15=(Non-Company%20Visitor)&cd16=(Non-Company%20Visitor)&cd17=US&cd18=(Non-Company%20Visitor)&cd24=(Non-Company%20Visitor)&z=276132752

Requested by

Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::200e Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 04:43:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 50300
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect Show response
a.clarity.ms/ 0
48 B 12ms
12ms XHR
text/plain 104.45.184.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.clarity.ms/collect
Requested by: Host: a.clarity.ms
URL: https://a.clarity.ms/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.45.184.134 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://blog.malwarebytes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-origin: https://blog.malwarebytes.com
date: Mon, 13 Jun 2022 18:41:24 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81

GET
H3

200

activityi;dc_pre=CNWZ7pSKq_gCFfsGaAgdw38Dhw;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=1057153790401.1263 Show response
5118230.fls.doubleclick.net/ Frame B8BB
Redirect Chain

https://5118230.fls.doubleclick.net/activityi;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=1057153790401.1263?
https://5118230.fls.doubleclick.net/activityi;dc_pre=CNWZ7pSKq_gCFfsGaAgdw38Dhw;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=1057153790401.1263?

482 B
402 B

38ms
26ms

Document
text/html

142.251.40.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5118230.fls.doubleclick.net/activityi;dc_pre=CNWZ7pSKq_gCFfsGaAgdw38Dhw;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=1057153790401.1263?

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/js/jquery-1.11.3.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f6.1e100.net

Software

cafe /

Resource Hash

565141de72f468a7fccfea675ce4ba75b343afd1909bbb1a15bad4cd116bcbb6

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.malwarebytes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: gzip
content-length: 377
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 13 Jun 2022 18:41:25 GMT
expires: Mon, 13 Jun 2022 18:41:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 13 Jun 2022 18:41:25 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5118230.fls.doubleclick.net/activityi;dc_pre=CNWZ7pSKq_gCFfsGaAgdw38Dhw;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=1057153790401.1263?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=000034317D96444EA7E7D935264DD2F9&RedC=c.clarity.ms&MXFR=0E8F246F585561C102AD35AD5C556FD3
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=000034317D96444EA7E7D935264DD2F9&MUID=2415A82FD6C36FF13181B9EDD7A16E18

42 B
442 B

16ms
16ms

Image
image/gif

20.110.81.91
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=000034317D96444EA7E7D935264DD2F9&MUID=2415A82FD6C36FF13181B9EDD7A16E18
Protocol: H2
Server: 20.110.81.91 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 18:41:24 GMT
last-modified: Wed, 06 Apr 2022 19:10:39 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "77ff271ea49d81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Mon, 13 Jun 2022 18:41:24 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 87BBD369AA51403CAAB86B7E22170F5C Ref B: EWR311000106049 Ref C: 2022-06-13T18:41:25Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=000034317D96444EA7E7D935264DD2F9&MUID=2415A82FD6C36FF13181B9EDD7A16E18
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 2893.js Show response
script.crazyegg.com/pages/scripts/0081/ 5 KB
2 KB 70ms
31ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0081/2893.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a46ed92667c2008572fe507f2650e820dfea2d192a7c46a150c94e5cc560a44b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:25 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 20689
cf-polished: origSize=5359
cf-ray: 71acf5d39c4c8cc3-EWR
ce-version: 11.1.447
last-modified: Mon, 13 Jun 2022 12:56:36 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-bgj: minify

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 49 KB
14 KB 40ms
14ms Script
application/javascript 199.232.36.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: blog.malwarebytes.com
URL: https://blog.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.36.157 New York, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 05448e9440e5f8a66395d7d66a9bfcb9614a80e4e181f6347cd742ec36725ca6

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:25 GMT
content-encoding: gzip
last-modified: Wed, 08 Jun 2022 20:03:49 GMT
etag: "90b3a450b1a5741eca2aac717f3ebbc2+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 13714
x-served-by: cache-iad-kiad7000042-IAD, cache-lga21933-LGA

GET
H2 200 adsct
t.co/i/ 43 B
337 B 92ms
33ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=c56323b4-b33a-4e5c-a60f-8c6ba754ae04&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=3767f453-aed9-4b77-93b0-d8d55f083091&tw_document_href=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o1m5j&type=javascript&version=2.3.20

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-response-time: 6
date: Mon, 13 Jun 2022 18:41:24 GMT
server: tsa_b
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: b04aecc7621404653dd756b310129bd02710bdbbf4f8d9099ed0b05954d695f5
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
353 B 227ms
34ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=c56323b4-b33a-4e5c-a60f-8c6ba754ae04&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=3767f453-aed9-4b77-93b0-d8d55f083091&tw_document_href=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o1m5j&type=javascript&version=2.3.20

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-response-time: 6
date: Mon, 13 Jun 2022 18:41:24 GMT
server: tsa_b
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: e0e5906a6fedc8bcc2738987494f13e92db432eb03dd626bcb3070cd3e5a7dd1
content-length: 43

GET
H/1.1 200
OK analytics.min.js Show response
cdn.bttrack.com/js/14102/analytics/1.0/ Frame B8BB 599 B
696 B 48ms
8ms Script
text/javascript 69.16.175.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bttrack.com/js/14102/analytics/1.0/analytics.min.js
Requested by: Host: 5118230.fls.doubleclick.net
URL: https://5118230.fls.doubleclick.net/activityi;dc_pre=CNWZ7pSKq_gCFfsGaAgdw38Dhw;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=1057153790401.1263?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: tlb.hwcdn.net
Software: /
Resource Hash: fbf44047407fd1714993b1c5cebf5bf2b17915261b8c24ec8c70382b4d389ece

Request headers

accept-language: en-US,en;q=0.9
Referer: https://5118230.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 13 Jun 2022 18:41:25 GMT
Content-Encoding: gzip
X-HW: 1655145685.dop154.ny3.t,1655145685.cds077.ny3.shn,1655145685.dop154.ny3.t,1655145685.cds002.ny3.c
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=57026
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 368

GET
H2 200 dc_pre=CNWZ7pSKq_gCFfsGaAgdw38Dhw;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=1057153790401.1263
adservice.google.com/ddm/fls/z/ Frame B8BB 42 B
494 B 93ms
67ms Image
image/gif 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CNWZ7pSKq_gCFfsGaAgdw38Dhw;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=1057153790401.1263

Requested by

Host: 5118230.fls.doubleclick.net
URL: https://5118230.fls.doubleclick.net/activityi;dc_pre=CNWZ7pSKq_gCFfsGaAgdw38Dhw;src=5118230;type=count0;cat=secur00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1;num=1057153790401.1263?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://5118230.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 18:41:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 2893.json Show response
script.crazyegg.com/pages/data-scripts/0081/ 952 B
672 B 44ms
28ms XHR
application/json 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0081/2893.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0081/2893.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d329fbd36ec16735a3b9a8460d03efc3d9283b5bebcf27d9d96a7b3795b9684

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 18:41:25 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 20654
ce-version: 11.1.447
content-length: 327
timing-allow-origin: *
last-modified: Mon, 13 Jun 2022 12:57:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
cf-ray: 71acf5d3fe3fe85d-EWR

GET
H/1.1 200
OK js Show response
bttrack.com/engagement/ Frame B8BB 10 KB
4 KB 57ms
14ms Script
text/javascript 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to

Full URL: https://bttrack.com/engagement/js?goalId=14102&cb=1655145685140
Requested by: Host: cdn.bttrack.com
URL: https://cdn.bttrack.com/js/14102/analytics/1.0/analytics.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: a52cd993a8056f36d4149eee2d3526934fcb30ea07dd11e97f18a3c38ed983cb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://5118230.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

X-ServerName: Track001-iad
Pragma: no-cache
Date: Mon, 13 Jun 2022 18:41:24 GMT
Content-Encoding: gzip
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: text/javascript; charset=utf-8
Content-Length: 3536
Expires: -1

GET
H/1.1 200
OK event Show response
bttrack.com/engagement/ Frame B8BB 0
595 B 51ms
14ms XHR
text/plain 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to

Full URL: https://bttrack.com/engagement/event?input=%7B%22globalId%22%3A%22152d449b-9a9a-4380-aa7e-b18dae97ea6b%22%2C%22creativeId%22%3A%22%22%2C%22placementId%22%3A%22%22%2C%22goalId%22%3A%2214102%22%2C%22sessionId%22%3A%223e48e09d-e9d5-4ab7-a9d2-751ba681c6ca%22%2C%22parentPublisherId%22%3A%22%22%2C%22publisherId%22%3A%22%22%2C%22siteId%22%3A%22%22%2C%22commonId%22%3A%22%22%2C%22heartbeat%22%3A1%2C%22url%22%3A%22https%3A%2F%2F5118230.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCNWZ7pSKq_gCFfsGaAgdw38Dhw%3Bsrc%3D5118230%3Btype%3Dcount0%3Bcat%3Dsecur00%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Bord%3D1%3Bnum%3D1057153790401.1263%3F%22%2C%22fingerprint%22%3A%22%22%2C%22fingerprintProvider%22%3A%22%22%7D
Requested by: Host: bttrack.com
URL: https://bttrack.com/engagement/js?goalId=14102&cb=1655145685140
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://5118230.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

X-ServerName: Track001-iad
Pragma: no-cache
Date: Mon, 13 Jun 2022 18:41:24 GMT
Content-Encoding: gzip
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Access-Control-Allow-Origin: *
Cache-Control: private,no-cache
Content-Type: text/plain
Content-Length: 0
Expires: -1

GET
H/1.1 200
OK getpixels Show response
bttrack.com/engagement/ Frame B8BB 0
400 B 52ms
14ms XHR
text/html 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to

Full URL: https://bttrack.com/engagement/getpixels?gid=14102
Requested by: Host: bttrack.com
URL: https://bttrack.com/engagement/js?goalId=14102&cb=1655145685140
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://5118230.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

X-ServerName: Track004-iad
Pragma: no-cache
Date: Mon, 13 Jun 2022 18:41:19 GMT
Content-Encoding: gzip
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Access-Control-Allow-Origin: *
Cache-Control: private,no-cache
Content-Type: text/html
Content-Length: 0
Expires: -1

POST
H2 204 collect Show response
a.clarity.ms/ 0
48 B 12ms
11ms XHR
text/plain 104.45.184.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.clarity.ms/collect
Requested by: Host: a.clarity.ms
URL: https://a.clarity.ms/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.45.184.134 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://blog.malwarebytes.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-origin: https://blog.malwarebytes.com
date: Mon, 13 Jun 2022 18:41:26 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 18ms
18ms Ping
text/plain 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-K8KCHE3KSC&gtm=2oe680&_p=1507731229&_z=ccd.tdB&cid=1739465330.1655145683&ul=en-us&sr=1600x1200&_s=2&sid=1655145683&sct=1&seg=0&dl=https%3A%2F%2Fblog.malwarebytes.com%2Fthreat-spotlight%2F2019%2F07%2Fthreat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void%2F&dt=%5BUPDATED%5D%20Threat%20Spotlight%3A%20Sodinokibi%2FREvil%20ransomware%20%7C%20Malwarebytes%20Labs&en=scroll&_et=12&epn.percent_scrolled=90
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K8KCHE3KSC&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81e::200e Mullica Hill, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://blog.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 18:41:28 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.malwarebytes.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

239 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

44 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.malwarebytes.com/threat-spotlight/2019/07/threat-spotlight-sodinokibi-ransomware-attempts-to-fill-gandcrab-void	1970-01-20 12:31:21	Name: gaUserID Value: CB0893BE-A86B-47EB-BB3F-A29AC96D709C
.malwarebytes.com/	1970-01-20 21:16:57	Name: _ga_K8KCHE3KSC Value: GS1.1.1655145683.1.0.1655145683.0
.malwarebytes.com/	1970-01-20 21:16:57	Name: _ga Value: GA1.2.1739465330.1655145683
.malwarebytes.com/	1970-01-20 03:47:12	Name: _gid Value: GA1.2.89761494.1655145683
.malwarebytes.com/	1970-01-20 05:55:21	Name: _fbp Value: fb.1.1655145683379.1838120990
.malwarebytes.com/	1970-01-20 03:45:45	Name: _dc_gtm_UA-3347303-10 Value: 1
.facebook.com/	1970-01-20 05:55:21	Name: fr Value: 01P2mM971q60uOuld..Bip4TT...1.0.Bip4TT.
.malwarebytes.com/	1969-12-31 23:59:59	Name: _li_dcdm_c Value: .malwarebytes.com
.malwarebytes.com/	1970-01-20 21:16:57	Name: _lc2_fpi Value: ff3668206ce6--01g5f5xpn3vqfshc18rwh2w2et
.bing.com/	1970-01-20 13:07:21	Name: MUID Value: 2415A82FD6C36FF13181B9EDD7A16E18
.bat.bing.com/	1970-01-20 03:55:50	Name: MR Value: 0
.malwarebytes.com/	1970-01-20 03:47:12	Name: _uetsid Value: 6cc15d30eb4811ec870aafea7dba583e
.malwarebytes.com/	1970-01-20 13:07:21	Name: _uetvid Value: 6cc181d0eb4811ecbd69c9683c90abc5
.malwarebytes.com/	1970-01-20 03:47:12	Name: visited Value: true
.blog.malwarebytes.com/	1970-01-20 12:31:21	Name: _pin_unauth Value: dWlkPU9HVTBaVFkzWWpZdE1EbGhOaTAwWVRoaUxXSTFNV1V0T1RnNVltUmlPVEZqWVRBNQ
.linkedin.com/	1970-01-20 05:55:21	Name: li_sugr Value: 42136c69-dbe2-4bb0-ae4b-bab7c2e576a3
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 21:17:39	Name: bcookie Value: "v=2&37faa17b-f99f-4e5e-8fac-049b0076608b"
.linkedin.com/	1970-01-20 03:47:12	Name: lidc Value: "b=OGST02:s=O:r=O:a=O:p=O:g=2690:u=1:x=1:i=1655145683:t=1655232083:v=2:sig=AQHP9lhPRhWdPslfiNvrsuJXQgp7FTDC"
www.clarity.ms/	1970-01-20 12:31:21	Name: CLID Value: ee29eb2eb38a48d1a910e1ac9cd66b26.20220613.20230613
.liadm.com/	1970-01-20 21:16:57	Name: lidid Value: 6e929f12-80be-4ddb-b123-7d00e1bd0fe4
.malwarebytes.com/	1970-01-20 05:55:21	Name: _gcl_au Value: 1.1.1368400497.1655145684
.malwarebytes.com/	1970-01-20 12:31:21	Name: _clck Value: 148ggu\|1\|f2a\|0
.linkedin.com/	1970-01-20 04:28:57	Name: UserMatchHistory Value: AQKSmw1F6Uf0OgAAAYFeXttnfjT-YdlmqO-YtQQ-tv7IPESY-uAi6_e2Rb5x-zualcyMQDIaumspzw
.linkedin.com/	1970-01-20 04:28:57	Name: AnalyticsSyncHistory Value: AQJS8v5BKZuWRgAAAYFeXttnvRk2J5dTtR1Id-xuozoRzmJ3CfN12Hg-dW0i73iWcvyfqDc_zhz7uY4k9kD9yg
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.www.linkedin.com/	1970-01-20 21:17:39	Name: bscookie Value: "v=1&202206131841235348cec1-bd3b-40c8-8218-a4af0da33c2bAQE60O-sIOqoXo23pHolyyCr8GA8zT7t"
.malwarebytes.com/	1970-01-20 03:47:12	Name: _clsk Value: 1y9doye\|1655145684016\|1\|1\|a.clarity.ms/collect
.rlcdn.com/	1970-01-20 12:31:21	Name: rlas3 Value: ArAyagcwuGes2cwxmlOgAkSZkMATk4sHSPqlBAFXBLI=
.rlcdn.com/	1970-01-20 05:12:09	Name: pxrc Value: CNSJnpUGEgUI6AcQABIGCMrdKhAA
.adsymptotic.com/	1970-01-20 05:55:21	Name: U Value: 9e5c6a61e0c9ad5b892c171e83a52c22
.company-target.com/	1970-01-20 21:16:57	Name: tuuid Value: aba98274-5813-4c0a-bf3c-c170b12d6c7c
.company-target.com/	1970-01-20 21:16:57	Name: tuuid_lu Value: 1655145684
.malwarebytes.com/	1970-01-20 12:31:21	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Mon+Jun+13+2022+18%3A41%3A24+GMT%2B0000+(GMT)&version=6.4.0&landingPath=NotLandingPage&groups=1%3A1%2C0_165071%3A1%2C101%3A1%2C2%3A1%2C3%3A1%2C102%3A1%2C103%3A1%2C4%3A1%2C104%3A1%2C105%3A1%2C106%3A1%2C107%3A1%2C109%3A1%2C110%3A1%2C112%3A1%2C113%3A1%2C114%3A1%2C115%3A1%2C116%3A1%2C117%3A1%2C118%3A1%2C0_165051%3A1%2C0_165052%3A1%2C0_165053%3A1%2C0_165054%3A1%2C0_165055%3A1%2C0_165056%3A1%2C0_165057%3A1%2C0_165058%3A1%2C0_165059%3A1%2C0_165060%3A1%2C0_165061%3A1%2C0_165062%3A1%2C0_165063%3A1%2C0_165064%3A1%2C0_165065%3A1%2C0_165066%3A1%2C0_165067%3A1%2C0_165068%3A1%2C0_165069%3A1%2C0_165070%3A1%2C0_165072%3A1%2C0_165073%3A1%2C0_165074%3A1%2C0_168809%3A1%2C0_168810%3A1%2C0_171059%3A1%2C0_171060%3A1%2C0_171061%3A1%2C0_171062%3A1%2C0_171063%3A1%2C0_171064%3A1%2C0_172264%3A1%2C0_172327%3A1%2C0_179764%3A1%2C0_172332%3A1%2C0_172328%3A1%2C0_172329%3A1%2C108%3A1%2C111%3A1
.doubleclick.net/	1970-01-20 21:16:57	Name: IDE Value: AHWqTUmyyJky0iatkTv6ZLEmKgPDvQ_OI93BTdHb790ZhT1JNft6LEsQi3qLkMKFd50
.c.bing.com/	1970-01-20 03:55:50	Name: MR Value: 0
.c.bing.com/	1970-01-20 13:07:21	Name: SRM_B Value: 2415A82FD6C36FF13181B9EDD7A16E18
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 13:07:21	Name: MUID Value: 2415A82FD6C36FF13181B9EDD7A16E18
.c.clarity.ms/	1970-01-20 03:55:50	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 03:45:46	Name: ANONCHK Value: 0
.t.co/	1970-01-20 21:16:57	Name: muc_ads Value: ea8d0e98-e821-4585-8edf-847def54a8d0
.bttrack.com/	1970-01-20 05:55:21	Name: GLOBALID Value: 2uKlc8-sIBd987FnJwPDZOH_hHIEpyp_DHQ4nYy2IEN2PUBpcIhG14e1ZRurnfJRImr2Kp-oL5QC4TM1
.twitter.com/	1970-01-20 21:16:57	Name: personalization_id Value: "v1_SZT4fGmWBtCDcb/slBBH3w=="

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://match.prod.bidr.io/cookie-sync/demandbase Message: Failed to load resource: the server responded with a status of 503 (Service Unavailable: Back-end server is at capacity)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors none;
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5118230.fls.doubleclick.net
a.clarity.ms
adservice.google.com
analytics.twitter.com
api.company-target.com
app.salesloft.com
b-code.liadm.com
bat.bing.com
blog.malwarebytes.com
bttrack.com
c.bing.com
c.clarity.ms
cdn.bttrack.com
cdn.jsdelivr.net
connect.facebook.net
ct.pinterest.com
fonts.googleapis.com
genesis.malwarebytes.com
geolocation.onetrust.com
googleads.g.doubleclick.net
id.rlcdn.com
match.prod.bidr.io
optanon.blob.core.windows.net
p.adsymptotic.com
px.ads.linkedin.com
px4.ads.linkedin.com
q.quora.com
rp.liadm.com
rp4.liadm.com
s.pinimg.com
script.crazyegg.com
scripts.demandbase.com
secure.gravatar.com
segments.company-target.com
sl.malwarebytes.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
unpkg.com
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.malwarebytes.com
104.18.98.194
104.244.42.131
104.244.42.133
104.45.184.134
13.107.42.14
13.225.223.21
130.211.198.3
142.251.32.98
142.251.40.230
151.101.192.84
192.132.33.46
199.232.36.157
20.110.81.91
2600:141b:13::17d7:82d9
2600:1f18:730:b120:4ab9:a165:6787:58f
2600:9000:20fc:be00:8:8845:1500:93a1
2600:9000:21c3:da00:16:26c7:ff80:93a1
2606:4700:10::6814:b944
2606:4700::6810:5714
2606:4700::6810:7caf
2606:4700::6813:9308
2607:f8b0:4004:c09::9d
2607:f8b0:4006:807::200a
2607:f8b0:4006:80b::2002
2607:f8b0:4006:80c::2004
2607:f8b0:4006:80e::2008
2607:f8b0:4006:81e::200e
2607:f8b0:4006:823::2002
2620:1ec:21::14
2620:1ec:49::40
2620:1ec:c11::200
2a03:2880:f012:10c:face:b00c:0:3
2a03:2880:f112:182:face:b00c:0:25de
2a04:4e42:79::84
2a04:fa87:fffe::c000:4902
3.213.223.212
34.202.82.185
35.190.60.146
52.0.186.20
52.239.137.4
52.70.45.34
54.243.191.164
54.243.245.81
65.9.44.119
65.9.44.122
69.16.175.10
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
05369fa3ab175c5ba5e63b7c60a872a64f82ddcb1de6a950d73004ed25930e69
05448e9440e5f8a66395d7d66a9bfcb9614a80e4e181f6347cd742ec36725ca6
05a173cb58022e81eb499529ac56df6ad7bafe1c61b8128dca8b76f300b5b60e
095834cc86bd018fdb4a9e31c99f9f96904b819be2b9dc16b3390383288d4d90
0d8ac30d9520ce94e0246020e4bff9b6fea04f92ac0b5f09c7346104b9f5772a
0ed37960a59a6ec6b443f9ef043864d09a51db6fd276ae578d9166467bf986d1
106ff2dcabdf33e3a570650ebd622f534c02c6f751a8320ed879e172d767bbd2
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
14de539d3e171b5e84eecd02af1c79db9587bf3e53abcdd865ffc5e2e679940d
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c
1532b16aa9cd1fef51c097aaf1abeac6cb6f239b026660e7105e49f4ae6549ff
168fb47bc756035848d3c79ad79538ce228eaa202abe6b51623d2cb5ea3d75ca
17cd20d8d2b12fb382778065141cb16e4200e0a75e4b2c3b2c549548ae9a05be
19333622f176d68bc17e307d8df96b15447864fbb0bbaac495e507fa64d96077
1a0b51af7ff79f11c0a779bf478304fa451ac5587675952b8378b47f0a97504d
1dc2b8fb26c1a74260a66519a2a5fdf37a938d1b43bbe4d8da7fcd652acc61b9
21da5195f86350f2b52a0ee70a668d4f72542d0413b57dd84f06593e0e0f7207
22f39a41a30342a5c51d150be48c4726245655a560d154af893337d1ae953f62
2409f262a4b65de1c6867ad7d607898380900587b69a60b881a9b888bd53e625
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2feca220db689e3d611ba517005ab3f14924016f9d133c57d5b22073560090e5
30b410ec60b2dda5e521206ed5b3a9318922f62828db7409240f047f21593bcc
32d4b293bb7f25a21cc44e81184d4bbcb3bdd1837e026b98ed0ad85b3b1a5292
361aabb783830d45d3de5f19c4fe47d295e11518fb0279dd99d589eea8d43319
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3d79854e01d0c79408c548889dcfddd23e4ef10f11c698c831b570573ee13b97
3d934946e478053820ccfc2e9902822114dc8c40e26669d9742c9fe6524ee661
3df56cf5e9b367ce3a1f69c52fe68655893e7443d0b9df0a8a094606775657c0
40836d2f7b903644cc6bd00e253ac70d500b250d3fbb361fca8941aaccc2bb42
43fd285ef1f2a9d088bedf7c9d508e4fecd80de8fc87794cc8bd097731e16205
4d329fbd36ec16735a3b9a8460d03efc3d9283b5bebcf27d9d96a7b3795b9684
4ed10d0d64bb1515397e8666a63f484d640dbc5678fa62574e077b7aef1c3af2
4f6366518c3d992d6a9a3aee342675532822d6b1d66217df7b284bb450dbb99a
4f7da1e8c51daecdde094d37ad6ed35f3f70a3a0026d7df53cc88e4533a69f87
523d1af6ce4ee7e7193dd9d3f8b2145f525349131492d2defc81cbd653249e1a
540548b12b5a362a5fa54de526a5870cc89ef6f431387c20cd25e82b4f6cd9d0
542f9b9f9ed17fb168e1a1ce299413085d6559f316742f95ad22a291ffd67ffc
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5576e25dd8a4d45e90da43e0f127c4efb4d16eebcb7a1bc55fbb66e7cf504f9d
565141de72f468a7fccfea675ce4ba75b343afd1909bbb1a15bad4cd116bcbb6
580818700724d42d7fcc4979b0197971fca1c6d2e0286769237a0ac897df5512
58c13e24cdfb6384c26836e3eac52d17701cd9d686c56ebf93efbbe9426f8cd6
5b06b85bdf477d92de6f3c9e7c037b4d679f0b17bb633ca659c50bd630f29d09
5b62da3ed3fe1c94582c2a75526716000f7361ff70c0cc41aae4ee8212735c3e
5d09ea31b4f26497480482f539fdc221990ae192c8b8be5002f4f2b9bef26876
5db6c253c402042fd6a9f8163882a54a5b12090a8bacf2e422288338b4cb0d1d
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
6252f8d40b521387483f57b7d0c812912a1d59ce038fdde2bcf67cf920486cac
636193ff074c00d5efbd27ff1699439723e7f62ad10a57bf2af36a715269ec2e
6429fe0ed81fca5f6bb18cb0a0aacae3bd9de79192635aeed4cbda438139d75d
72622641b79819e5c8b5c0543d105a45e30f13b1a6c0b5c3701e72de5b57e427
728054ccf1f41ec0afdb688b6db421601bb60d505d9e1e2c2de16d9e4a14b774
74a177fc1af5246cc572eefeace79f1466d87bf27daf0f35aa2a601f15aac156
78e3802122f7016333437f9908ad30173eb681234d9ed7ebd74490abc525c8b7
7961789aed44f7b97f6f755bfae322b38dd398de4a1022821c7be836a47f01f1
7e6aa30a919ae381fbcf4d4d6f970531bf513bf0847097e7927123bf032b0f09
7e9bcd405af64ba784d4ead6dba8ed5c146a22c5bb6f264e756e3ded19a6fb6f
80f0eb912943ad0deab2ad7a8125b7404b726bac65dca9e6be97b063ca490662
821b2e61ecdbbd3e8e5272ede8ba824140773b2e54e29ed32d954d56f0c2ea5a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83912349e8bc8f0ec2084562dc5e71e06f33a3dfcad4899af80117a7174be14d
8528b83134ef333f8b4f3b722f422569b5121e6fa817c9942bcbb91f5f61ea93
8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52
88281e6b9cf0efb09fede75df77011dc82b84f67deb77aea241d2ea006b2ed23
89bb46ca9e1665e0e34f98ad788396746a1c65545b92674a150d397e1ae26374
8a849c6ffa64946fefa17e874080dea467783d0e20857bbfbb23480739625648
8c20518cd7e51066b82e8a8a1e8035210741cf808c02268915747960f531061c
8f796d398e512c5d19a2fecc943d19a204927ff3cf9ec2cb3f75a025535268cd
928759d761adf61723feb7a9affc2b058cc9d5044831da66fcadd823e265ab1c
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
931e7ae800b3066e60fc60c7cbcd50a24487430821db127cac9ba0231a172c2b
93e43a00cd73303f914fe90d7be15dc032f4796891b571bf6cd9d9f36f4c91eb
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9d815528e2ed7985b63e839cbeb0b684e1fa8da87da3c1a0962b1eecfe437614
9fcb181721162ce0d395b7b9b1e5bb5ca82c5f79bde749d4d0467ec2e65fcb4a
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a46e75c69dd6aedc57752dae3c0871284866ff30f60d96d901313ab3d0a849e6
a46ed92667c2008572fe507f2650e820dfea2d192a7c46a150c94e5cc560a44b
a52bbdb7b132e850fdaf5740012fcc0bc3f6ef0be520bc4b987d8761d40d015a
a52cd993a8056f36d4149eee2d3526934fcb30ea07dd11e97f18a3c38ed983cb
a5d0b07c0a2ab31987cc081973636f62b6b625771d930e650cf72147f70b3420
a6453b0bf49115380414b0823f6b4c5e699b7d0ea86bd6ce1ca6aad56e24e394
a6a97c4046257c7e4e063c9f76434c7ce2c1f105e46b07424fabfc054f2d4d24
a7d4e6165ce4042167fcaaa0623eab885d6992458eb05c4fc74184cee79a9eb3
abfe43c323c4fd1dfabecdfff6aa005b8865d5f5dfa6eeb64bea435eed478bec
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad15e02b8d9bee31a51c502cff1977983fa2c8103b769db7ab097750f34016a9
ad2cc26b0fdde8f4eb637ed12b25364e85af0bfba227dad42cb997ff4ad23eeb
af479055d8ab71820312f479d3ae324f2ed82c2fc68ef07c5bf6843720dc046d
b13e8f56e638d96f185c3874dee84d41452c5026179e1b1260fa54cd32afe50f
b4e6efb587f3fdfb8155148201d0c51ac95d249a6727e8256acdfe624ade69af
b569dd28a56f53339cc04cc2e251dcfb426262bd7ad60ed44cc35da0dd3b2cc6
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b8ddfe2786718750e37a2a7d2841e4e6a110a1877e21a03675d47c591d4a7f03
ba0504cfd673e9fbf0bab2b70a67ac1bbea97891e12fc8cd3f94070f0c4898f8
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c13527e6600d478c3cd7ae449acd6813e1c7209a97c0334702ee8d1a999a3a93
c2b61a7c5b7861eb46842ccf373e2524d90d14034f5d56e92ad50f27756156b0
c2e606e1fc82ea3a554aad5d0520e25d2677b89a891dc5c49e7ace08fce92e25
c3e32d63e4418902f8403a5745a0b97a8c578eb8d6a463e8d883da910a21b4ce
c41517c93c6eb23ffc0a81503d8ed79cab09157c5f9b7b335d20bd974ed9a2a4
c7c47e54bf89bbcb460c6c2fe8ce6feaa5fb248944d700ed4134ea52824c084c
ca63193ce799e4e00c9106349365981dc6e26cb77632ebf5df23dffba2aaccfa
cabcba2fb0a11127afe1eba21cbdba800100f5a591ad7870aada8142379a955a
ccd911729403decd6e3b74702fdc4d2c1b1e3ecf35a147f7e5373669932cc708
cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a
cf126d092565c91c38831b0aa49000dd02c0f8160481d2f3969fbd6fdcba3c3d
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d4e61ea4aafc5da0b582e7e15077addf35379acc4b7b03df0128ed33ba589884
d6f36a088f7c6dc6459a02c048b23e2407bf38a5249ecbc9547be2fce143f63a
d9caf74ddfcf35efa3792e1464c27bd3753a45dee4a3f93bdd939438e337ce56
da819542692b3f1c2a667ba34eff3465a82d9756953a1446ab7d0772f9b1edd5
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
dfb8eb0e0b152ba0c88f5281a71fbe5261cb76485928bd90150d04c7aa4ff4d6
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb
e23cc6f324b85c89550c0f752799f5d05441b46cc301ec1e492c5347af641393
e2adf740376f608d5a3b6977b793a5e1c92c4de9e0a792921b8e24476e56c9ed
e38eb259db1bb15b109bf536821a63941324e3505bc281beef61773b3fcd6528
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e547fe50a764e43c4a31eee65d715869f35c7ad8d781584453561b87c4fcf7f3
e9fc9b1878db1b13b973252b048d19a17abb34a8da464a552c6d401728ed1e86
ec442600e3c090c1171e6d0aca38073cc048af3a7a301ec06bf933da6aa65c1b
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8
ed2491fc7526ff0b5cfec3fe6f4cf8153796520fc845b735286b0f42183da98a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efabba3678b85fcab831b778ea2ddaad1e2a1e952584d3566bc39b7ccb3429d9
f0169c64a3d3266916052f8ac73d4960e7148eb3886125300b00b3e8d2e50dc2
f17de407562ed5814892a1b44c6e349761f067cf6f2360ebe2aef4f03a5bea4e
f50dc78339a9052160c523d10e4412d402487375a296dccfd3b995174cd03e11
f575112df5398271c1f04b48a995ccc6e17d69730e37304078178d46781152da
f8869aa9427c07872b91f3bb5485a65a0e389302f54ad6fe1b684c59d97d154a
fa07bfad3039513f81cc0551de10a79c7c823bce84a5fbfba5a547f96479a367
fbf44047407fd1714993b1c5cebf5bf2b17915261b8c24ec8c70382b4d389ece
fe66ac5df69c78be7dfcf75943079129dbf24a254e89febc5a7e916d40de43bc
ff0f8a9d7c8d5afa884a52772752f76ab0abda9fdcd6bffc40da366ebb6369d8
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

blog.malwarebytes.com Open in urlscan Pro 130.211.198.3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

152 Requests

97 %HTTPS

48 %IPv6

33 Domains

48 Subdomains

40 IPs

3 Countries

1764 kBTransfer

3947 kBSize

44 Cookies

109 Outgoing links

Page URL History

Redirected requests

152 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

blog.malwarebytes.com Open in urlscan Pro
130.211.198.3 Public Scan

Screenshot
Live screenshot

Full Image

152
Requests

97 %
HTTPS

48 %
IPv6

33
Domains

48
Subdomains

40
IPs

3
Countries

1764 kB
Transfer

3947 kB
Size

44
Cookies

152 HTTP transactions
0 data transactions