URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Submission: On October 21 via api from CH

Summary

This website contacted 27 IPs in 7 countries across 27 domains to perform 108 HTTP transactions.
The main IP is 34.223.126.14, located in Boardman, United States and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is threatvector.cylance.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on June 12th 2019. Valid for: a year.
This is the first time this domain was scanned on urlscan.io!

Verdict: Unknown

Domain & IP information

IP Address AS Autonomous System
29 34.223.126.14 16509 (AMAZON-02)
11 2.18.232.23 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
2 104.16.93.80 13335 (CLOUDFLAR...)
2 151.139.237.11 33438 (HIGHWINDS2)
22 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 52.50.81.152 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
2 184.31.84.223 20940 (AKAMAI-ASN1)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 3 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 192.28.147.68 53580 (MARKETO)
2 2620:1ec:c11:... 8068 (MICROSOFT...)
5 93.184.220.178 15133 (EDGECAST)
1 52.49.100.189 16509 (AMAZON-02)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
2 172.217.18.162 15169 (GOOGLE)
1 143.204.101.110 16509 (AMAZON-02)
1 2 2a05:f500:11:... 14413 (LINKEDIN)
1 1 2a05:f500:10:... 14413 (LINKEDIN)
2 2a00:1450:400... 15169 (GOOGLE)
1 143.204.101.109 16509 (AMAZON-02)
2 2 52.211.150.253 16509 (AMAZON-02)
1 2 143.204.101.119 16509 (AMAZON-02)
1 4 2.18.233.40 16625 (AKAMAI-AS)
2 54.72.18.228 16509 (AMAZON-02)
108 27
Domain
Subdomains
Transfer
29 cylance.com
456 KB
22 scene7.com
s7d2.scene7.com Failed
1 MB
11 adobedtm.com
65 KB
6 adroll.com
38 KB
5 bizible.com
34 KB
4 gstatic.com
49 KB
3 company-target.com
2 KB
3 linkedin.com
2 KB
3 google.de
700 B
3 google.com
793 B
3 doubleclick.net
3 KB
2 bidr.io
752 B
2 googleadservices.com
19 KB
2 bing.com
8 KB
2 marketo.net
6 KB
2 google-analytics.com
18 KB
2 rawgit.com
5 KB
2 marketo.com
58 KB
1 demandbase.com
15 KB
1 licdn.com
2 KB
1 omtrdc.net
396 B
1 mktoresp.com
303 B
1 ytimg.com
9 KB
1 youtube.com
1 KB
1 demdex.net
cylance.demdex.net Failed
1 KB
1 fonts.googleapis.com
558 B
0 everesttech.net Failed
cm.everesttech.net Failed
0 B
108 27
Domain Requested by
29 threatvector.cylance.com threatvector.cylance.com
www.google-analytics.com
22 s7d2.scene7.com threatvector.cylance.com
11 assets.adobedtm.com threatvector.cylance.com
5 cdn.bizible.com threatvector.cylance.com
cdn.bizible.com
4 s.adroll.com 1 redirects threatvector.cylance.com
4 fonts.gstatic.com app-sj16.marketo.com
threatvector.cylance.com
3 www.google.de threatvector.cylance.com
3 www.google.com 1 redirects threatvector.cylance.com
2 d.adroll.com threatvector.cylance.com
2 segments.company-target.com 1 redirects threatvector.cylance.com
2 match.prod.bidr.io 2 redirects
2 googleads.g.doubleclick.net threatvector.cylance.com
2 px.ads.linkedin.com 1 redirects threatvector.cylance.com
2 www.googleadservices.com threatvector.cylance.com
assets.adobedtm.com
2 bat.bing.com threatvector.cylance.com
2 munchkin.marketo.net threatvector.cylance.com
munchkin.marketo.net
2 www.google-analytics.com 1 redirects threatvector.cylance.com
2 cdn.rawgit.com threatvector.cylance.com
2 app-sj16.marketo.com threatvector.cylance.com
app-sj16.marketo.com
1 api.company-target.com threatvector.cylance.com
1 www.linkedin.com 1 redirects
1 tag.demandbase.com threatvector.cylance.com
1 snap.licdn.com threatvector.cylance.com
1 cylance.sc.omtrdc.net threatvector.cylance.com
1 524-dom-989.mktoresp.com threatvector.cylance.com
1 s.ytimg.com www.youtube.com
1 stats.g.doubleclick.net 1 redirects
1 www.youtube.com threatvector.cylance.com
1 dpm.demdex.net threatvector.cylance.com
1 fonts.googleapis.com threatvector.cylance.com
0 cm.everesttech.net Failed threatvector.cylance.com
0 cylance.demdex.net Failed threatvector.cylance.com
108 32
Subject / Issuer Validity Valid
*.cylance.com
DigiCert SHA2 Secure Server CA
2019-06-12 -
2020-09-18
a year
assets.adobedtm.com
DigiCert SHA2 High Assurance Server CA
2019-09-27 -
2021-10-01
2 years
*.googleapis.com
GTS CA 1O1
2019-10-03 -
2019-12-26
3 months
app-sj16.marketo.com
CloudFlare Inc ECC CA-2
2019-02-22 -
2020-02-22
a year
rawgit.com
COMODO RSA Domain Validation Secure Server CA
2018-12-29 -
2020-01-13
a year
*.scene7.com
DigiCert SHA2 Secure Server CA
2019-01-02 -
2020-03-02
a year
*.demdex.net
DigiCert SHA2 High Assurance Server CA
2018-01-09 -
2021-02-12
3 years
*.google-analytics.com
GTS CA 1O1
2019-10-03 -
2019-12-26
3 months
*.google.com
GTS CA 1O1
2019-10-03 -
2019-12-26
3 months
*.marketo.net
DigiCert SHA2 Secure Server CA
2018-12-24 -
2020-03-24
a year
www.google.de
GTS CA 1O1
2019-10-03 -
2019-12-26
3 months
*.mktoresp.com
GeoTrust RSA CA 2018
2018-02-05 -
2020-02-05
2 years
www.bing.com
Microsoft IT TLS CA 2
2019-04-30 -
2021-04-30
2 years
cdn.bizible.com
Go Daddy Secure Certificate Authority - G2
2019-03-14 -
2021-04-13
2 years
*.sc.omtrdc.net
DigiCert SHA2 High Assurance Server CA
2019-04-23 -
2020-04-14
a year
*.licdn.com
DigiCert SHA2 Secure Server CA
2019-04-01 -
2021-05-07
2 years
www.googleadservices.com
GTS CA 1O1
2019-10-03 -
2019-12-26
3 months
*.demandbase.com
Go Daddy Secure Certificate Authority - G2
2018-09-20 -
2020-11-19
2 years
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA
2019-05-29 -
2021-06-29
2 years
*.g.doubleclick.net
GTS CA 1O1
2019-10-03 -
2019-12-26
3 months
*.company-target.com
Go Daddy Secure Certificate Authority - G2
2019-06-19 -
2021-08-18
2 years
www.google.com
GTS CA 1O1
2019-10-03 -
2019-12-26
3 months
*.adroll.com
DigiCert SHA2 Secure Server CA
2018-12-19 -
2020-03-19
a year

Screenshot


Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • script /\/etc.clientlibs\//i

Web
Overall confidence: 100%
Detected patterns
  • script /\/etc.clientlibs\//i

Web
Overall confidence: 100%
Detected patterns
  • html /<link[^>]+foundation[^>"]+css/i

Web
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Web
Overall confidence: 100%
Detected patterns
  • script /(?:a|s)\.adroll\.com/i

Web
Overall confidence: 100%
Detected patterns
  • script /\/\/assets.adobedtm.com\//i

Web
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Web
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Web
Overall confidence: 100%
Detected patterns
  • script /munchkin\.marketo\.net\/munchkin\.js/i

Web
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i


Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

108 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Cookie set pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
/en_us/home
95 KB
22 KB
Document
General
Full URL
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
694724ac2461fc9a4a73b98d4e8505a5639a982e20994726683843764a91ee94
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
threatvector.cylance.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

Accept-Ranges
bytes
Cache-control
no-cache="set-cookie"
Content-Encoding
gzip
Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Type
text/html;charset=utf-8
Date
Mon, 21 Oct 2019 21:19:05 GMT
ETag
"17d92-5956fa2c188ba-gzip"
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Last-Modified
Mon, 21 Oct 2019 18:13:08 GMT
Referrer-Policy
no-referrer-when-downgrade
Server
Apache
Set-Cookie
AWSELB=4D0BDD9F0A163D48ECFEF400CB706ACF82CD0195C8103937592FB679C084F1DB4FBF9937A7A4381BCD335FA13A79BACAFDE223CF13FD25873C7A2BC0E5C1F5ABCE7C0F7EBB;PATH=/;MAX-AGE=900
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Vary
Accept-Encoding,User-Agent
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
Content-Length
21541
Connection
keep-alive
main.731db1757391070f3ea2ead82acaf408.css
/etc.clientlibs/foundation/clientlibs
12 KB
3 KB
Stylesheet
General
Full URL
https://threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/main.731db1757391070f3ea2ead82acaf408.css
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
d4e42e78d5938248bc7eeac03bfacee8cd2a392daa3885637a7899ca4fb30e3c
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
ETag
"2eda-591e576e7e300-gzip"
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Length
2403
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:52 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Date
Mon, 21 Oct 2019 21:19:05 GMT
Vary
Accept-Encoding,User-Agent
Content-Type
text/css;charset=utf-8
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
jquery.5e8d3382f82b03b0bf3fea3024eecd61.js
/etc.clientlibs/clientlibs/granite
288 KB
87 KB
Script
General
Full URL
https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery.5e8d3382f82b03b0bf3fea3024eecd61.js
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
45e2f85e3aab6c36988703f5cc06444289bb795a25736b74975073c98de18498
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
ETag
"47f04-591e576e7e300-gzip"
transfer-encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubdomains;
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:52 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Date
Mon, 21 Oct 2019 21:19:06 GMT
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript;charset=utf-8
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
utils.7a49486e1c734bd5d7fd0c1c68c83d9b.js
/etc.clientlibs/clientlibs/granite
47 KB
11 KB
Script
General
Full URL
https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/utils.7a49486e1c734bd5d7fd0c1c68c83d9b.js
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
e35896fcd15b2238b1b5e2d4fbbd2b287f57dbbded51ab1a2217c38ce6a51d2f
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
ETag
"bcc7-591e576e7e300-gzip"
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Length
10676
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:52 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Date
Mon, 21 Oct 2019 21:19:06 GMT
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript;charset=utf-8
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
granite.ed0d934d509c9dab702088c125c92b4f.js
/etc.clientlibs/clientlibs/granite/jquery
10 KB
4 KB
Script
General
Full URL
https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
fe7b1fa106b52fd3b7a72421171503eee8ec0c911d495be3ce168f76ed7cc8b1
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
ETag
"28d6-591e576e7e300-gzip"
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Length
2974
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:52 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Date
Mon, 21 Oct 2019 21:19:06 GMT
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript;charset=utf-8
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
jquery.26df26a88f9f71ceabb6a15e7cb9c550.js
/etc.clientlibs/foundation/clientlibs
471 B
1 KB
Script
General
Full URL
https://threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/jquery.26df26a88f9f71ceabb6a15e7cb9c550.js
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
2afa0193eebc6dcba6256c02ba126cd809b278a8c271ba1344af1d54520fb173
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
ETag
"1d7-591e576e7e300-gzip"
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Length
316
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:52 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Date
Mon, 21 Oct 2019 21:19:06 GMT
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript;charset=utf-8
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
shared.06a50b23d97647c86982b7801a20508a.js
/etc.clientlibs/foundation/clientlibs
98 KB
19 KB
Script
General
Full URL
https://threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/shared.06a50b23d97647c86982b7801a20508a.js
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
1cac386a226657759d39c04b26768f03915090f0f1a5b4e6ca815d7478228159
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
ETag
"18868-591e576e7e300-gzip"
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Length
18634
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:52 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Date
Mon, 21 Oct 2019 21:19:06 GMT
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript;charset=utf-8
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
main.e2198d73b3e90f0b787085da720eb46e.js
/etc.clientlibs/foundation/clientlibs
22 KB
7 KB
Script
General
Full URL
https://threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/main.e2198d73b3e90f0b787085da720eb46e.js
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
f6281f4fc0c8b4cd0ecb0cf382c080d9e5f01b58c816d5f071969f3734465fc6
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
ETag
"5963-591e576e7e300-gzip"
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Length
6275
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:52 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Date
Mon, 21 Oct 2019 21:19:06 GMT
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript;charset=utf-8
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
cylance-blogs.css
/etc/designs
0
756 B
Stylesheet
General
Full URL
https://threatvector.cylance.com/etc/designs/cylance-blogs.css
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Wed, 18 Oct 2017 04:24:09 GMT
Server
Apache
Date
Mon, 21 Oct 2019 21:19:05 GMT
X-Frame-Options
SAMEORIGIN, SAMEORIGIN
Content-Type
text/css;charset=utf-8
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Vary
User-Agent
Content-Length
0
X-XSS-Protection
1; mode=block
main.d6fc6f0b35c968dde40b02af38f21447.css
/etc/clientlibs/cylance-blogs
154 KB
26 KB
Stylesheet
General
Full URL
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
ce11c18967ab30115878af2f6c6dc88fce05dbda48df9cea5a7abf9fb311ef5f
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
ETag
"2685c-591e576e7e300-gzip"
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Length
25287
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:52 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Date
Mon, 21 Oct 2019 21:19:06 GMT
Vary
Accept-Encoding,User-Agent
Content-Type
text/css;charset=utf-8
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
dependencies.d41d8cd98f00b204e9800998ecf8427e.css
/etc/clientlibs/cylance-blogs
0
774 B
Stylesheet
General
Full URL
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/dependencies.d41d8cd98f00b204e9800998ecf8427e.css
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
ETag
"0-591e576e7e300"
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Length
0
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:52 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Date
Mon, 21 Oct 2019 21:19:06 GMT
Vary
User-Agent
Content-Type
text/css;charset=utf-8
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
launch-EN9a198e584a4641e5a638d027ddddb3cf.min.js
assets.adobedtm.com
149 KB
46 KB
Script
General
Full URL
https://assets.adobedtm.com/launch-EN9a198e584a4641e5a638d027ddddb3cf.min.js
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7fbbeba68616ec3cd21955086a765a1c74d81b3f2772babba4f8f9719adb2d5c

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:05 GMT
content-encoding
gzip
last-modified
Thu, 13 Jun 2019 21:17:25 GMT
server
Apache
etag
"5aebb26c4d05b067a5277a6a715dfbac:1560460645"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 21 Oct 2019 22:19:05 GMT
css?family=Titillium+Web:200,300,400,600
fonts.googleapis.com
3 KB
558 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Titillium+Web:200,300,400,600
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
e85d93603219c7af97e29b183b6f22d04991b9b01c4a79ae824e62ea7aa809b5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Mon, 21 Oct 2019 21:19:05 GMT
server
ESF
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
status
200
date
Mon, 21 Oct 2019 21:19:05 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection
0
expires
Mon, 21 Oct 2019 21:19:05 GMT
forms2.min.js
app-sj16.marketo.com/js/forms2/js
169 KB
58 KB
Script
General
Full URL
https://app-sj16.marketo.com/js/forms2/js/forms2.min.js
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.93.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
321bbcc4cc57483b7e329186e5159498b668ddde87cb64696ddcdc95176cce82
Security Headers
Name Value
Strict-Transport-Security max-age=63113904
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
3756
status
200
vary
Accept-Encoding
last-modified
Wed, 25 Sep 2019 18:55:06 GMT
server
cloudflare
etag
"18610b5-2a536-5936530f69680"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63113904
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=14400
cf-ray
5296448dabf9dfa5-FRA
expires
Tue, 22 Oct 2019 01:19:05 GMT
featherlight.min.css
cdn.rawgit.com/noelboss/featherlight/1.7.9/release
2 KB
1 KB
Stylesheet
General
Full URL
https://cdn.rawgit.com/noelboss/featherlight/1.7.9/release/featherlight.min.css
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.237.11 Dallas, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
96904bcac47ca5d98b664970580ea473e1e6a6b285c87e8cb3caa2f1928e7219
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
NetDNA-cache/2.2
status
200
etag
W/"817cdef4a8ec3dc545361453f69e4209a3c4d809"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315569000, immutable
strict-transport-security
max-age=31536000; preload
x-robots-tag
none
rawgit-cache-status
HIT
fig1-pcshare?&wid=395&fit=constrain,1
s7d2.scene7.com/is/image/cylance
15 KB
15 KB
Image
General
Full URL
https://s7d2.scene7.com/is/image/cylance/fig1-pcshare?&wid=395&fit=constrain,1
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:288::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Unknown /
Resource Hash
13b235252eea80ce031a71d6a5659aedede897ac505a1f36f3d2b248ccb8fea4

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:05 GMT
last-modified
Tue, 17 Sep 2019 03:44:42 GMT
server
Unknown
etag
"5574247003a2a41b21c8805c1ce8f749"
status
200
content-type
image/jpeg
access-control-allow-origin
*
content-length
14905
expires
Tue, 22 Oct 2019 02:45:19 GMT
fig3-pcshare?&wid=910&fit=constrain,1
s7d2.scene7.com/is/image/cylance
85 KB
85 KB
Image
General
Full URL
https://s7d2.scene7.com/is/image/cylance/fig3-pcshare?&wid=910&fit=constrain,1
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:288::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Unknown /
Resource Hash
e4bd40934761d3891a22d90f13cfe6f775442fcf13b83eac829b9024a06f335e

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
last-modified
Tue, 17 Sep 2019 03:25:54 GMT
server
Unknown
etag
"9905931f0be4a98222c6f87b180d1a3b"
status
200
content-type
image/jpeg
access-control-allow-origin
*
content-length
86997
expires
Mon, 21 Oct 2019 18:15:43 GMT
fig4-pcshare?&wid=592&fit=constrain,1
s7d2.scene7.com/is/image/cylance
9 KB
9 KB
Image
General
Full URL
https://s7d2.scene7.com/is/image/cylance/fig4-pcshare?&wid=592&fit=constrain,1
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:288::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Unknown /
Resource Hash
f45499152558d17dbdd39c09d27111ed0fad9af5dbd30e6351c1b1390807ed4c

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
last-modified
Tue, 17 Sep 2019 03:25:41 GMT
server
Unknown
etag
"bc9dadf0c815e580b53b60ae46bec03e"
status
200
content-type
image/jpeg
access-control-allow-origin
*
content-length
9296
expires
Mon, 21 Oct 2019 18:15:43 GMT
fig5-pcshare?&wid=913&fit=constrain,1
s7d2.scene7.com/is/image/cylance
42 KB
43 KB
Image
General
Full URL
https://s7d2.scene7.com/is/image/cylance/fig5-pcshare?&wid=913&fit=constrain,1
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:288::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Unknown /
Resource Hash
efea95a7162c97d70422b3958968b09abaf078e42a8893c556aabb18fb69a173

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
last-modified
Tue, 17 Sep 2019 03:26:47 GMT
server
Unknown
etag
"0466a86c2177884a9e2fd01937d8579f"
status
200
content-type
image/jpeg
access-control-allow-origin
*
content-length
43440
expires
Tue, 22 Oct 2019 03:32:20 GMT
fig6-pcshare?&wid=910&fit=constrain,1
s7d2.scene7.com/is/image/cylance
38 KB
38 KB
Image
General
Full URL
https://s7d2.scene7.com/is/image/cylance/fig6-pcshare?&wid=910&fit=constrain,1
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:288::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Unknown /
Resource Hash
950534a2baee28ee099bcba9f0bcb3d92e2be367cce585df5d5fcedf9ab6e145

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
last-modified
Tue, 17 Sep 2019 03:27:12 GMT
server
Unknown
etag
"4af87a64f4613a5d3ae4495d437c8be4"
status
200
content-type
image/jpeg
access-control-allow-origin
*
content-length
38591
expires
Tue, 22 Oct 2019 03:32:20 GMT
fig7-pcshare?&wid=910&fit=constrain,1
s7d2.scene7.com/is/image/cylance
74 KB
75 KB
Image
General
Full URL
https://s7d2.scene7.com/is/image/cylance/fig7-pcshare?&wid=910&fit=constrain,1
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:288::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Unknown /
Resource Hash
3bd7c88770e3f1efd6e82edee52063f87525895622ec5f3d29d906811c76f8ae

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
last-modified
Tue, 17 Sep 2019 03:28:18 GMT
server
Unknown
etag
"3ff57b813e1d2515c740ac9b1f6e5558"
status
200
content-type
image/jpeg
access-control-allow-origin
*
content-length
76130
expires
Mon, 21 Oct 2019 18:15:43 GMT
fig8-pcshare?&wid=910&fit=constrain,1
s7d2.scene7.com/is/image/cylance
67 KB
67 KB
Image
General
Full URL
https://s7d2.scene7.com/is/image/cylance/fig8-pcshare?&wid=910&fit=constrain,1
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:288::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Unknown /
Resource Hash
d1fa48428b323e4e31098ab8f5209845ac0fb786b48b16d8a4e62fed5ee39872

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
last-modified
Tue, 17 Sep 2019 03:29:01 GMT
server
Unknown
etag
"b45ce545109d9d08f194089a759369ec"
status
200
content-type
image/jpeg
access-control-allow-origin
*
content-length
68555
expires
Tue, 22 Oct 2019 03:32:20 GMT
fig9-pcshare?&wid=911&fit=constrain,1
s7d2.scene7.com/is/image/cylance
73 KB
73 KB
Image
General
Full URL
https://s7d2.scene7.com/is/image/cylance/fig9-pcshare?&wid=911&fit=constrain,1
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:288::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Unknown /
Resource Hash
5b845dc5c1008ab2b0c6b9ece13571a94baca13a2e490d3f546fc7bbd823c951

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
last-modified
Tue, 17 Sep 2019 03:29:28 GMT
server
Unknown
etag
"2bddc2f8e87991b9bab5e5d3fe294e88"
status
200
content-type
image/jpeg
access-control-allow-origin
*
content-length
74467
expires
Tue, 22 Oct 2019 03:58:08 GMT
fig10-pcshare?&wid=902&fit=constrain,1
s7d2.scene7.com/is/image/cylance
41 KB
41 KB
Image
General
Full URL
https://s7d2.scene7.com/is/image/cylance/fig10-pcshare?&wid=902&fit=constrain,1
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:288::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Unknown /
Resource Hash
6d94949a6909c1d98fd9c2a72b89dae1731a548580815e7d62e48f1b98b6c6a3

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
last-modified
Wed, 25 Sep 2019 17:13:09 GMT
server
Unknown
etag
"6e986e868d72e292f098f3575d877395"
status
200
content-type
image/jpeg
access-control-allow-origin
*
content-length
41983
expires
Tue, 22 Oct 2019 03:32:20 GMT
fig11-pcshare?&wid=911&fit=constrain,1
s7d2.scene7.com/is/image/cylance
95 KB
96 KB
Image
General
Full URL
https://s7d2.scene7.com/is/image/cylance/fig11-pcshare?&wid=911&fit=constrain,1
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:288::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Unknown /
Resource Hash
a88e68c61dc64fdc28fc83b5fdb005899e431aa0876309fe6fd3492b0ea35c36

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
last-modified
Tue, 17 Sep 2019 03:30:37 GMT
server
Unknown
etag
"e75f44b94365caf683821dfd3a0d034a"
status
200
content-type
image/jpeg
access-control-allow-origin
*
content-length
97416
expires
Tue, 22 Oct 2019 03:32:20 GMT
fig12-pcshare?&wid=914&fit=constrain,1
s7d2.scene7.com/is/image/cylance
66 KB
66 KB
Image
General
Full URL
https://s7d2.scene7.com/is/image/cylance/fig12-pcshare?&wid=914&fit=constrain,1
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:288::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Unknown /
Resource Hash
8998d02514181e175a6396b2f64315c5c6bc6f841df0ac4da0a0d1c540f2b5cd

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
last-modified
Tue, 17 Sep 2019 03:31:26 GMT
server
Unknown
etag
"3910b3c510f3178bdf739dba4cbd942d"
status
200
content-type
image/jpeg
access-control-allow-origin
*
content-length
67755
expires
Tue, 22 Oct 2019 03:32:20 GMT
fig13-pcshare?&wid=915&fit=constrain,1
s7d2.scene7.com/is/image/cylance
74 KB
74 KB
Image
General
Full URL
https://s7d2.scene7.com/is/image/cylance/fig13-pcshare?&wid=915&fit=constrain,1
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:288::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Unknown /
Resource Hash
e187051c75e35e69552cfaccb8171ed4c368f4694a8dda8f5f9ce719d94245c5

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
last-modified
Tue, 17 Sep 2019 03:31:52 GMT
server
Unknown
etag
"a958d042b63f97ac6402d395ba8d025a"
status
200
content-type
image/jpeg
access-control-allow-origin
*
content-length
75559
expires
Tue, 22 Oct 2019 03:32:20 GMT
fig14-pcshare?&wid=955&fit=constrain,1
s7d2.scene7.com/is/image/cylance
45 KB
45 KB
Image
General
Full URL
https://s7d2.scene7.com/is/image/cylance/fig14-pcshare?&wid=955&fit=constrain,1
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:288::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Unknown /
Resource Hash
4702a838cd03a5c4a9332d3cd9770a9b6705fbdcf298452a0fd753b8462e7d23

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
last-modified
Tue, 17 Sep 2019 03:32:40 GMT
server
Unknown
etag
"1c5862778481088a818ddbad55ea3cd7"
status
200
content-type
image/jpeg
access-control-allow-origin
*
content-length
45710
expires
Mon, 21 Oct 2019 18:15:43 GMT
fig15-pcshare?&wid=460&fit=constrain,1
s7d2.scene7.com/is/image/cylance
35 KB
36 KB
Image
General
Full URL
https://s7d2.scene7.com/is/image/cylance/fig15-pcshare?&wid=460&fit=constrain,1
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:288::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Unknown /
Resource Hash
a93e0803827e14d153cc327d1799270a95bbcb7cd6f25ef9cf4a818c0c1ccd7c

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
last-modified
Tue, 17 Sep 2019 03:33:01 GMT
server
Unknown
etag
"32645223c29b4ecf49339c4f3c3facb9"
status
200
content-type
image/jpeg
access-control-allow-origin
*
content-length
36220
expires
Tue, 22 Oct 2019 03:32:20 GMT
fig16-pcshare?&wid=913&fit=constrain,1
s7d2.scene7.com/is/image/cylance
148 KB
149 KB
Image
General
Full URL
https://s7d2.scene7.com/is/image/cylance/fig16-pcshare?&wid=913&fit=constrain,1
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:288::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Unknown /
Resource Hash
3099ac17e82f99eca527fc7d510ef269f8b76cb9eb0388c54a3a9f2b79e16c83

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
last-modified
Tue, 17 Sep 2019 03:33:49 GMT
server
Unknown
etag
"3af33205d0583f2ea55a8c416d4a89e4"
status
200
content-type
image/jpeg
access-control-allow-origin
*
content-length
151643
expires
Tue, 22 Oct 2019 03:32:20 GMT
fig17-pcshare?&wid=917&fit=constrain,1
s7d2.scene7.com/is/image/cylance
96 KB
97 KB
Image
General
Full URL
https://s7d2.scene7.com/is/image/cylance/fig17-pcshare?&wid=917&fit=constrain,1
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:288::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Unknown /
Resource Hash
668b0b08f7ed00de790f28414f61cd11469ede4d2686a4f54c2d4243db5bdb9f

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
last-modified
Tue, 17 Sep 2019 03:34:10 GMT
server
Unknown
etag
"87e397fb5faf654dd4a17f3133ebe76b"
status
200
content-type
image/jpeg
access-control-allow-origin
*
content-length
98597
expires
Tue, 22 Oct 2019 03:58:08 GMT
fig18-pcshare?&wid=1100&fit=constrain,1
s7d2.scene7.com/is/image/cylance
73 KB
73 KB
Image
General
Full URL
https://s7d2.scene7.com/is/image/cylance/fig18-pcshare?&wid=1100&fit=constrain,1
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:288::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Unknown /
Resource Hash
3304641d4b193108b0729575226a653186c51120f21568ff2cd78a2880a543b4

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
last-modified
Tue, 17 Sep 2019 03:35:13 GMT
server
Unknown
etag
"1459d7dc789fa59724ca94b5f387971f"
status
200
content-type
image/jpeg
access-control-allow-origin
*
content-length
74473
expires
Tue, 22 Oct 2019 03:32:20 GMT
author_thumbnail_default.jpg
/etc/clientlibs/cylance-blogs/main/images/placeholder
2 KB
3 KB
Image
General
Full URL
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/placeholder/author_thumbnail_default.jpg
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
2d9245daf2dcc8739b68091fc3afea1e48c3add85f07d57e551a2ab7a714853e
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 21 Oct 2019 21:19:06 GMT
Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:53 GMT
Server
Apache
ETag
"8d7-591e576f72540"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Accept-Ranges
bytes
Content-Length
2263
X-XSS-Protection
1; mode=block
Cylance_BB_Logo_RGB_Horz_Black.png
/content/dam/cylance-blog/en_us/logos
19 KB
19 KB
Image
General
Full URL
https://threatvector.cylance.com/content/dam/cylance-blog/en_us/logos/Cylance_BB_Logo_RGB_Horz_Black.png
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
eb2deec7e5394e29e51ff83e920f1ce3c092ae5c63b711a4b755b9861a8bc6cd
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:53 GMT
Server
Apache
ETag
"4aaf-591e576f72540"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
X-XSS-Protection
1; mode=block
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Accept-Ranges
bytes
Content-Length
19119
Date
Mon, 21 Oct 2019 21:19:06 GMT
dependencies.a089e038f1a299472aab3599efb8d481.js
/etc/clientlibs/cylance-blogs
668 KB
158 KB
Script
General
Full URL
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/dependencies.a089e038f1a299472aab3599efb8d481.js
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
adc2c8e679ffd8f0cbc9270749db4f687b9201280b2913c2817f230584ea4e1d
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
ETag
"a70c1-591e576e7e300-gzip"
transfer-encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubdomains;
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:52 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Date
Mon, 21 Oct 2019 21:19:06 GMT
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript;charset=utf-8
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
main.97c9aac6ee7df8531607278a78c5c231.js
/etc/clientlibs/cylance-blogs
236 KB
63 KB
Script
General
Full URL
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.97c9aac6ee7df8531607278a78c5c231.js
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
1017b2b6551aca43896313770d3c3041d58cee227ce35861c60ef0a10dc38c64
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
ETag
"3b09d-591e576e7e300-gzip"
transfer-encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubdomains;
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:52 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Date
Mon, 21 Oct 2019 21:19:06 GMT
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript;charset=utf-8
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
featherlight.min.js
cdn.rawgit.com/noelboss/featherlight/1.7.9/release
9 KB
4 KB
Script
General
Full URL
https://cdn.rawgit.com/noelboss/featherlight/1.7.9/release/featherlight.min.js
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.237.11 Dallas, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
0e41a843709f19f5327078ad0e4fca7ff8485d280f2458c15b555957a0e646cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
NetDNA-cache/2.2
status
200
etag
W/"2f5a26ba5509a7f0235bf1f53ed375289bfc91bd"
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315569000, immutable
strict-transport-security
max-age=31536000; preload
x-robots-tag
none
rawgit-cache-status
HIT
token.json
/libs/granite/csrf
2 B
763 B
XHR
General
Full URL
https://threatvector.cylance.com/libs/granite/csrf/token.json
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Referrer-Policy
no-referrer-when-downgrade
Server
Apache
Date
Mon, 21 Oct 2019 21:19:06 GMT
X-Frame-Options
SAMEORIGIN, SAMEORIGIN
Connection
keep-alive
Content-Type
application/json;charset=iso-8859-1
Cache-Control
no-cache
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Vary
User-Agent
Content-Length
2
X-XSS-Protection
1; mode=block
Expires
-1
id?d_visid_ver=4.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=2297E09A576BB9677F000101%40AdobeOrg&d_nsid=0&ts=1571692746649
dpm.demdex.net
366 B
1 KB
XHR
General
Full URL
https://dpm.demdex.net/id?d_visid_ver=4.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=2297E09A576BB9677F000101%40AdobeOrg&d_nsid=0&ts=1571692746649
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.50.81.152 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-50-81-152.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
b9240d0b0f92657b90a6ba2f5f19502560c4110f38d05e6e966afa2168aebbce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Sec-Fetch-Mode
cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-v048-0b64978ef.edge-irl1.demdex.com 5.61.0.20191015084456 3ms (+1ms)
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-TID
Mmo2XpIFS88=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://threatvector.cylance.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
302
Expires
Thu, 01 Jan 1970 00:00:00 GMT
AppMeasurement.min.js
assets.adobedtm.com/extensions/EP4c3fcccffd524251ae198bf677f3b6e9
34 KB
13 KB
Script
General
Full URL
https://assets.adobedtm.com/extensions/EP4c3fcccffd524251ae198bf677f3b6e9/AppMeasurement.min.js
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7848472b4e994bcd2cb522201f6c123b50c4b37e5aab979ac50db3244eb894d5

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
content-encoding
gzip
last-modified
Mon, 15 Apr 2019 20:43:53 GMT
server
Apache
etag
"f005ac758d3bc63fa30fe4a4bd80448d:1555361033"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
12786
expires
Mon, 21 Oct 2019 22:19:06 GMT
analytics.js
www.google-analytics.com
43 KB
17 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 17:22:41 GMT
server
Golfe2
age
5097
date
Mon, 21 Oct 2019 19:54:09 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
17803
expires
Mon, 21 Oct 2019 21:54:09 GMT
NaPecZTIAOhVxoMyOr9n_E7fdMPmDaZRbrw.woff2
fonts.gstatic.com/s/titilliumweb/v8
12 KB
12 KB
Font
General
Full URL
https://fonts.gstatic.com/s/titilliumweb/v8/NaPecZTIAOhVxoMyOr9n_E7fdMPmDaZRbrw.woff2
Requested by
Host: app-sj16.marketo.com
URL: https://app-sj16.marketo.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
dd1dad45fd0dd168ad46427307aa8a206b857b783ca3afbcfe2bc8b8724acec0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
cors
Referer
https://fonts.googleapis.com/css?family=Titillium+Web:200,300,400,600
Origin
https://threatvector.cylance.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 16 Oct 2019 03:31:22 GMT
x-content-type-options
nosniff
last-modified
Mon, 22 Jul 2019 19:24:34 GMT
server
sffe
age
496064
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
12344
x-xss-protection
0
expires
Thu, 15 Oct 2020 03:31:22 GMT
NaPDcZTIAOhVxoMyOr9n_E7ffGjEGItzY5abuWI.woff2
fonts.gstatic.com/s/titilliumweb/v8
12 KB
12 KB
Font
General
Full URL
https://fonts.gstatic.com/s/titilliumweb/v8/NaPDcZTIAOhVxoMyOr9n_E7ffGjEGItzY5abuWI.woff2
Requested by
Host: app-sj16.marketo.com
URL: https://app-sj16.marketo.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
0e23b84d6736b1645a695282788cee2070cd3f5cd2c5c2e31ea0b44a942294c2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
cors
Referer
https://fonts.googleapis.com/css?family=Titillium+Web:200,300,400,600
Origin
https://threatvector.cylance.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 08 Oct 2019 20:51:47 GMT
x-content-type-options
nosniff
last-modified
Mon, 22 Jul 2019 19:18:52 GMT
server
sffe
age
1124839
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
12524
x-xss-protection
0
expires
Wed, 07 Oct 2020 20:51:47 GMT
mainLogo_rgb_h_white.png
/etc/clientlibs/cylance-blogs/main/images/branding
10 KB
11 KB
Image
General
Full URL
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/branding/mainLogo_rgb_h_white.png
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
09bc1009eb3d9cbc800e4933a407c81b1920be72f28254baff513ee8f422f5b0
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 21 Oct 2019 21:19:06 GMT
Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:53 GMT
Server
Apache
ETag
"2808-591e576f72540"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Accept-Ranges
bytes
Content-Length
10248
X-XSS-Protection
1; mode=block
main_search_close.svg
/etc/clientlibs/cylance-blogs/main/images/icons
938 B
1 KB
Image
General
Full URL
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/main_search_close.svg
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
9913bba300e77cd7898ce5a11558bf789fd15cb686107a10a648109117816be1
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
ETag
"3aa-591e576f72540-gzip"
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Length
491
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:53 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Date
Mon, 21 Oct 2019 21:19:06 GMT
Vary
Accept-Encoding,User-Agent
Content-Type
image/svg+xml
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
main_search_icon.svg
/etc/clientlibs/cylance-blogs/main/images/icons
1 KB
1 KB
Image
General
Full URL
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/main_search_icon.svg
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
26ae4b0eb488fa35fca8b199e05b5b5236192cf04a2fa5a91ba6c5c4d5ffc06d
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
ETag
"594-591e576f72540-gzip"
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Length
693
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:53 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Date
Mon, 21 Oct 2019 21:19:06 GMT
Vary
Accept-Encoding,User-Agent
Content-Type
image/svg+xml
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
092519-pcshare-fakenarrator-2-lrg?&wid=1280&fit=constrain,1
s7d2.scene7.com/is/image/cylance
78 KB
78 KB
Image
General
Full URL
https://s7d2.scene7.com/is/image/cylance/092519-pcshare-fakenarrator-2-lrg?&wid=1280&fit=constrain,1
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:288::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Unknown /
Resource Hash
65ddcb15af483433f9618ae7406a7646158a6628a3d2512715187cbb11526029

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
last-modified
Tue, 24 Sep 2019 20:33:42 GMT
server
Unknown
etag
"59730464556be4457735f2629866e268"
status
200
content-type
image/jpeg
access-control-allow-origin
*
content-length
79774
expires
Mon, 21 Oct 2019 18:15:43 GMT
NaPDcZTIAOhVxoMyOr9n_E7ffAzHGItzY5abuWI.woff2
fonts.gstatic.com/s/titilliumweb/v8
12 KB
12 KB
Font
General
Full URL
https://fonts.gstatic.com/s/titilliumweb/v8/NaPDcZTIAOhVxoMyOr9n_E7ffAzHGItzY5abuWI.woff2
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
f17a340f0388383e8d2a70632006d51e5d0e95f60f1cca3f774bd78b5d3dcd07
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
cors
Referer
https://fonts.googleapis.com/css?family=Titillium+Web:200,300,400,600
Origin
https://threatvector.cylance.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 16 Oct 2019 05:49:33 GMT
x-content-type-options
nosniff
last-modified
Mon, 22 Jul 2019 19:25:18 GMT
server
sffe
age
487773
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
12260
x-xss-protection
0
expires
Thu, 15 Oct 2020 05:49:33 GMT
NaPDcZTIAOhVxoMyOr9n_E7ffBzCGItzY5abuWI.woff2
fonts.gstatic.com/s/titilliumweb/v8
12 KB
12 KB
Font
General
Full URL
https://fonts.gstatic.com/s/titilliumweb/v8/NaPDcZTIAOhVxoMyOr9n_E7ffBzCGItzY5abuWI.woff2
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
8658dcad983dacbb3bca7bc8217fd0b75f28df85bf9259bd0dccf69e58cb0ecd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
cors
Referer
https://fonts.googleapis.com/css?family=Titillium+Web:200,300,400,600
Origin
https://threatvector.cylance.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 17 Oct 2019 10:14:24 GMT
x-content-type-options
nosniff
last-modified
Mon, 22 Jul 2019 19:25:27 GMT
server
sffe
age
385482
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
12276
x-xss-protection
0
expires
Fri, 16 Oct 2020 10:14:24 GMT
munchkin.js
munchkin.marketo.net
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.31.84.223 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a184-31-84-223.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
66f7eaa7a45f696c332cd450771f4be48e110f6afbe1fe7b39c7a95518aeef76

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 21 Oct 2019 21:19:06 GMT
Content-Encoding
gzip
Last-Modified
Fri, 05 Apr 2019 02:53:44 GMT
Server
Apache
ETag
"54520320df20b526337717d6d28181fc:1554432824"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
752
getForm?munchkinId=524-DOM-989&form=3163&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fpcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html&callback=jQuery1...
app-sj16.marketo.com/index.php/form
0
0
Script
General
Full URL
https://app-sj16.marketo.com/index.php/form/getForm?munchkinId=524-DOM-989&form=3163&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fpcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html&callback=jQuery11240625058183878616_1571692746664&_=1571692746665
Requested by
Host: app-sj16.marketo.com
URL: https://app-sj16.marketo.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.93.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
/
Resource Hash

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

dest5.html?d_nsid=0
cylance.demdex.net
0
0

dd?d_uuid=62554308259768085003221692487941663994
cm.everesttech.net/cm
0
0

102219-data-dystopia-2-lrg?&wid=319&fit=constrain,1
s7d2.scene7.com/is/image/cylance
0
0

000-InSecurity-Podcast-LRG?&wid=319&fit=constrain,1
s7d2.scene7.com/is/image/cylance
4 KB
4 KB
Image
General
Full URL
https://s7d2.scene7.com/is/image/cylance/000-InSecurity-Podcast-LRG?&wid=319&fit=constrain,1
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:288::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Unknown /
Resource Hash
62d710d9bda1dbd522c180805ec2a66d82c84ec1093813ebf39d22f04b30d871

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
last-modified
Thu, 11 Apr 2019 19:54:05 GMT
server
Unknown
etag
"dd3973310906a18966ce86729e8f6c75"
status
200
content-type
image/jpeg
access-control-allow-origin
*
content-length
4371
expires
Tue, 22 Oct 2019 02:17:10 GMT
011619-evaluate-insurance-5-lrg?&wid=319&fit=constrain,1
s7d2.scene7.com/is/image/cylance
5 KB
5 KB
Image
General
Full URL
https://s7d2.scene7.com/is/image/cylance/011619-evaluate-insurance-5-lrg?&wid=319&fit=constrain,1
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:288::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Unknown /
Resource Hash
077cb490ecea2584bdfe6418c46d36e4663e2cc1b95b240a4d9eca1b0f1e8d65

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
last-modified
Wed, 16 Oct 2019 02:42:10 GMT
server
Unknown
etag
"5069e3be0a02cf1a5397f79742ac3eba"
status
200
content-type
image/jpeg
access-control-allow-origin
*
content-length
4702
expires
Mon, 21 Oct 2019 17:18:30 GMT
101619-xmrig-2b-lrg?&wid=319&fit=constrain,1
s7d2.scene7.com/is/image/cylance
9 KB
9 KB
Image
General
Full URL
https://s7d2.scene7.com/is/image/cylance/101619-xmrig-2b-lrg?&wid=319&fit=constrain,1
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:288::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Unknown /
Resource Hash
167bef6230e3e92eb9012e04a965fe446c9016276fbac5a752f1fd8be7d3a157

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
last-modified
Tue, 15 Oct 2019 02:35:04 GMT
server
Unknown
etag
"8bcda4c2c41291aac33efeb2e6162159"
status
200
content-type
image/jpeg
access-control-allow-origin
*
content-length
9196
expires
Tue, 22 Oct 2019 03:58:08 GMT
101519-autonomous-cars-lrg?&wid=319&fit=constrain,1
s7d2.scene7.com/is/image/cylance
6 KB
6 KB
Image
General
Full URL
https://s7d2.scene7.com/is/image/cylance/101519-autonomous-cars-lrg?&wid=319&fit=constrain,1
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:288::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Unknown /
Resource Hash
769defbccd06db0371d6d01b9ccb0b5237a7bdafc4bde17831262e971e7690b8

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
last-modified
Tue, 15 Oct 2019 16:15:50 GMT
server
Unknown
etag
"c7bf03da9d0d7841ee4a6fb5b5e4c986"
status
200
content-type
image/jpeg
access-control-allow-origin
*
content-length
6260
expires
Tue, 22 Oct 2019 01:59:40 GMT
iframe_api
www.youtube.com
859 B
1 KB
Script
General
Full URL
https://www.youtube.com/iframe_api
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
YouTube Frontend Proxy /
Resource Hash
16dd54686a3ed4ca169cba44af157ea072d91930a6b5ad3690b4651820e5e0b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
x-content-type-options
nosniff
server
YouTube Frontend Proxy
content-type
application/javascript
status
200
cache-control
no-cache
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
859
x-xss-protection
0
expires
Tue, 27 Apr 1971 19:44:06 EST
footer_social_icons_facebook.svg
/etc/clientlibs/cylance-blogs/main/images/icons
2 KB
2 KB
Image
General
Full URL
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/footer_social_icons_facebook.svg
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
937fdd2761db8d890407be8c18e64a7f3c19ded89b4d67f5606e30a560bd63c5
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
ETag
"6d1-591e576f72540-gzip"
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Length
775
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:53 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Date
Mon, 21 Oct 2019 21:19:07 GMT
Vary
Accept-Encoding,User-Agent
Content-Type
image/svg+xml
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
footer_social_icons_youtube.svg
/etc/clientlibs/cylance-blogs/main/images/icons
6 KB
3 KB
Image
General
Full URL
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/footer_social_icons_youtube.svg
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
b194fd385666036162259f55563a017e78753671e0fbd3be31a272dc2b869876
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
ETag
"16d2-591e576f72540-gzip"
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Length
2247
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:53 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Date
Mon, 21 Oct 2019 21:19:07 GMT
Vary
Accept-Encoding,User-Agent
Content-Type
image/svg+xml
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
footer_social_icons_twitter.svg
/etc/clientlibs/cylance-blogs/main/images/icons
2 KB
2 KB
Image
General
Full URL
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/footer_social_icons_twitter.svg
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
af6f1a1d1ca5b44168e2d69e4e92daf576df150cc615c9e62adc6eb909a73114
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
ETag
"7d3-591e576f72540-gzip"
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Length
1002
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:53 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Date
Mon, 21 Oct 2019 21:19:07 GMT
Vary
Accept-Encoding,User-Agent
Content-Type
image/svg+xml
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
footer_social_icons_linkedin.svg
/etc/clientlibs/cylance-blogs/main/images/icons
2 KB
2 KB
Image
General
Full URL
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/footer_social_icons_linkedin.svg
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
099bace63963205abb1875d577e797bdac573989ab27a75960eafe3ccd5fa27a
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
ETag
"714-591e576f72540-gzip"
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Length
803
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:53 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Date
Mon, 21 Oct 2019 21:19:07 GMT
Vary
Accept-Encoding,User-Agent
Content-Type
image/svg+xml
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
footer_social_icons_rss.svg
/etc/clientlibs/cylance-blogs/main/images/icons
2 KB
2 KB
Image
General
Full URL
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/footer_social_icons_rss.svg
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
8235e55fa7f1c889f552c3d7415b6bfff016a82035dc5c77da7a1789a3de95e3
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
ETag
"719-591e576f72540-gzip"
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Length
827
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:53 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Date
Mon, 21 Oct 2019 21:19:07 GMT
Vary
Accept-Encoding,User-Agent
Content-Type
image/svg+xml
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
RC45a65cb4bab44e65966fc1bfe9d6d8ed-source.min.js
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac
460 B
487 B
Script
General
Full URL
https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RC45a65cb4bab44e65966fc1bfe9d6d8ed-source.min.js
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
44df095afbcc3700bb27f3c430bce008b8074188be803787ce11b9b850ed6675

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
content-encoding
gzip
last-modified
Thu, 13 Jun 2019 21:17:25 GMT
server
Apache
etag
"eb0abeded1d23a64ed81155c95cbb867:1560460645"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
254
expires
Mon, 21 Oct 2019 22:19:06 GMT
RC795343619189407bb257bf77f37e4f32-source.min.js
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac
458 B
491 B
Script
General
Full URL
https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RC795343619189407bb257bf77f37e4f32-source.min.js
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
b10bfe284fcea12155ae8def55a8ec14b8a804e198e06d985e6e8a1681851c63

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
content-encoding
gzip
last-modified
Thu, 13 Jun 2019 21:17:25 GMT
server
AkamaiNetStorage
etag
"6c8d0a2b5eadfc79c1cea9bda4c63d3f:1560460645"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
252
expires
Mon, 21 Oct 2019 22:19:06 GMT
RCa7a45d271f51412293463f49427635d0-source.min.js
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac
472 B
499 B
Script
General
Full URL
https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RCa7a45d271f51412293463f49427635d0-source.min.js
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ae0d8091f974c66bea6d9f9aeba9feb785eb4e5a4e779060ec5f31b525f61f0f

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
content-encoding
gzip
last-modified
Thu, 13 Jun 2019 21:17:25 GMT
server
Apache
etag
"1cd1f676e57143bd85e5f21bdd4785bb:1560460645"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
265
expires
Mon, 21 Oct 2019 22:19:06 GMT
ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=2147251573.1571692747&jid=1237408280&_v=j79&z=633900591&slf_rd=1&random=3020968381
www.google.de/ads
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j79&a=466890093&t=pageview&_s=1&dl=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fpcshare-backdoor-attacks-targeting-windows-users-with-fa...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-33464378-1&cid=2147251573.1571692747&jid=1237408280&_gid=1387410795.1571692747&gjid=843304128&_v=j79&z=633900591
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=2147251573.1571692747&jid=1237408280&_v=j79&z=633900591
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=2147251573.1571692747&jid=1237408280&_v=j79&z=633900591&slf_rd=1&random=3020968381
42 B
434 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=2147251573.1571692747&jid=1237408280&_v=j79&z=633900591&slf_rd=1&random=3020968381
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 21 Oct 2019 21:19:07 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 21 Oct 2019 21:19:07 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=2147251573.1571692747&jid=1237408280&_v=j79&z=633900591&slf_rd=1&random=3020968381
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
munchkin.js
munchkin.marketo.net/155
9 KB
4 KB
Script
General
Full URL
https://munchkin.marketo.net/155/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.31.84.223 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a184-31-84-223.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 21 Oct 2019 21:19:06 GMT
Content-Encoding
gzip
Last-Modified
Fri, 30 Nov 2018 03:18:20 GMT
Server
Apache
ETag
"c67dad42946949112916578f78706df8:1543547900"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
3923
Expires
Wed, 29 Jan 2020 21:19:06 GMT
www-widgetapi.js
s.ytimg.com/yts/jsbin/www-widgetapi-vfloS5Wsk
23 KB
9 KB
Script
General
Full URL
https://s.ytimg.com/yts/jsbin/www-widgetapi-vfloS5Wsk/www-widgetapi.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/iframe_api
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
b631fccbe48b26dccef2b6eedeed2d6fb9020daf34dbc8010e587e280b6f498e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 06:21:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
53883
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
8680
x-xss-protection
0
last-modified
Sun, 20 Oct 2019 04:15:26 GMT
server
sffe
vary
Accept-Encoding, Origin
content-type
text/javascript
cache-control
public, max-age=691200
accept-ranges
bytes
timing-allow-origin
https://www.youtube.com
expires
Tue, 29 Oct 2019 06:21:03 GMT
RC65049b1ee2da4bed9ece12f15b7d466f-source.min.js
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac
835 B
587 B
Script
General
Full URL
https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RC65049b1ee2da4bed9ece12f15b7d466f-source.min.js
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c0aed91f1b10ec94f40fdf79c31d1f870fb4bf3eda63b61edb3bbaeff53a93e0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
content-encoding
gzip
last-modified
Thu, 13 Jun 2019 21:17:25 GMT
server
Apache
etag
"3802beb763414589551c998a499408b3:1560460645"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
353
expires
Mon, 21 Oct 2019 22:19:06 GMT
visitWebPage?_mchNc=1571692746947&_mchCn=&_mchId=524-DOM-989&_mchTk=_mch-cylance.com-1571692746946-52039&_mchHo=threatvector.cylance.com&_mchPo=&_mchRu=%2Fen_us%2Fhome%2Fpcshare-backdoor-attacks-ta...
524-dom-989.mktoresp.com/webevents
2 B
303 B
XHR
General
Full URL
https://524-dom-989.mktoresp.com/webevents/visitWebPage?_mchNc=1571692746947&_mchCn=&_mchId=524-DOM-989&_mchTk=_mch-cylance.com-1571692746946-52039&_mchHo=threatvector.cylance.com&_mchPo=&_mchRu=%2Fen_us%2Fhome%2Fpcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html&_mchPc=https%3A&_mchVr=155&_mchHa=&_mchRe=&_mchQp=
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.28.147.68 , United States, ASN53580 (MARKETO - MARKETO, Inc., US),
Reverse DNS
Software
akka-http/10.1.7 /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Sec-Fetch-Mode
cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Mon, 21 Oct 2019 21:19:07 GMT
Content-Encoding
gzip
Server
akka-http/10.1.7
Transfer-Encoding
chunked
X-Request-Id
e925d531-afd6-4546-bda6-dc6009c9b7c3
Content-Type
text/plain; charset=UTF-8
RC03553916c50b4787a671e14ccf605715-source.min.js
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac
695 B
645 B
Script
General
Full URL
https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RC03553916c50b4787a671e14ccf605715-source.min.js
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
1a7103ddeebf3a313febafe1aba08a1cec143c98a7b6e51cacbf8893093efaa2

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:07 GMT
content-encoding
gzip
last-modified
Thu, 13 Jun 2019 21:17:24 GMT
server
Apache
etag
"d9f372492adb73ae3b7bff0cf0a90587:1560460644"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
412
expires
Mon, 21 Oct 2019 22:19:07 GMT
bat.js
bat.bing.com
23 KB
7 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
b139982ce002c53ddfb65aec1e90704c0a3704fc5aa35247f9323b74a1d3f721

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
content-encoding
gzip
last-modified
Tue, 10 Sep 2019 18:57:28 GMT
x-msedge-ref
Ref A: 752D7CEFF9B94FEC87F7FB91C530C4AE Ref B: VIEEDGE0609 Ref C: 2019-10-21T21:19:07Z
status
200
etag
"09c5197968d51:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
7148
RCcd4cfcbe6a2644318ee9f8727d5e7eb8-source.min.js
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac
1 KB
775 B
Script
General
Full URL
https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RCcd4cfcbe6a2644318ee9f8727d5e7eb8-source.min.js
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
93a431303f6163e1a1b17d0fe9ac4edb2b042333aec637187fa92f9ed1050ae8

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:07 GMT
content-encoding
gzip
last-modified
Thu, 13 Jun 2019 21:17:24 GMT
server
Apache
etag
"eababff33cad8c9e414fb875be462778:1560460644"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
541
expires
Mon, 21 Oct 2019 22:19:07 GMT
RCf28b419b6ee84d7a88134d7176e20bb3-source.min.js
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac
1 KB
899 B
Script
General
Full URL
https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RCf28b419b6ee84d7a88134d7176e20bb3-source.min.js
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
fe884e48d8d2602152678463aa5ac92bb7bd73b357851406aebcc046ab1d8b9f

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:07 GMT
content-encoding
gzip
last-modified
Thu, 13 Jun 2019 21:17:24 GMT
server
Apache
etag
"6d94ea62691631fbad7ebecdcc6e04c3:1560460644"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
666
expires
Mon, 21 Oct 2019 22:19:07 GMT
RCe330e30c9b774f238563c2f0317b145b-source.min.js
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac
654 B
624 B
Script
General
Full URL
https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RCe330e30c9b774f238563c2f0317b145b-source.min.js
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
f419df72131b2e7ec36c56950099c5c8f88e3e8ba7de2438b0484d0786e56200

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:07 GMT
content-encoding
gzip
last-modified
Thu, 13 Jun 2019 21:17:24 GMT
server
Apache
etag
"cba2baa21d2761515a7b772732db4812:1560460644"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
391
expires
Mon, 21 Oct 2019 22:19:07 GMT
bizible.js?account=cylance.com
cdn.bizible.com/scripts
85 KB
32 KB
Script
General
Full URL
https://cdn.bizible.com/scripts/bizible.js?account=cylance.com
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40B4) / ASP.NET
Resource Hash
304bfe9eb3f7bd61580b2a74331e32e2c5bb918afa808dc35f01f32f2e693510

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 21 Oct 2019 21:19:06 GMT
content-encoding
gzip
etag
"13cba397f82d51:0"
last-modified
Mon, 14 Oct 2019 11:05:01 GMT
server
ECS (fcn/40B4)
x-powered-by
ASP.NET
vary
Accept-Encoding
x-cache
HIT
content-type
application/x-javascript
status
200
accept-ranges
bytes
content-length
33061
share_bar_icon_linkedin.svg
/etc/clientlibs/cylance-blogs/main/images/icons
2 KB
2 KB
Image
General
Full URL
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/share_bar_icon_linkedin.svg
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
c6e538e6a9213d8d6cb6a1f3b7c03e5a06d68ff25ec57e6eb5b4868289464de0
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
ETag
"809-591e576f72540-gzip"
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Length
876
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:53 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Date
Mon, 21 Oct 2019 21:19:07 GMT
Vary
Accept-Encoding,User-Agent
Content-Type
image/svg+xml
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
share_bar_icon_twitter.svg
/etc/clientlibs/cylance-blogs/main/images/icons
2 KB
2 KB
Image
General
Full URL
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/share_bar_icon_twitter.svg
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
7b86ac9779af83777789a7fc81940793f77b5bd3ff3d36ac8e925fccf656247a
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
ETag
"8c8-591e576f72540-gzip"
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Length
1062
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:53 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Date
Mon, 21 Oct 2019 21:19:07 GMT
Vary
Accept-Encoding,User-Agent
Content-Type
image/svg+xml
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
share_bar_icon_google.svg
/etc/clientlibs/cylance-blogs/main/images/icons
2 KB
2 KB
Image
General
Full URL
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/share_bar_icon_google.svg
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
66de82969f617c85184ad351d55501233e538e7f54caa684368c8a155053874d
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
ETag
"829-591e576f72540-gzip"
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Length
867
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:53 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Date
Mon, 21 Oct 2019 21:19:07 GMT
Vary
Accept-Encoding,User-Agent
Content-Type
image/svg+xml
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
share_bar_icon_facebook.svg
/etc/clientlibs/cylance-blogs/main/images/icons
2 KB
2 KB
Image
General
Full URL
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/share_bar_icon_facebook.svg
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
fe08d074a32f7c481cc425d22cdd787137feea90578e0b10556cebeefcfa3040
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
ETag
"771-591e576f72540-gzip"
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Length
796
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:53 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Date
Mon, 21 Oct 2019 21:19:07 GMT
Vary
Accept-Encoding,User-Agent
Content-Type
image/svg+xml
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
share_bar_icon_email.svg
/etc/clientlibs/cylance-blogs/main/images/icons
1 KB
1 KB
Image
General
Full URL
https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/share_bar_icon_email.svg
Requested by
Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.126.14 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-223-126-14.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
87f55f0eb8ca3828f1f3c43da32e71933463b639ff59c86fab549600912ac687
Security Headers
Name Value
Content-Security-Policy font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://threatvector.cylance.com/en_us/home/pcshare-backdoor-attacks-targeting-windows-users-with-fakenarrator-malware.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
ETag
"49c-591e576f72540-gzip"
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Length
682
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 06 Sep 2019 17:06:53 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Date
Mon, 21 Oct 2019 21:19:07 GMT
Vary
Accept-Encoding,User-Agent
Content-Type
image/svg+xml
Connection
keep-alive
Feature-Policy
geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
ipv?_biz_r=&_biz_h=-1906410348&_biz_u=d13398be9f1c477daa151b3adbe00c5a&_biz_s=44ba5a&_biz_l=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fpcshare-backdoor-attacks-targeting-windows-users-...
cdn.bizible.com/m
43 B
345 B
Image