cyble.com Open in urlscan Pro
192.0.78.231 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Submission: On June 11 via api (June 11th 2024, 6:09:41 pm UTC) from IN — Scanned from DE

Summary HTTP 202 Redirects Links 76 Behaviour Indicators

Summary

This website contacted 49 IPs in 5 countries across 40 domains to perform 202 HTTP transactions. The main IP is 192.0.78.231, located in San Francisco, United States and belongs to AUTOMATTIC, US. The main domain is cyble.com.
TLS certificate: Issued by R3 on May 31st 2024. Valid for: 3 months.

This is the only time cyble.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 79	192.0.78.231 192.0.78.231	2635 (AUTOMATTIC) (AUTOMATTIC)
11	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC)
4	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
2	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	172.67.138.101 172.67.138.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 6	2606:4700::68... 2606:4700::6811:f6cb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	2606:4700:440... 2606:4700:4400::6812:22dd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
1	104.18.141.119 104.18.141.119	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:8dd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
4	2600:9000:264... 2600:9000:2644:d200:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:149b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2620:1ec:bdf::45 2620:1ec:bdf::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	172.64.153.35 172.64.153.35	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a05:d018:cc3... 2a05:d018:cc3:fe04:9297:b64d:a588:fbec	16509 (AMAZON-02) (AMAZON-02)
22	2400:52e0:1e0... 2400:52e0:1e00::1082:1	60068 (CDN77 _) (CDN77 _)
1	2606:4700::68... 2606:4700::6810:4c8e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:8911	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:991b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:a0a8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2600:9000:267... 2600:9000:2670:c800:7:d7d6:3c40:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:310... 2606:4700:3108::ac42:2af8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:400c:c0d::9b	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	104.18.80.204 104.18.80.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	18.158.205.16 18.158.205.16	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:7674	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:803::200a	15169 (GOOGLE) (GOOGLE)
4	20.114.189.70 20.114.189.70	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE)
2	172.217.16.196 172.217.16.196	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
3	172.64.150.44 172.64.150.44	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	104.16.117.43 104.16.117.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:211... 2600:9000:211e:8600:4:8491:f2c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	18.172.103.101 18.172.103.101	16509 (AMAZON-02) (AMAZON-02)
1	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1	216.239.34.36 216.239.34.36	15169 (GOOGLE) (GOOGLE)
5 6	34.196.234.131 34.196.234.131	14618 (AMAZON-AES) (AMAZON-AES)
2 2	34.36.216.150 34.36.216.150	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	54.171.118.212 54.171.118.212	16509 (AMAZON-02) (AMAZON-02)
1 1	34.249.71.131 34.249.71.131	16509 (AMAZON-02) (AMAZON-02)
1 1	52.57.183.178 52.57.183.178	16509 (AMAZON-02) (AMAZON-02)
1 1	52.212.11.218 52.212.11.218	16509 (AMAZON-02) (AMAZON-02)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	52.200.234.22 52.200.234.22	14618 (AMAZON-AES) (AMAZON-AES)
202	49

79 192.0.78.231 (San Francisco, United States) 1 redirects

ASN2635 (AUTOMATTIC, US)

cyble.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

fonts-api.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.138.101 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6811:f6cb (United States) 4 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::6812:22dd (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.gartner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i0.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.141.119 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:8dd1 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2644:d200:6:9280:1080:93a1 (United States)

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:149b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.153.35 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

www.gartner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:cc3:fe04:9297:b64d:a588:fbec (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2400:52e0:1e00::1082:1 (Germany)

ASN60068 (CDN77 _, GB)

a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4c8e (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:8911 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:991b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a0a8 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 2 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2670:c800:7:d7d6:3c40:93a1 (United States)

ASN16509 (AMAZON-02, US)

tag.clearbitscripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3108::ac42:2af8 (United States)

ASN13335 (CLOUDFLARENET, US)

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0d::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.80.204 (None, )

ASN13335 (CLOUDFLARENET, US)

perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.158.205.16 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-205-16.eu-central-1.compute.amazonaws.com

x.clearbitjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.clearbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 20.114.189.70 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

t.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.196 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.64.150.44 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::237 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.117.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:211e:8600:4:8491:f2c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

tags.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.172.103.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-172-103-101.fra60.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.34.36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.196.234.131 (Ashburn, United States) 5 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-196-234-131.compute-1.amazonaws.com

aorta.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.36.216.150 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 150.216.36.34.bc.googleusercontent.com

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.171.118.212 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-118-212.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.249.71.131 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-71-131.eu-west-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.57.183.178 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-183-178.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.212.11.218 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-11-218.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.200.234.22 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-200-234-22.compute-1.amazonaws.com

hemsync.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
79	cyble.com 1 redirects cyble.com	957 KB
24	omappapi.com a.omappapi.com — Cisco Umbrella Rank: 6995 api.omappapi.com — Cisco Umbrella Rank: 7117	100 KB
22	wp.com fonts-api.wp.com — Cisco Umbrella Rank: 20893 i0.wp.com — Cisco Umbrella Rank: 4272 s0.wp.com — Cisco Umbrella Rank: 9862 stats.wp.com — Cisco Umbrella Rank: 3409 fonts.wp.com — Cisco Umbrella Rank: 21591 pixel.wp.com — Cisco Umbrella Rank: 3349	1 MB
8	clickagy.com 5 redirects tags.clickagy.com — Cisco Umbrella Rank: 24897 aorta.clickagy.com — Cisco Umbrella Rank: 2556 hemsync.clickagy.com — Cisco Umbrella Rank: 22318	29 KB
8	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 776 t.clarity.ms — Cisco Umbrella Rank: 7215 c.clarity.ms — Cisco Umbrella Rank: 1472	29 KB
7	hubspot.com js.hubspot.com — Cisco Umbrella Rank: 4636 api.hubspot.com — Cisco Umbrella Rank: 5690 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 4672 app.hubspot.com — Cisco Umbrella Rank: 6048 track.hubspot.com — Cisco Umbrella Rank: 2789 forms.hubspot.com — Cisco Umbrella Rank: 6246	30 KB
6	unpkg.com 4 redirects unpkg.com — Cisco Umbrella Rank: 1017	57 KB
5	gstatic.com fonts.gstatic.com www.gstatic.com	272 KB
5	linkedin.com 2 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 352 px4.ads.linkedin.com — Cisco Umbrella Rank: 6457	3 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 68 region1.google-analytics.com — Cisco Umbrella Rank: 2347	21 KB
5	adroll.com s.adroll.com — Cisco Umbrella Rank: 3658 d.adroll.com — Cisco Umbrella Rank: 1764	145 KB
4	gartner.com 1 redirects www.gartner.com — Cisco Umbrella Rank: 61499	115 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	419 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 7394	4 KB
2	agkn.com 2 redirects aa.agkn.com — Cisco Umbrella Rank: 563 d.agkn.com — Cisco Umbrella Rank: 780	1 KB
2	demdex.net 2 redirects dpm.demdex.net — Cisco Umbrella Rank: 249	1 KB
2	sitescout.com 2 redirects pixel-sync.sitescout.com — Cisco Umbrella Rank: 755	684 B
2	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 1419 insight.adsrvr.org — Cisco Umbrella Rank: 1061	5 KB
2	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 5178	3 KB
2	google.com www.google.com — Cisco Umbrella Rank: 5	974 B
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 77	3 KB
2	clearbitjs.com x.clearbitjs.com — Cisco Umbrella Rank: 19795	45 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 114	3 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 205	71 KB
2	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2946	2 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 265	36 KB
1	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 491	98 B
1	crwdcntrl.net 1 redirects sync.crwdcntrl.net — Cisco Umbrella Rank: 888	216 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 226	766 B
1	clearbit.com app.clearbit.com — Cisco Umbrella Rank: 20840	1 KB
1	hsforms.com perf-na1.hsforms.com — Cisco Umbrella Rank: 4902	929 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 132	342 B
1	clearbitscripts.com tag.clearbitscripts.com — Cisco Umbrella Rank: 16529	5 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2600	24 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2567	26 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 5954	92 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 5805	24 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 958	17 KB
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 7811	156 KB
1	unpkg.co 1 redirects unpkg.co — Cisco Umbrella Rank: 140023	576 B
202	40

	Domain	Requested by
79	cyble.com	1 redirects cyble.com
22	a.omappapi.com	cyble.com a.omappapi.com
9	i0.wp.com	cyble.com
8	fonts.wp.com	fonts-api.wp.com
6	aorta.clickagy.com	5 redirects tags.clickagy.com
6	unpkg.com	4 redirects cyble.com
4	fonts.gstatic.com	fonts.googleapis.com
4	t.clarity.ms	www.clarity.ms
4	px.ads.linkedin.com	2 redirects snap.licdn.com
4	s.adroll.com	cyble.com s.adroll.com www.googletagmanager.com
4	www.gartner.com	1 redirects cyble.com www.gartner.com
4	www.googletagmanager.com	cyble.com www.googletagmanager.com
3	js.zi-scripts.com	cyble.com js.zi-scripts.com
3	region1.google-analytics.com	www.googletagmanager.com
2	dpm.demdex.net	2 redirects
2	pixel-sync.sitescout.com	2 redirects
2	ws.zoominfo.com	js.zi-scripts.com
2	c.clarity.ms	1 redirects
2	www.google.com	a.omappapi.com www.gstatic.com
2	fonts.googleapis.com	a.omappapi.com
2	x.clearbitjs.com	tag.clearbitscripts.com
2	www.facebook.com	cyble.com
2	api.omappapi.com	a.omappapi.com
2	api.hubspot.com	js.usemessages.com
2	www.clarity.ms	cyble.com www.clarity.ms
2	connect.facebook.net	www.googletagmanager.com connect.facebook.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	js.hs-scripts.com	cyble.com www.googletagmanager.com
2	cdnjs.cloudflare.com	cyble.com www.gartner.com
2	fonts-api.wp.com	cyble.com
1	hemsync.clickagy.com	tags.clickagy.com
1	idsync.rlcdn.com
1	sync.crwdcntrl.net	1 redirects
1	d.agkn.com	1 redirects
1	aa.agkn.com	1 redirects
1	insight.adsrvr.org	js.adsrvr.org
1	js.adsrvr.org	cyble.com
1	tags.clickagy.com	cyble.com
1	forms.hubspot.com	js.hsleadflows.net
1	c.bing.com	1 redirects
1	track.hubspot.com
1	www.gstatic.com	www.google.com
1	app.clearbit.com	x.clearbitjs.com
1	app.hubspot.com	js.usemessages.com
1	perf-na1.hsforms.com	cyble.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	tag.clearbitscripts.com	www.googletagmanager.com
1	px4.ads.linkedin.com	cyble.com
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	pixel.wp.com	cyble.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hubspot.com	js.hs-scripts.com
1	js.hsleadflows.net	js.hs-scripts.com
1	js.usemessages.com	js.hs-scripts.com
1	d.adroll.com	s.adroll.com
1	snap.licdn.com	www.googletagmanager.com
1	stats.wp.com	cyble.com
1	js.hsforms.net	cyble.com
1	s0.wp.com	cyble.com
1	unpkg.co	1 redirects
202	61

This site contains links to these domains. Also see Links.

Domain
cyble.ai
www.cyble.com
getodin.com
thecyberexpress.com
partnernetwork.cyble.com
partnercentral.cyble.com
twitter.com
attack.mitre.org
trust.cyble.com
www.linkedin.com
www.youtube.com

Subject Issuer	Validity	Valid
tls.automattic.com R3	`2024-05-31` - `2024-08-29`	3 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2023-11-28` - `2024-12-28`	a year	crt.sh
*.google-analytics.com WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
cdnjs.cloudflare.com E1	`2024-06-02` - `2024-08-31`	3 months	crt.sh
hsforms.net GTS CA 1P5	`2024-04-15` - `2024-07-14`	3 months	crt.sh
hs-scripts.com E1	`2024-05-31` - `2024-08-29`	3 months	crt.sh
s.adroll.com Amazon RSA 2048 M02	`2024-05-03` - `2025-06-01`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-03-21` - `2024-06-19`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-12-07` - `2024-12-07`	a year	crt.sh
www.gartner.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-14` - `2024-12-13`	a year	crt.sh
d.adroll.com Amazon RSA 2048 M01	`2023-10-09` - `2024-11-07`	a year	crt.sh
a.omappapi.com R3	`2024-05-12` - `2024-08-10`	3 months	crt.sh
usemessages.com E5	`2024-06-10` - `2024-09-08`	3 months	crt.sh
hsleadflows.net E1	`2024-06-02` - `2024-08-31`	3 months	crt.sh
hubspot.com E1	`2024-05-23` - `2024-08-21`	3 months	crt.sh
hs-banner.com E1	`2024-05-30` - `2024-08-28`	3 months	crt.sh
hs-analytics.net WE1	`2024-06-11` - `2024-09-09`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
clearbitscripts.com Amazon RSA 2048 M03	`2024-05-11` - `2025-06-08`	a year	crt.sh
omappapi.com GTS CA 1P5	`2024-04-18` - `2024-07-17`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-05-21` - `2024-08-13`	3 months	crt.sh
hsforms.com GTS CA 1P5	`2024-04-17` - `2024-07-16`	3 months	crt.sh
clearbitjs.com Amazon RSA 2048 M02	`2024-02-15` - `2025-03-16`	a year	crt.sh
upload.video.google.com WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
clearbit.com Amazon RSA 2048 M03	`2024-02-15` - `2025-03-16`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 01	`2024-01-14` - `2024-06-27`	5 months	crt.sh
*.gstatic.com WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
*.google.com WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
zi-scripts.com GTS CA 1P5	`2024-05-27` - `2024-08-25`	3 months	crt.sh
zoominfo.com E1	`2024-05-20` - `2024-08-18`	3 months	crt.sh
*.clickagy.com Amazon ECDSA 256 M02	`2023-09-22` - `2024-10-20`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2024-04-23` - `2025-05-25`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Frame ID: 1A3C052453F895A8E74EB1D2E173DF0B
Requests: 195 HTTP requests in this frame

Frame: https://www.gartner.com/peer-insights/vendor-portal/public/Widget/data?widget_id=OGI4MjFjNTctM2JmYS00ZmE3LWE1NjgtOTY0NmZlNGEyNjI4&size=large
Frame ID: 14497DE589804C9A627A879B91A0D5AA
Requests: 1 HTTP requests in this frame

Frame: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/e32de16c39534650b13f039182db853c?uuid=455c5b381bf44f28a7131b8aad9974e4&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=cyble.com&inApp53=false&messagesUtk=e32de16c39534650b13f039182db853c&url=https%3A%2F%2Fcyble.com%2Fblog%2Fevasive-noescape-ransomware-uses-reflective-dll-injection%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false&hideScrollToButton=true
Frame ID: 5652684F384C7D0217FF2E619C08BD6B
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld852MnAAAAAFzgX2FpHqe1Ic4SAQOJBd3NkMga&co=aHR0cHM6Ly9jeWJsZS5jb206NDQz&hl=de&v=9pvHvq7kSOTqqZusUzJ6ewaF&size=invisible&cb=a9gv6rgoul71
Frame ID: C01DF956A3E39C43A3F748DDBB882E2E
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=ixkqho4&ref=https%3A%2F%2Fcyble.com%2Fblog%2Fevasive-noescape-ransomware-uses-reflective-dll-injection%2F&upid=x1swie6&upv=1.1.0&gdpr=1&gdpr_consent=undefined
Frame ID: 722922AC7AF3BBBFECDD19DF45C24A32
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cyble - Evasive NoEscape Ransomware Uses Reflective DLL Injection

Page URL History Show full URLs

https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection HTTP 301
https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
<link[^>]+s\d+\.wp\.com
/wp-(?:content|includes)/

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Revslider (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/revslider/[/\w-]+/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

202
Requests

96 %
HTTPS

51 %
IPv6

40
Domains

61
Subdomains

49
IPs

5
Countries

3770 kB
Transfer

9708 kB
Size

51
Cookies

76 Outgoing links

These are links going to different origins than the main page.

URL: https://cyble.ai/auth/login?__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: Login

Search URL Search Domain Scan URL

URL: https://www.cyble.com/products/cyble-vision
Title: Award-winning cyber threat intelligence platform, designed to provide enhanced security through real-time intelligence and threat detection.

Search URL Search Domain Scan URL

URL: https://getodin.com/
Title: Cyble OdinNew

Search URL Search Domain Scan URL

URL: https://thecyberexpress.com/
Title: The Cyber ExpressSubscribe

Search URL Search Domain Scan URL

URL: https://partnernetwork.cyble.com/
Title: Cyble Partner Network (CPN)

Search URL Search Domain Scan URL

URL: https://partnercentral.cyble.com/login
Title: Partner Login

Search URL Search Domain Scan URL

URL: https://partnercentral.cyble.com/partner/registration
Title: Become a PartnerRegister

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22industries%22%3A%5B%22IT%20%26%20ITES%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: IT & ITES |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22industries%22%3A%5B%22Government%20%26%20LEA%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: Government & LEA |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22industries%22%3A%5B%22Technology%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: Technology |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22industries%22%3A%5B%22Healthcare%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: Healthcare |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22industries%22%3A%5B%22Education%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: Education

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22country%22%3A%5B%22United%20States%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: United States |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22country%22%3A%5B%22Russian%20Federation%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: Russian Federation |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22country%22%3A%5B%22China%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: China |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22country%22%3A%5B%22United%20Kingdom%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: United Kingdom |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22country%22%3A%5B%22Ukraine%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: Ukraine

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22regions%22%3A%5B%22North%20America%20%28NA%29%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: North America (NA) |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22regions%22%3A%5B%22Europe%20%26%20UK%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: Europe & UK |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22regions%22%3A%5B%22Asia%20%26%20Pacific%20%28APAC%29%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: Asia & Pacific (APAC) |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22regions%22%3A%5B%22Middle%20East%20%26%20Africa%20%28MEA%29%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: Middle East & Africa (MEA) |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22regions%22%3A%5B%22Australia%20and%20New%20Zealand%20%28ANZ%29%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: Australia and New Zealand (ANZ)

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ioc%22%3A%5B%22a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ioc%22%3A%5B%227bdbd180c081fa63ca94f9c22c457376%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: 7bdbd180c081fa63ca94f9c22c457376 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ioc%22%3A%5B%2210.0.0.0%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: 10.0.0.0 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ioc%22%3A%5B%224c648967aeac81b18b53a3cb357120f4%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: 4c648967aeac81b18b53a3cb357120f4 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ioc%22%3A%5B%221fa0222e5ae2b891fa9c2dad1f63a9b26901d825dc6d6b9dcc6258a985f4f9ab%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: 1fa0222e5ae2b891fa9c2dad1f63a9b26901d825dc6d6b9dcc6258a985f4f9ab

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22cve%22%3A%5B%22CVE-2024-21887%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: CVE-2024-21887 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22cve%22%3A%5B%22CVE-2023-46805%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: CVE-2023-46805 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22cve%22%3A%5B%22CVE-2017-11882%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: CVE-2017-11882 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22cve%22%3A%5B%22CVE-2024-21893%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: CVE-2024-21893 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22cve%22%3A%5B%22CVE-2021-44228%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: CVE-2021-44228

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ttp%22%3A%5B%22T1082%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: T1082 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ttp%22%3A%5B%22T1140%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: T1140 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ttp%22%3A%5B%22T1486%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: T1486 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ttp%22%3A%5B%22T1083%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: T1083 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22ttp%22%3A%5B%22T1105%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: T1105

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tactic%22%3A%5B%22TA505%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: TA505 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tactic%22%3A%5B%22TA0011%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: TA0011 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tactic%22%3A%5B%22TA0007%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: TA0007 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tactic%22%3A%5B%22TA0005%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: TA0005 |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tactic%22%3A%5B%22TA0002%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: TA0002

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tags%22%3A%5B%22security%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: security |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tags%22%3A%5B%22the-cyber-express%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: the-cyber-express |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tags%22%3A%5B%22firewall-daily%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: firewall-daily |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tags%22%3A%5B%22the-cyber-express-news%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: the-cyber-express-news |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22tags%22%3A%5B%22malware%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: malware

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22threat_actor%22%3A%5B%22Lockbit%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: Lockbit |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22threat_actor%22%3A%5B%22Blackcat%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: Blackcat |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22threat_actor%22%3A%5B%22Lazarus%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: Lazarus |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22threat_actor%22%3A%5B%22VoltTyphoon%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: VoltTyphoon |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22threat_actor%22%3A%5B%22Kimsuky%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: Kimsuky

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22malware%22%3A%5B%22CobaltStrike%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: CobaltStrike |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22malware%22%3A%5B%22Qakbot%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: Qakbot |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22malware%22%3A%5B%22Lockbit%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: Lockbit |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22malware%22%3A%5B%22Icedid%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: Icedid |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22malware%22%3A%5B%22Xmrig%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: Xmrig

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22source%22%3A%5B%22Darkreading%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: Darkreading |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22source%22%3A%5B%22Bleepingcomputer%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: Bleepingcomputer |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22source%22%3A%5B%22The%20Cyber%20Express%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: The Cyber Express |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22source%22%3A%5B%22The%20Hacker%20News%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: The Hacker News |

Search URL Search Domain Scan URL

URL: https://cyble.ai/dashboards/news-feed?filters=%7B%22source%22%3A%5B%22Infosecurity%20Magazine%22%5D%7D&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&__hsfp=1608735010
Title: Infosecurity Magazine

Search URL Search Domain Scan URL

URL: https://twitter.com/D4RKR4BB1T47/status/1665152168704221184
Title: EVILRABBIT

Search URL Search Domain Scan URL

URL: https://twitter.com/D4RKR4BB1T47/status/1665227596508852226
Title: EVIL RABBIT

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1059/
Title: T1059

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1204/
Title: T1204

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1547/001/
Title: T1547.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1083
Title: T1083

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1070
Title: T1070

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1562/
Title: T1562

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1486/
Title: T1486

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1490
Title: T1490

Search URL Search Domain Scan URL

URL: https://trust.cyble.com/
Title: Cyble Trust Portal

Search URL Search Domain Scan URL

URL: https://twitter.com/cybleglobal
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cyble-global/
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@cybleglobal
Title: Youtube

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection HTTP 301
https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 38

https://unpkg.co/gsap@3/dist/gsap.min.js?ver%3C%=DateTime.Now.Ticks.ToString()%%3E HTTP 302
https://unpkg.com/gsap@3/dist/gsap.min.js?ver%3C%=DateTime.Now.Ticks.ToString()%%3E HTTP 302
https://unpkg.com/gsap@3/dist/gsap.min.js HTTP 302
https://unpkg.com/gsap@3.12.5/dist/gsap.min.js

Request Chain 39

https://unpkg.com/gsap@3/dist/Draggable.min.js?ver%3C%=DateTime.Now.Ticks.ToString()%%3E HTTP 302
https://unpkg.com/gsap@3/dist/Draggable.min.js HTTP 302
https://unpkg.com/gsap@3.12.5/dist/Draggable.min.js

Request Chain 42

https://www.gartner.com/reviews/technology-providers/public/Widget/js/widget.js HTTP 301
https://www.gartner.com/peer-insights/vendor-portal/public/Widget/js/widget.js

Request Chain 124

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1718129371515&url=https%3A%2F%2Fcyble.com%2Fblog%2Fevasive-noescape-ransomware-uses-reflective-dll-injection%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1718129371515&url=https%3A%2F%2Fcyble.com%2Fblog%2Fevasive-noescape-ransomware-uses-reflective-dll-injection%2F&cookiesTest=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1718129371515&url=https%3A%2F%2Fcyble.com%2Fblog%2Fevasive-noescape-ransomware-uses-reflective-dll-injection%2F&cookiesTest=true&e_ipv6=AQIn94GEk8rADAAAAZAIfas9z7FEPJod6MTTqCMworbv-8A2vf99FRZfOlYVaSdV

Request Chain 184

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=CF207DA5B4F64DA3AC40D7CBAA87574E&RedC=c.clarity.ms&MXFR=273A420441F768E906B5569F45F76648 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=CF207DA5B4F64DA3AC40D7CBAA87574E&MUID=0D2867AF52D66F822D667334535D6E8C

Request Chain 198

https://aorta.clickagy.com/pixel.gif?clkgypv=jstag&ws=1 HTTP 302
https://pixel-sync.sitescout.com/connectors/clickagy/usersync?redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D5%26cm%3D%7BuserId%7D HTTP 302
https://pixel-sync.sitescout.com/connectors/clickagy/usersync?cookieQ=1&redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D5%26cm%3D%7BuserId%7D HTTP 302
https://aorta.clickagy.com/pixel.gif?clkgypv=pxl&ch=5&cm=65b9f330-064b-4c81-ab46-238ed64d118b-666892e0-5553 HTTP 302
https://dpm.demdex.net/ibs:dpid=79908&dpuuid=c:517bd30e8c3533ab4bae599d0ab11589&redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D124%26cm%3D%24%7BDD_UUID%7D HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=79908&dpuuid=c:517bd30e8c3533ab4bae599d0ab11589&redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D124%26cm%3D%24%7BDD_UUID%7D HTTP 302
https://aorta.clickagy.com/pixel.gif?clkgypv=pxl&ch=124&cm=07293726556763758700832222250193969036 HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9212289188&_puid=c:517bd30e8c3533ab4bae599d0ab11589&_redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D128%26cm%3D HTTP 302
https://d.agkn.com/pixel/10751/?che=1718129377193&ip=80.255.10.204&l1=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D128%26cm%3D219903204910003939506 HTTP 302
https://aorta.clickagy.com/pixel.gif?clkgypv=pxl&ch=128&cm=219903204910003939506 HTTP 302
https://sync.crwdcntrl.net/map/c=8545/tp=CKGY/tpid=c:517bd30e8c3533ab4bae599d0ab11589/gdpr=0/gdpr_consent=false/?https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D120%26cm%3D%24%7Bprofile_id%7D HTTP 302
https://aorta.clickagy.com/pixel.gif?clkgypv=pxl&ch=120&cm= HTTP 302
https://idsync.rlcdn.com/420246.gif?partner_uid=c:517bd30e8c3533ab4bae599d0ab11589

202 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Redirect Chain

https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection
https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

515 KB
95 KB

37ms
36ms

Document
text/html

192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d22b095066cf39a3cd14a1106cf404887324685bc6b84f7728f045131305fc9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=300, must-revalidate
cf-edge-cache: cache,platform=wordpress
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 11 Jun 2024 18:09:30 GMT
host-header: WordPress.com
last-modified: Tue, 11 Jun 2024 10:16:54 GMT
link: <https://cyble.com/wp-json/>; rel="https://api.w.org/" <https://cyble.com/wp-json/wp/v2/posts/17463>; rel="alternate"; type="application/json" <https://wp.me/pf01Lu-4xF>; rel=shortlink
referrer-policy: no-referrer-when-downgrade
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding accept, content-type, cookie
x-ac: 2.hhn _atomic_ams STALE
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-hacker: Want root? Visit join.a8c.com and mention this header.
x-nananana: Batcache-Set
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-edge-cache: cache,platform=wordpress
content-type: text/html; charset=UTF-8
date: Tue, 11 Jun 2024 18:09:30 GMT
host-header: WordPress.com
location: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
referrer-policy: no-referrer-when-downgrade
server: nginx
strict-transport-security: max-age=31536000
vary: accept, content-type, cookie
x-ac: 2.hhn _atomic_ams MISS
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-hacker: Want root? Visit join.a8c.com and mention this header.
x-redirect-by: WordPress
x-xss-protection: 1; mode=block

GET
H2 200 style.css
cyble.com/wp-content/plugins/gutenberg/build/block-library/ 111 KB
15 KB 92ms
89ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/block-library/style.css?ver=18.4.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c0e726d70fa9b01231d8f05d84a0a6847989673734f996961d47c8049f42ab3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 23 May 2024 07:32:06 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"664ef0f6-1ba67"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.css
cyble.com/wp-content/themes/astra/assets/css/minified/ 48 KB
10 KB 92ms
90ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/themes/astra/assets/css/minified/frontend.min.css?ver=4.7.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2cb6dce7cbd8ec13c54b607be9a231681ea7579c70e6ff611c6b30718c8d9830

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 05 Jun 2024 09:02:09 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66602991-beee"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts-api.wp.com/ 5 KB
1 KB 156ms
44ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%2C500%7CRoboto%3A400&display=fallback&ver=4.7.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

282130b4513ec550a3c9dac332c3d31e9b969503930faf930581c13d172adc6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-nc: BYPASS hhn 1
last-modified: Tue, 11 Jun 2024 18:09:30 GMT
server: nginx
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin

GET
H2 200 frontend.css
cyble.com/wp-content/plugins/header-footer-elementor/inc/widgets-css/ 74 KB
8 KB 92ms
90ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/header-footer-elementor/inc/widgets-css/frontend.css?ver=1.6.35

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2e1a7712f0f392d9f17d1b045689a26f5717bb465bc977b299a02f9a7e375813

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 30 May 2024 13:48:40 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"665883b8-1284e"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.css
cyble.com/wp-content/plugins/layout-grid/ 58 KB
3 KB 92ms
90ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/layout-grid/style.css?ver=1643201242

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4ff079893cbfe8eebd0d49b7c8bcbeba131173b3e0da0e13210ad611869e0e36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 26 Jan 2022 12:47:22 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"61f142da-e64d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
cyble.com/wp-includes/js/mediaelement/ 11 KB
3 KB 92ms
91ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"5f735862-2bf8"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-mediaelement.min.css
cyble.com/wp-includes/js/mediaelement/ 4 KB
1 KB 93ms
91ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.5.4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"5cfaccce-105a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 front.min.css
cyble.com/wp-content/plugins/cookie-notice/css/ 5 KB
1 KB 93ms
91ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/cookie-notice/css/front.min.css?ver=2.4.16

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

029dedf319bc4536d9c663ae9c0b10c95d1e9f5dd1de0aa73172e9e89ae254cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 02 Apr 2024 16:50:24 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"660c3750-13c8"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 pj-news-ticker.css
cyble.com/wp-content/plugins/pj-news-ticker/public/css/ 426 B
742 B 122ms
121ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/pj-news-ticker/public/css/pj-news-ticker.css?ver=1.9.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

790b349be1914fde877d1307143688fb102447716476d468bd5190a4f487b1bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Tue, 23 Jan 2024 12:51:19 GMT
server: nginx
etag: "65afb647-1aa"
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 426
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 header-footer-elementor.css
cyble.com/wp-content/plugins/header-footer-elementor/assets/css/ 776 B
609 B 123ms
121ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/header-footer-elementor/assets/css/header-footer-elementor.css?ver=1.6.35

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

25825611ade7ceaed7df3862ec56dc91ad1d2be539966ef7bbe84306e51cfb08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 30 May 2024 13:48:40 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"665883b8-308"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend-lite.min.css
cyble.com/wp-content/plugins/elementor/assets/css/ 116 KB
15 KB 123ms
122ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.21.8

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

47579d0130e564c7b92c45ff380b54132089d467f7b943967df79cb2a2ab83ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 27 May 2024 04:24:17 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66540af1-1d0a1"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 swiper.min.css
cyble.com/wp-content/plugins/elementor/assets/lib/swiper/v8/css/ 16 KB
5 KB 123ms
122ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/swiper/v8/css/swiper.min.css?ver=8.4.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c57e64fcb72bddafa9c38de574441c3e69ac6c961df96b0cad34da83658bd196

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 27 May 2024 04:24:17 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66540af1-4057"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 post-5708.css
cyble.com/wp-content/uploads/elementor/css/ 1 KB
2 KB 123ms
123ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-5708.css?ver=1717584609

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

9281e92347951df7b3764862686c89f3344547c77e10096acbb5196ff6c8645f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Wed, 05 Jun 2024 10:50:09 GMT
server: nginx
etag: "666042e1-4bd"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 1213
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend-lite.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/ 11 KB
2 KB 124ms
123ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/frontend-lite.min.css?ver=3.21.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

1d014c39a7462223ad9b7121780f25bc6b2ee0c601f26c633e59b596c6afffe5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 24 May 2024 07:14:59 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66503e73-2b2d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 uael-frontend.min.css
cyble.com/wp-content/plugins/ultimate-elementor/assets/min-css/ 634 KB
69 KB 124ms
123ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/min-css/uael-frontend.min.css?ver=1.36.33

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

e7ff8cdf0b2d6e0b94dd28738282a8382413100aaea0f69ec81a158a55bf6887

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 10 Jun 2024 10:50:17 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6666da69-9e636"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 post-9211.css
cyble.com/wp-content/uploads/elementor/css/ 21 KB
21 KB 124ms
123ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-9211.css?ver=1718092684

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6b3f9ff0e310be8af784f69794a2e4900406ad30fbda4f82fdeb8a94b3614fe0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Tue, 11 Jun 2024 07:58:04 GMT
server: nginx
etag: "6668038c-5368"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 21352
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 subscription-modal.css
cyble.com/wp-content/plugins/jetpack/modules/comments/subscription-modal-on-comment/ 2 KB
864 B 124ms
124ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/modules/comments/subscription-modal-on-comment/subscription-modal.css?ver=13.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4191046282188511e39192189081ce8d7e1788b15e33e3f567c35bfafe70ae0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 22 Jan 2024 19:02:16 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65aebbb8-632"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 astra-addon-6666d7595feb07-68502867.css
cyble.com/wp-content/uploads/astra-addon/ 50 KB
50 KB 125ms
124ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/astra-addon/astra-addon-6666d7595feb07-68502867.css?ver=4.7.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

baa1ba8abd9c448362c3d78195086c35aec7e480a2fcc164899574946dac998f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Mon, 10 Jun 2024 10:37:13 GMT
server: nginx
etag: "6666d759-c694"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 50836
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 post-19102.css
cyble.com/wp-content/uploads/elementor/css/ 30 KB
31 KB 80ms
77ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-19102.css?ver=1717584610

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

1fdd1f2557312ea79ab0deaaa9c3dec9a2671e067839416a32fc8b699b9688c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Wed, 05 Jun 2024 10:50:10 GMT
server: nginx
etag: "666042e2-79a5"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 31141
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 post-29249.css
cyble.com/wp-content/uploads/elementor/css/ 18 KB
18 KB 80ms
78ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-29249.css?ver=1717584610

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

1d06242014fabc7be6a13c137113a9219c51850ca00f5b4ff8e1fb073c308a65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Wed, 05 Jun 2024 10:50:10 GMT
server: nginx
etag: "666042e2-4733"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 18227
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 post-40176.css
cyble.com/wp-content/uploads/elementor/css/ 1 KB
1 KB 80ms
78ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-40176.css?ver=1717584610

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

fec3ab99b7da211c21498630524f9e2ef23bea1e9fa69ea22f5714ffed68e87e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Wed, 05 Jun 2024 10:50:10 GMT
server: nginx
etag: "666042e2-49d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 1181
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts-api.wp.com/ 123 KB
6 KB 121ms
57ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css?family=Open+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CPoppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.5.4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

4b8521fd06207a88a9a06905d578dc414562bee7add4225a0e2478bf6f2a88e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
x-nc: BYPASS hhn 1
last-modified: Tue, 11 Jun 2024 18:09:30 GMT
server: nginx
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin

GET
H2 200 jetpack.css
cyble.com/wp-content/plugins/jetpack/css/ 106 KB
20 KB 81ms
78ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/css/jetpack.css?ver=13.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

448c2c8f586e597e18732391de3038defacd4fc0e67f1ff0378d0a62e2949f7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 27 May 2024 14:35:44 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66549a40-1a9a8"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.min.js Show response
cyble.com/wp-includes/js/jquery/ 86 KB
31 KB 81ms
79ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 28 Aug 2023 17:14:23 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"64ecd5ef-15601"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery-migrate.min.js Show response
cyble.com/wp-includes/js/jquery/ 13 KB
5 KB 82ms
80ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 09 Jun 2023 05:49:24 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6482bd64-3509"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 related-posts.min.js Show response
cyble.com/wp-content/plugins/jetpack/_inc/build/related-posts/ 6 KB
2 KB 82ms
80ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/_inc/build/related-posts/related-posts.min.js?ver=20240116

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a68827190bc01a61ee0a62ec59efa74497a6bc5aa8586f1fac50a58d0cf42d88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 19 Jun 2023 19:16:28 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6490a98c-1661"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 front.min.js Show response
cyble.com/wp-content/plugins/cookie-notice/js/ 8 KB
2 KB 82ms
80ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.16

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

08756c47213d461baa3b01f42448a76d11f524470c7a34f9018733889bd4f49c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 02 Apr 2024 16:50:24 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"660c3750-21fc"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 pj-news-ticker.js Show response
cyble.com/wp-content/plugins/pj-news-ticker/public/js/ 874 B
715 B 83ms
81ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/pj-news-ticker/public/js/pj-news-ticker.js?ver=1.9.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

bec72f63e5d121152a0daa5fb9e072ab99918433a082043acc76cb5b9c2aef12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 14 Feb 2024 14:23:19 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65ccccd7-36a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 368 KB
120 KB 331ms
64ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=GT-WKTZW36

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d2dee6d43c20b3785f9a08603c1763a4266a95410778dbad8d428cf5df357927

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 122566
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 11 Jun 2024 18:09:30 GMT

GET
H2 200 /
cyble.com/ 7 KB
2 KB 80ms
79ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/?custom-css=e73142b787

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

dd2cf95288ae11b2ea6d05876958888ab337f71a9e4f932bc825ef81acbde7fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

cf-edge-cache: cache,platform=wordpress
x-hacker: Want root? Visit join.a8c.com and mention this header.
date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
x-ac: 2.hhn _atomic_ams HIT
server: nginx
vary: Accept-Encoding, accept, content-type, cookie
content-type: text/css;charset=utf-8
host-header: WordPress.com
alt-svc: h3=":443"; ma=86400
expires: Wed, 11 Jun 2025 13:56:16 GMT

GET
H2 200 visioncyble.png
cyble.com/wp-content/uploads/2023/08/ 6 KB
7 KB 84ms
83ms Image
image/png 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2023/08/visioncyble.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b674ae72e31570fbfba5dd723788233676575b3d5ae6ca6f08846f1af6cd951c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Thu, 31 Aug 2023 04:03:56 GMT
server: nginx
etag: "64f0112c-19b2"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 6578
expires: Tue, 18 Jun 2024 08:01:01 GMT

GET
H2 200 hawk.png
cyble.com/wp-content/uploads/2024/01/ 4 KB
5 KB 86ms
84ms Image
image/png 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2024/01/hawk.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d3e5d32e12dd4b8462cc89b6ea7b148b63a9f7a80b5879257df116c030c9c10c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Mon, 22 Jan 2024 14:16:05 GMT
server: nginx
etag: "65ae78a5-11a0"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 4512
expires: Tue, 18 Jun 2024 08:01:01 GMT

GET
H3 200 favicon-32x32-1.png
cyble.com/wp-content/uploads/2024/05/ 1 KB
2 KB 41ms
40ms Image
image/png 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2024/05/favicon-32x32-1.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

444ddf787deff39d7f0971825470863a3086ad0a5050c3e62eeb43f054840a4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Thu, 23 May 2024 08:16:42 GMT
server: nginx
etag: "664efb6a-5a2"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 1442
expires: Tue, 18 Jun 2024 08:01:02 GMT

GET
H3 200 cybleodin.png
cyble.com/wp-content/uploads/2023/08/ 7 KB
7 KB 43ms
41ms Image
image/png 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2023/08/cybleodin.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

02691c38db1b70e6897e594025a6080e91d8ff8e6af11d3c76d922af318cdc69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Mon, 04 Sep 2023 07:06:50 GMT
server: nginx
etag: "64f5820a-1a66"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 6758
expires: Tue, 18 Jun 2024 08:01:02 GMT

GET
H3 200 cyberexpress.png
cyble.com/wp-content/uploads/2024/01/ 13 KB
14 KB 78ms
77ms Image
image/png 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2024/01/cyberexpress.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a4f072af9676801501625f6a62f9aad94c502c63a6e26f87d950b74ae23609c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Mon, 22 Jan 2024 14:15:51 GMT
server: nginx
etag: "65ae7897-3555"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 13653
expires: Tue, 18 Jun 2024 08:03:34 GMT

GET
H3 200 products-img-copy.webp
cyble.com/wp-content/uploads/2024/05/ 116 KB
116 KB 241ms
222ms Image
image/webp 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2024/05/products-img-copy.webp

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

bac4ad58a5fd50a805c9b5fb87e844c16c61ea654bf12a8067fef84062ad7d31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Thu, 23 May 2024 10:06:06 GMT
server: nginx
etag: "664f150e-1cf8c"
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 118668
expires: Tue, 18 Jun 2024 08:03:40 GMT

GET
H3 200 research-report.webp
cyble.com/wp-content/uploads/2024/02/ 22 KB
22 KB 265ms
246ms Image
image/webp 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2024/02/research-report.webp

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

af359a9b4fe881027d634b8657d489acb4253801c908c389390a1c0e9c077a0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Fri, 09 Feb 2024 07:49:38 GMT
server: nginx
etag: "65c5d912-5766"
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 22374
expires: Tue, 18 Jun 2024 08:03:40 GMT

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 228ms
128ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js?ver%3C%=DateTime.Now.Ticks.ToString()%%3E

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3452763
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27938
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "603e8adc-15d9d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wq2ECzb1Ui8XYJw5lwZEZqMEfycl9991SdzTVqgnn2QclPYuylcS28PxyW4pPYFw%2BzaWlQdqdrS4qas3dsZtojIR%2B%2FKWIi15RtLEXbL9wC%2F%2FREq0P3cKXZHsOF6MvlZe6BxnvynW"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 89238d7568d85d79-FRA
expires: Sun, 01 Jun 2025 18:09:30 GMT

GET
H2

200

gsap.min.js Show response
unpkg.com/gsap@3.12.5/dist/
Redirect Chain

https://unpkg.co/gsap@3/dist/gsap.min.js?ver%3C%=DateTime.Now.Ticks.ToString()%%3E
https://unpkg.com/gsap@3/dist/gsap.min.js?ver%3C%=DateTime.Now.Ticks.ToString()%%3E
https://unpkg.com/gsap@3/dist/gsap.min.js
https://unpkg.com/gsap@3.12.5/dist/gsap.min.js

71 KB
38 KB

79ms
79ms

Script
application/javascript

2606:4700::6811:f6cb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/gsap@3.12.5/dist/gsap.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Server

2606:4700::6811:f6cb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

28033e449a31ebcc396e5be8b13b63152bf03094288fb5867034321927bce087

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
content-encoding: gzip
via: 1.1 fly.io
cf-cache-status: HIT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 7781194
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HRWB43A6TE8BD4Z9H4EWPJTV-fra
server: cloudflare
etag: "11a16-LSb0wGBJGsmA0JymhziNNhAlbrc"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 89238d776f22910d-FRA

Redirect headers

date: Tue, 11 Jun 2024 18:09:30 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
fly-request-id: 01J047DC0KRMG51GHKEFQC2DST-fra
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 456
server: cloudflare
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /gsap@3.12.5/dist/gsap.min.js
cache-control: public, s-maxage=600, max-age=60
cf-ray: 89238d771e99910d-FRA

GET
H2

200

Draggable.min.js Show response
unpkg.com/gsap@3.12.5/dist/
Redirect Chain

https://unpkg.com/gsap@3/dist/Draggable.min.js?ver%3C%=DateTime.Now.Ticks.ToString()%%3E
https://unpkg.com/gsap@3/dist/Draggable.min.js
https://unpkg.com/gsap@3.12.5/dist/Draggable.min.js

35 KB
18 KB

73ms
72ms

Script
application/javascript

2606:4700::6811:f6cb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/gsap@3.12.5/dist/Draggable.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Server

2606:4700::6811:f6cb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7851a6e073db7e856a91241c222624ca463042b17666cff2772b5e4ac64436a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
content-encoding: gzip
via: 1.1 fly.io
cf-cache-status: HIT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 7776460
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HRWFMFJCS1K59HAGRS4HR8RQ-fra
server: cloudflare
etag: "8a94-HTZjIxm5OZUF37t9NM8RcD3q8Uo"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 89238d778f44910d-FRA

Redirect headers

date: Tue, 11 Jun 2024 18:09:30 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
fly-request-id: 01J047V65Q7XYFV4S7ZFGKJXFB-fra
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 3
server: cloudflare
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /gsap@3.12.5/dist/Draggable.min.js
cache-control: public, s-maxage=600, max-age=60
cf-ray: 89238d771e9b910d-FRA

GET
H3 200 widget-icon-list.min.css
cyble.com/wp-content/plugins/elementor/assets/css/ 10 KB
1 KB 96ms
91ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/widget-icon-list.min.css

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7313b1eb4c569200d3220d91d45dcb861827d6a61003d7cb0523ecbfe1b76476

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 27 May 2024 04:24:17 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66540af1-26c9"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Tue, 18 Jun 2024 08:01:04 GMT

GET
H3 200 widget-theme-elements.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/ 10 KB
2 KB 99ms
93ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/widget-theme-elements.min.css

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ec875a62e570cca94dae1f788d91eb6c3fa201839bdd2100a11435d877a457dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 24 May 2024 07:14:59 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66503e73-2708"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Tue, 18 Jun 2024 08:01:04 GMT

GET
H2

200

widget.js Show response
www.gartner.com/peer-insights/vendor-portal/public/Widget/js/
Redirect Chain

https://www.gartner.com/reviews/technology-providers/public/Widget/js/widget.js
https://www.gartner.com/peer-insights/vendor-portal/public/Widget/js/widget.js

13 KB
4 KB

81ms
79ms

Script
application/javascript

2606:4700:4400::6812:22dd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gartner.com/peer-insights/vendor-portal/public/Widget/js/widget.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Protocol: H2
Server: 2606:4700:4400::6812:22dd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 6dc90b0b36f3fca84ded0289b324c55a19a663b2b742b9b244508aae6526c51d

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
content-encoding: br
cf-cache-status: HIT
age: 4121291
cf-polished: origSize=19335
x-powered-by: Express
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 16 Apr 2024 10:59:11 GMT
server: cloudflare
etag: W/"4b87-18ee68f8c18"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=0
cf-ray: 89238d771b622ba8-FRA

Redirect headers

date: Tue, 11 Jun 2024 18:09:30 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/html
location: https://www.gartner.com/peer-insights/vendor-portal/public/Widget/js/widget.js
cache-control: max-age=3600
cf-ray: 89238d767abe2ba8-FRA
alt-svc: h3=":443"; ma=86400
content-length: 167
expires: Tue, 11 Jun 2024 19:09:30 GMT

GET
H2 200 Figure-1-NoEscape-RaaS-Affiliate-Panel.png
i0.wp.com/cyble.com/wp-content/uploads/2023/06/ 34 KB
35 KB 122ms
25ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2023/06/Figure-1-NoEscape-RaaS-Affiliate-Panel.png?w=601&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

1de115cafc1affe004ea56f0b2268116333c0a1637b6e1951a51d4d0be1134e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 35320
x-nc: HIT hhn 1
last-modified: Mon, 10 Jun 2024 13:13:14 GMT
server: nginx
etag: "8616c60e5fc6abbc"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://cyble.com/wp-content/uploads/2023/06/Figure-1-NoEscape-RaaS-Affiliate-Panel.png>; rel="canonical"
expires: Thu, 11 Jun 2026 01:13:14 GMT

GET
H3 200 widget-share-buttons.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/ 32 KB
3 KB 111ms
104ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/widget-share-buttons.min.css

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

e682faa8fbbe5bc2269aa2b011484a0fd8323bfe9f0c193f5c228559ea0c2f4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 24 May 2024 07:14:59 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66503e73-7f52"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Tue, 18 Jun 2024 08:01:04 GMT

GET
H3 200 widget-posts.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/ 14 KB
3 KB 112ms
104ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/widget-posts.min.css

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

75fe3fd162bdb4872633d5232d1d94359a212d866405a1c7fc6b6c090412d836

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 24 May 2024 07:14:59 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66503e73-3804"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Tue, 18 Jun 2024 08:01:04 GMT

GET
H2 200 bilmur.min.js Show response
s0.wp.com/wp-content/js/ 6 KB
3 KB 139ms
116ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/bilmur.min.js?m=202424
Requested by: Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 216728e33a7de4be9b784eff527c6ccf1658319ea78fe66a7864c0b923200252

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Tue, 11 Jun 2024 18:09:30 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
last-modified: Wed, 15 Nov 2023 17:05:24 GMT
server: nginx
etag: W/"6554fa54-161b"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
expires: Tue, 10 Jun 2025 00:00:03 GMT

GET
H2 200 cropped-Cyble-Threat-Intelligence.png
i0.wp.com/cyble.com/wp-content/uploads/2024/01/ 4 KB
5 KB 128ms
105ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/01/cropped-Cyble-Threat-Intelligence.png?fit=300%2C100&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

7c62e2dd759bf92e6098e34877ea502a6c161ec325bb677703aba53ec6886d53

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 4562
x-nc: HIT hhn 2
last-modified: Wed, 10 Apr 2024 09:49:55 GMT
server: nginx
etag: "0c94240fa7c116b0"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://cyble.com/wp-content/uploads/2024/01/cropped-Cyble-Threat-Intelligence.png>; rel="canonical"
expires: Fri, 10 Apr 2026 21:49:55 GMT

GET
H3 200 v2.js Show response
js.hsforms.net/forms/embed/ 482 KB
156 KB 233ms
115ms Script
application/javascript 104.18.141.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/embed/v2.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.141.119 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: gzip
age: 464
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5387/bundles/project-v2.js&cfRay=892382227f5c195e-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"56164b8f5dbcf6e65e555e48d5d6176a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.5387/bundles/project-v2.js
date: Tue, 11 Jun 2024 18:09:30 GMT
x-amz-version-id: mnlqbpb.vUvH_hPLxl7NeOxIrfIBia92
x-content-type-options: nosniff
cf-cache-status: HIT
via: 1.1 7610b91e2653cd801af5fb6517906ed4.cloudfront.net (CloudFront)
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD66-C1
x-hubspot-correlation-id: 5b670fca-d027-4412-bfae-df17a955a367
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5b670fca-d027-4412-bfae-df17a955a367
last-modified: Thu, 06 Jun 2024 13:36:59 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A0nGVfKnfNzPCQOOVEyvYgyemOlv9usZ9aE%2F%2B%2B3GfwMXFCKZl%2BDsZSNBpStqweLiLMQYi0qB2SMaeaHslGKwNs996aq5EFOxJ0xAFyd6vooLK31JDBJStHlvGq9OYWC9"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-rcvgx
cf-ray: 89238d758c191907-FRA
x-amz-cf-id: UB4nn5T3MA4R7tYkpNjXOAUXt0o-GcS5zdI_AjKPiF6gUkZroYnQPQ==

GET
H3 200 view.css
cyble.com/wp-content/plugins/jetpack/_inc/blocks/subscriptions/ 8 KB
1 KB 112ms
104ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/_inc/blocks/subscriptions/view.css?minify=false&ver=13.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

06b5d7b5a104259f6edf86af71454a9a43d26a63e99b9121b1729fd512c8db4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 06 May 2024 19:42:24 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"663932a0-20bc"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 magamenu-frontend.min.css
cyble.com/wp-content/plugins/astra-addon/addons/nav-menu/assets/css/minified/ 0
298 B 112ms
106ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-addon/addons/nav-menu/assets/css/minified/magamenu-frontend.min.css?ver=4.7.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Mon, 10 Jun 2024 10:37:07 GMT
server: nginx
etag: "6666d753-0"
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 rs6.css
cyble.com/wp-content/plugins/revslider/sr6/assets/css/ 57 KB
13 KB 113ms
106ms Stylesheet
text/css 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/revslider/sr6/assets/css/rs6.css?ver=6.7.10

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d2a7a173045c7ed2c9474ee0edd3ebc0389454132b0a16e55b3eae6402c46a05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 10 May 2024 07:01:32 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"663dc64c-e3d7"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 frontend.min.js Show response
cyble.com/wp-content/themes/astra/assets/js/minified/ 22 KB
6 KB 114ms
107ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=4.7.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8da564575296935f5b6e332e092c8b57d8ac389a0894df83bf26178ce85763a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 05 Jun 2024 09:02:09 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66602991-58c2"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 21289959.js Show response
js.hs-scripts.com/ 2 KB
1 KB 638ms
367ms Script
application/javascript 2606:4700::6810:8dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=11.1.21

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8dd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0641744c1c94355245e7f8ab83a10548e0330e546bf55dfe4fa94467cc3516c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: eb599b8e-f51d-4f41-9b4f-ab6dd3597cbd
x-envoy-upstream-service-time: 6
content-length: 675
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: eb599b8e-f51d-4f41-9b4f-ab6dd3597cbd
last-modified: Tue, 11 Jun 2024 18:04:07 GMT
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5d47c8d44f-wp4m5
access-control-allow-credentials: true
cache-control: public, max-age=90
accept-ranges: bytes
cf-ray: 89238d767de468ef-FRA
expires: Tue, 11 Jun 2024 18:11:00 GMT

GET
H3 200 rbtools.min.js Show response
cyble.com/wp-content/plugins/revslider/sr6/assets/js/ 161 KB
62 KB 266ms
248ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/revslider/sr6/assets/js/rbtools.min.js?ver=6.7.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c4596b16b126326b0d8fc2fb8bf91389ad3dc4671a269187913c19a8f2ad1094

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 10 May 2024 07:01:32 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"663dc64c-285db"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 rs6.min.js Show response
cyble.com/wp-content/plugins/revslider/sr6/assets/js/ 406 KB
107 KB 300ms
282ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/revslider/sr6/assets/js/rs6.min.js?ver=6.7.10

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

cdb27c4c29bde44208797bb665ed9a873bfbb2f8ea64461638ae8e82d6546d8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 10 May 2024 07:01:32 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"663dc64c-65891"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 wp-polyfill-inert.min.js Show response
cyble.com/wp-includes/js/dist/vendor/ 8 KB
3 KB 117ms
112ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 18 Jan 2023 11:16:33 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"63c7d511-1feb"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 regenerator-runtime.min.js Show response
cyble.com/wp-includes/js/dist/vendor/ 6 KB
3 KB 118ms
113ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.14.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

1d52e1ac7d3bc25a8b0ffc257153f9dd50249f96fe9a4df5e0d771241a69062c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 19 Sep 2023 19:30:24 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6509f6d0-19e1"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 wp-polyfill.min.js Show response
cyble.com/wp-includes/js/dist/vendor/ 38 KB
14 KB 119ms
113ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

17b79ece7ef9d1454a90156690d33d64387b67a7a7548fc826012512e287a937

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 31 Jan 2024 12:59:56 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65ba444c-96be"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 index.min.js Show response
cyble.com/wp-content/plugins/gutenberg/build/dom-ready/ 460 B
774 B 123ms
118ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/dom-ready/index.min.js?ver=222ad38e3e5e302c8bbf

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

52d995270969aed722e4e20184d2d424f0e1afb1040ef2273549bf0ba7c75d07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Wed, 31 Jan 2024 23:08:20 GMT
server: nginx
etag: "65bad2e4-1cc"
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 460
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 main.js Show response
cyble.com/wp-content/plugins/astra-pro-sites/inc/lib/onboarding/assets/dist/template-preview/ 6 KB
3 KB 145ms
139ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-pro-sites/inc/lib/onboarding/assets/dist/template-preview/main.js?ver=06758d4d807d9d22c6ea

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4a8bd33bfe771e0bd46fade45435a9fa2d0c3a8af2409b1f5a74a6b96b03faa9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 10 Jun 2024 10:37:44 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6666d778-19b5"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 subscription-modal.js Show response
cyble.com/wp-content/plugins/jetpack/modules/comments/subscription-modal-on-comment/ 3 KB
1 KB 165ms
156ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/modules/comments/subscription-modal-on-comment/subscription-modal.js?ver=13.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

30e8dec743d4c3da4cb39797b8bd5da2ba3d68925d5fc9762a62931238e7f6c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 22 Jan 2024 19:02:16 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65aebbb8-de3"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 astra-addon-6666d759770172-83845787.js Show response
cyble.com/wp-content/uploads/astra-addon/ 37 KB
37 KB 166ms
157ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/astra-addon/astra-addon-6666d759770172-83845787.js?ver=4.7.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0e9ff8eedf45682fb97ed8924ef3d70e76b00f8c5684206e467d8a9675bc8971

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Mon, 10 Jun 2024 10:37:13 GMT
server: nginx
etag: "6666d759-939d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 37789
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 e-202424.js Show response
stats.wp.com/ 7 KB
3 KB 291ms
22ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202424.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 5badd609a51ede5bab5b89534fc3011a4dd1ab487cc7081d7cf38479bcbab855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-minify-cache: hit
x-nc: HIT hhn
date: Tue, 11 Jun 2024 18:09:30 GMT
content-encoding: br
server: nginx
x-minify: t
etag: W/14421-1717166114261.106
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
alt-svc: h3=":443"; ma=86400
expires: Tue, 03 Jun 2025 09:23:42 GMT

GET
BLOB 200
OK 74a80217-abe2-4a43-b3e7-c0f29fdaf0a3
https://cyble.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://cyble.com/74a80217-abe2-4a43-b3e7-c0f29fdaf0a3
Requested by: Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Length: 1185
Content-Type: text/javascript

GET
H3 200 jetpack-carousel.min.js Show response
cyble.com/wp-content/plugins/jetpack/_inc/build/carousel/ 23 KB
8 KB 177ms
167ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/_inc/build/carousel/jetpack-carousel.min.js?ver=13.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

94f83a6214b9eb056136d8c2de50f1bef8141e7da5aa0c744b5dc80dba388545

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 26 Feb 2024 18:23:14 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65dcd712-5d89"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 helper.min.js Show response
cyble.com/wp-content/plugins/optinmonster/assets/dist/js/ 2 KB
1 KB 179ms
169ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/optinmonster/assets/dist/js/helper.min.js?ver=2.16.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a67748caf04244e16b3434fce2e110af93332848b04bd86b659132505286609a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 17 May 2024 00:35:55 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6646a66b-7cb"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 imagesloaded.min.js Show response
cyble.com/wp-includes/js/ 5 KB
2 KB 180ms
171ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/imagesloaded.min.js?ver=5.0.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b65b3de1bc923b9355248a0d941a0eaee15dfb9a6b8eadb51323a8df6189dcd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 11 Aug 2023 18:18:26 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"64d67b72-1590"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 uael-nav-menu.min.js Show response
cyble.com/wp-content/plugins/ultimate-elementor/assets/min-js/ 20 KB
4 KB 181ms
172ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/min-js/uael-nav-menu.min.js?ver=1.36.33

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a72fb86e087a914701c121d199dbd32977ba67eb19b327c040f02010736eb012

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 10 Jun 2024 10:50:06 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6666da5e-51a4"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 jquery_resize.min.js Show response
cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/jquery-element-resize/ 3 KB
2 KB 182ms
173ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/jquery-element-resize/jquery_resize.min.js?ver=1.36.33

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

54c8ea0d64c3d52573359befbd4e5fab7ff3d18abedf40759fba7d500832177a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 10 Jun 2024 10:50:06 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6666da5e-d5e"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 js_cookie.min.js Show response
cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/js-cookie/ 2 KB
1 KB 183ms
174ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/js-cookie/js_cookie.min.js?ver=1.36.33

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

945f333ee61c0da7432df2210a10e3670b38ac2949abe8599a969c00c5db8965

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 10 Jun 2024 10:50:06 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"6666da5e-7a4"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 view.js Show response
cyble.com/wp-content/plugins/jetpack/_inc/blocks/subscriptions/ 4 KB
2 KB 187ms
179ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/_inc/blocks/subscriptions/view.js?minify=false&ver=13.5

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

3fb4d7917741c9844dc5685b70d497c8a2d4438f65393721b53278c4ce76f83a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 20 May 2024 19:33:44 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"664ba598-1027"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 webpack-pro.runtime.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 6 KB
3 KB 189ms
180ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.21.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

70208adf6f66d47e2c620793900d2f60c79f2b90ab74eb2e2c3e8fbb086c3bc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 24 May 2024 07:14:59 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66503e73-16c1"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 webpack.runtime.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 5 KB
2 KB 195ms
186ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.21.8

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ff8380deeec8242b5394f3a31c65131cbc93ab61c893b70fd7193ed3dcc5da49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 27 May 2024 04:24:17 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66540af1-1385"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 frontend-modules.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 62 KB
18 KB 198ms
189ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.21.8

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a1b55c60b2932718ecb30670a31fea070a799f8608a9977e0a01f46ba9cf4b38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 27 May 2024 04:24:17 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66540af1-f72b"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 index.min.js Show response
cyble.com/wp-content/plugins/gutenberg/build/hooks/ 4 KB
2 KB 199ms
191ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/hooks/index.min.js?ver=3aee234ea7807d8d70bc

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

24004b1763b0275d5a1d9f66f08616a54b95aeec1f0034766bbb479679a82fc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 31 Jan 2024 23:08:20 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65bad2e4-10a6"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 index.min.js Show response
cyble.com/wp-content/plugins/gutenberg/build/i18n/ 9 KB
4 KB 207ms
199ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/i18n/index.min.js?ver=5baa98e4345eccc97e24

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d743ad07240fdc75d2e2a357b4ff44b334f6d4c53683e31e824aaf61d3bad0c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 31 Jan 2024 23:08:20 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65bad2e4-227d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 frontend.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 24 KB
7 KB 211ms
202ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.21.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

3bc6a0f70b8792cf5564c7d756264316f1dce7b89e09db51730c6e8563fe5ecb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 24 May 2024 07:14:59 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66503e73-61ea"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 waypoints.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/lib/waypoints/ 12 KB
3 KB 216ms
208ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 27 May 2024 04:24:17 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66540af1-2fa6"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 core.min.js Show response
cyble.com/wp-includes/js/jquery/ui/ 21 KB
7 KB 236ms
229ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 02 Feb 2023 16:36:32 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"63dbe690-53be"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 frontend.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 39 KB
13 KB 237ms
219ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.21.8

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

36d8ec85c22c81136c75a65428184e376ae4cf635cabaffac7b42b9c53e43322

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 27 May 2024 04:24:17 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66540af1-9c24"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 elements-handlers.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 37 KB
10 KB 238ms
219ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.21.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a2a915b430d2ecabd493dab5cd1c465e2cfe2b1515e51417f836896ce7be84f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 24 May 2024 07:14:59 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66503e73-958a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/ 105 KB
32 KB 404ms
45ms Script
text/javascript 2600:9000:2644:d200:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:d200:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f233bb3ca2c2c51276ed0442f6451d25b64660e612d6e23b09ca90b1f8d9886f

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

X-Amz-Version-Id: wFy4q69MkOeacU7kXGFzxVyLhJK8QOqn
Content-Encoding: gzip
Via: 1.1 146c0f4d7da9f5b3108ac41c3becbb82.cloudfront.net (CloudFront)
Date: Tue, 11 Jun 2024 18:04:12 GMT
Age: 319
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Tue, 11 Jun 2024 11:46:00 GMT
Server: AmazonS3
Etag: W/"305a6fd50cb49f4ba5b37aa77afd9259"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: Xa49jMruoGEbOruMRrMcrQsnzuTGquJAF9dQTttqd6RMGVzbupzddg==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 278 KB
97 KB 334ms
89ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

204a63d4db5a3c68102086f97005bd889e02d219a577d886ee953315dd016c20

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 99668
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 11 Jun 2024 18:09:30 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.wp.com/s/poppins/v21/ 8 KB
8 KB 259ms
23ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%2C500%7CRoboto%3A400&display=fallback&ver=4.7.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Tue, 11 Jun 2024 18:09:30 GMT
x-content-type-options: nosniff
last-modified: Fri, 22 Mar 2024 00:00:38 GMT
server: nginx
age: 94403
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 7884
x-xss-protection: 0

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.wp.com/s/poppins/v21/ 8 KB
8 KB 259ms
24ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%2C500%7CRoboto%3A400&display=fallback&ver=4.7.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Tue, 11 Jun 2024 18:09:30 GMT
x-content-type-options: nosniff
last-modified: Fri, 22 Mar 2024 00:01:14 GMT
server: nginx
age: 94401
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 7748
x-xss-protection: 0

GET
H3 200 astra.woff
cyble.com/wp-content/themes/astra/assets/fonts/ 3 KB
4 KB 239ms
239ms Font
application/font-woff 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/themes/astra/assets/fonts/astra.woff

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ec7ef7aa5fd1e019f1c26193e95e46d481d4983673936a9dda086705ada6e3d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
strict-transport-security: max-age=31536000
x-ac: 2.hhn _atomic_ams HIT
last-modified: Wed, 05 Jun 2024 09:02:09 GMT
server: nginx
etag: "66602991-ce8"
access-control-allow-methods: GET, HEAD
content-type: application/font-woff
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 3304
expires: Tue, 18 Jun 2024 08:01:04 GMT

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.wp.com/s/poppins/v21/ 8 KB
8 KB 258ms
23ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%2C500%7CRoboto%3A400&display=fallback&ver=4.7.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Tue, 11 Jun 2024 18:09:30 GMT
x-content-type-options: nosniff
last-modified: Fri, 22 Mar 2024 00:00:32 GMT
server: nginx
age: 93802
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 7816
x-xss-protection: 0

GET
H2 200 cropped-Cyble-Threat-Intelligence.png
i0.wp.com/cyble.com/wp-content/uploads/2024/01/ 2 KB
2 KB 100ms
100ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/01/cropped-Cyble-Threat-Intelligence.png?resize=150%2C50&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

9d02f1a51000b5df3329a443ce51f1e8e5052e4d9acf2dde92af8907c0f32860

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 2048
x-nc: HIT hhn 2
last-modified: Mon, 22 Jan 2024 14:31:14 GMT
server: nginx
etag: "c125b91f66c82522"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://cyble.com/wp-content/uploads/2024/01/cropped-Cyble-Threat-Intelligence.png>; rel="canonical"
expires: Thu, 22 Jan 2026 02:31:14 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 221 KB
81 KB 69ms
67ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-361856552&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5915396cb9f9fff89a42497362e0091557b391dd1cf22be0a2731eadf3d9ea7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83114
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 11 Jun 2024 18:09:30 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 47 KB
17 KB 147ms
49ms Script
application/javascript 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 20 May 2024 16:52:20 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=77787
accept-ranges: bytes
content-length: 16683

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 126ms
28ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 11 Jun 2024 17:41:03 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 1707
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 11 Jun 2024 19:41:03 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 219 KB
59 KB 140ms
43ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

83ebe8170b3b5dda2d20a80fe205ec14e1f8cb19ed40cfe73d480087b588e56c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 11 Jun 2024 18:09:30 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57975
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=12, mss=1297, tbw=2793, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma: public
x-fb-debug: Z33E6hVuWe6C5Iov1N58S4iOshyxLtc1R8Rq+b14kQCSqGzmA6caMpF6XX2WkImG/yDUt8ZmLaNN4aEpRzVlcQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 21289959.js Show response
js.hs-scripts.com/ 2 KB
877 B 337ms
337ms Script
application/javascript 2606:4700::6810:8dd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/21289959.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8dd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c1f25e67665d0c9004415a52ab9faeca8d9bf4ed689c07373343995b4beed49

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 7c84a262-6b58-4813-9578-13b6030b2b72
x-envoy-upstream-service-time: 8
content-length: 676
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 7c84a262-6b58-4813-9578-13b6030b2b72
last-modified: Tue, 11 Jun 2024 18:04:49 GMT
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5d47c8d44f-wp4m5
access-control-allow-credentials: true
cache-control: public, max-age=90
accept-ranges: bytes
cf-ray: 89238d781f9068ef-FRA
expires: Tue, 11 Jun 2024 18:11:01 GMT

GET
H2 200 hf2o0cm7gp Show response
www.clarity.ms/tag/ 801 B
1 KB 1073ms
949ms Script
application/x-javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/hf2o0cm7gp?ref=gtm2
Requested by: Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: c2cbdc9cf0321e7226108ef8657bb1ea371f2a3ea47f1c81aed2b583e420251a

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

expires: -1
date: Tue, 11 Jun 2024 18:09:31 GMT
x-azure-ref: 20240611T180931Z-16577d9575d9l9l8ba67b06k100000000d4000000000xbby
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 801
request-context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 368 KB
120 KB 102ms
102ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=GT-WKTZW36&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

865e7f4007fbf89709040fa18fb6a60081f425a74d603b3883321a6615722ab5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 122804
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 11 Jun 2024 18:09:30 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 117ms
36ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-N9ZXY95EM4&gtm=45Pe46a0v9106873920za200zb868834701&_p=1718129370360&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tcfd=10001&tag_exp=0&gdid=dZTNiMT&cid=1469679796.1718129371&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.141%7CChromium%3B125.0.6422.141%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1718129370&sct=1&seg=0&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fevasive-noescape-ransomware-uses-reflective-dll-injection%2F&dt=Cyble%20-%20Evasive%20NoEscape%20Ransomware%20Uses%20Reflective%20DLL%20Injection&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=4188&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=GT-WKTZW36
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 11 Jun 2024 18:09:31 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 purify.min.js Show response
cdnjs.cloudflare.com/ajax/libs/dompurify/2.4.3/ 21 KB
8 KB 71ms
70ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.4.3/purify.min.js

Requested by

Host: www.gartner.com
URL: https://www.gartner.com/reviews/technology-providers/public/Widget/js/widget.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

265dc9381f2b760551a12eb31f4bbc194ea6609b90fd79a59fc53cb0e1210146

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 428999
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 7628
last-modified: Fri, 06 Jan 2023 14:33:26 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "63b83136-1dcc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nyOz7KDVZdLvGDvTeXwZ2MQn5pmLEXhO99nbmcicL0hEPQ5h%2FeXrwnM5fF21FajKm6KlXxApaDlvkfwP0oPw901xzfReWLcvjovnN5lE7m1mf%2FFD%2Bo6tXSJBBOKp4ixepxZjFq7h"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 89238d786d145d79-FRA
expires: Sun, 01 Jun 2025 18:09:30 GMT

GET
H3 200 widget.css
www.gartner.com/peer-insights/vendor-portal/public/Widget/css/ 155 KB
111 KB 85ms
85ms Stylesheet
text/css 172.64.153.35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gartner.com/peer-insights/vendor-portal/public/Widget/css/widget.css
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/reviews/technology-providers/public/Widget/js/widget.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.153.35 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 2d7c46ebb2b355059209e45367e00513f668aef1ddac8cd23a8107f67618c239

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
content-encoding: br
cf-cache-status: HIT
age: 4120858
cf-polished: origSize=168770
x-powered-by: Express
x-envoy-upstream-service-time: 5
server-timing: dtSInfo;desc="0", dtRpid;desc="297616541"
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 16 Apr 2024 11:08:09 GMT
server: cloudflare
etag: W/"29342-18ee697c1a8"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0
cf-ray: 89238d785c523809-FRA

GET
H2 200 data
www.gartner.com/peer-insights/vendor-portal/public/Widget/ Frame 1449 0
0 560ms
64ms Document
text/html 2606:4700:4400::6812:22dd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gartner.com/peer-insights/vendor-portal/public/Widget/data?widget_id=OGI4MjFjNTctM2JmYS00ZmE3LWE1NjgtOTY0NmZlNGEyNjI4&size=large
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/reviews/technology-providers/public/Widget/js/widget.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22dd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

age: 4118525
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
cf-ray: 89238d7b8d5718d9-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 11 Jun 2024 18:09:31 GMT
server: cloudflare
server-timing: dtSInfo;desc="0", dtRpid;desc="-1026088060"
vary: Accept-Encoding
x-envoy-upstream-service-time: 32
x-oneagent-js-injection: true
x-powered-by: Express
x-ruxit-js-agent: true

GET
H2 200 ELNAF2EZDFHJRAP3ODLCUU Show response
d.adroll.com/consent/check/ 482 B
575 B 366ms
36ms Script
application/javascript 2a05:d018:cc3:fe04:9297:b64d:a588:fbec
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/ELNAF2EZDFHJRAP3ODLCUU?pv=49691025773.56197&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fevasive-noescape-ransomware-uses-reflective-dll-injection%2F&_s=12ea166d47a52b30c8a6703adf1ceab1&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:cc3:fe04:9297:b64d:a588:fbec Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: f3ad47c17d7a3be46f8e0f8a43887410419069238488ed969e72bccb9db86a6b

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
server: nginx/1.22.1
content-length: 482
content-type: application/javascript

GET
H2 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.wp.com/s/poppins/v21/ 8 KB
8 KB 18ms
16ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Open+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CPoppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.5.4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Tue, 11 Jun 2024 18:09:31 GMT
x-content-type-options: nosniff
last-modified: Fri, 22 Mar 2024 00:02:55 GMT
server: nginx
age: 338136
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 7840
x-xss-protection: 0

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.wp.com/s/poppins/v21/ 8 KB
8 KB 18ms
16ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Tue, 11 Jun 2024 18:09:31 GMT
x-content-type-options: nosniff
last-modified: Fri, 22 Mar 2024 00:00:59 GMT
server: nginx
age: 1778
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 8000
x-xss-protection: 0

GET
H3 200 Cyble-Blogs-NoEscape-Ransomware-2-1.png
i0.wp.com/cyble.com/wp-content/uploads/2023/06/ 609 KB
609 KB 30ms
29ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2023/06/Cyble-Blogs-NoEscape-Ransomware-2-1.png?w=1200&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

aaeb06028d60cb2d9a5d970be72d27d231891a9c75cb063e9cd30519a9a101c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 623598
x-nc: HIT hhn 3
last-modified: Mon, 10 Jun 2024 13:13:22 GMT
server: nginx
etag: "3b154b46910906d1"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://cyble.com/wp-content/uploads/2023/06/Cyble-Blogs-NoEscape-Ransomware-2-1.png>; rel="canonical"
expires: Thu, 11 Jun 2026 01:13:22 GMT

GET
H2 200 api.min.js Show response
a.omappapi.com/app/js/ 51 KB
18 KB 182ms
51ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 99142e3048ff980fa6ac618f8f99305efdf4bd1afa17aa842ae535a59716936d

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-661
cdn-cachedat: 06/06/2024 21:13:08
cdn-pullzone: 293267
last-modified: Mon, 15 Apr 2024 18:01:26 GMT
server: BunnyCDN-DE1-1082
cdn-fileserver: 750
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"661d6b76-cc60"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 2b2c864011b3f80fb47c1ce8b45293ed
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 pxiDyp8kv8JHgFVrJJLm21lVF9eO.woff2
fonts.wp.com/s/poppins/v21/ 9 KB
9 KB 34ms
33ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v21/pxiDyp8kv8JHgFVrJJLm21lVF9eO.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

f0ae296f5c19db047491f1311d621ff18960b34cfa9cb07b69932a02ec298366

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Tue, 11 Jun 2024 18:09:31 GMT
x-content-type-options: nosniff
last-modified: Fri, 22 Mar 2024 00:02:56 GMT
server: nginx
age: 337818
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 8712
x-xss-protection: 0

GET
H2 200 pxiGyp8kv8JHgFVrJJLucHtA.woff2
fonts.wp.com/s/poppins/v21/ 8 KB
9 KB 44ms
43ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v21/pxiGyp8kv8JHgFVrJJLucHtA.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

50d0c1742d80ac71f4cde20e8c04d41a24806af342831f479938b527fbff0972

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 1
date: Tue, 11 Jun 2024 18:09:31 GMT
x-content-type-options: nosniff
last-modified: Fri, 22 Mar 2024 00:00:54 GMT
server: nginx
age: 159798
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 8668
x-xss-protection: 0

GET
H3 200 odin-sidebar.webp
i0.wp.com/cyble.com/wp-content/uploads/2024/01/ 13 KB
13 KB 35ms
35ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/01/odin-sidebar.webp?w=300&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

ce6ca33022b621548150a78dd47d229a8f24524fc8334abc6bd57cd76d21cd2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 12922
x-nc: HIT hhn 4
last-modified: Mon, 19 Feb 2024 06:41:01 GMT
server: nginx
etag: "d59d864bb1573c67"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://cyble.com/wp-content/uploads/2024/01/odin-sidebar.webp>; rel="canonical"
expires: Wed, 18 Feb 2026 18:41:01 GMT

GET
H3 200 Figure-2-NoEscape-RaaS-Executable-Builder-Page-Screenshot.png
i0.wp.com/cyble.com/wp-content/uploads/2023/06/ 212 KB
212 KB 36ms
36ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2023/06/Figure-2-NoEscape-RaaS-Executable-Builder-Page-Screenshot.png?resize=1024%2C1024&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

3989f34b6e5d6faa78ed4b57414e5140d019873846f7d3f5c0b5817e3f636fe5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 216956
x-nc: HIT hhn 3
last-modified: Tue, 11 Jun 2024 10:17:03 GMT
server: nginx
etag: "ee378d805db4018f"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://cyble.com/wp-content/uploads/2023/06/Figure-2-NoEscape-RaaS-Executable-Builder-Page-Screenshot.png>; rel="canonical"
expires: Thu, 11 Jun 2026 22:17:03 GMT

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 85 KB
24 KB 74ms
30ms Script
application/javascript 2606:4700::6810:4c8e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=11.1.21

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4c8e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf34d706d4c004085de9ea3e17c9020723d2c8e98ae84d8b3497d67599ed131e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
x-amz-version-id: uXcyvkxlTuOXdTlWnv38bw9P44yTEidY
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 70e06614c0a8446cd4a80ab3436628d4.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: IAD66-C2
age: 479
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.16534/bundles/project.js&cfRay=892381c70f743a85-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 2927c636-b2f0-4f88-abf4-8489f92900ec
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 2
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2927c636-b2f0-4f88-abf4-8489f92900ec
last-modified: Thu, 06 Jun 2024 15:28:37 UTC
server: cloudflare
etag: W/"f0113b27427f4b50aeaf8d183534ab71"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-w988t
cf-ray: 89238d7a1ea03803-FRA
x-amz-cf-id: yFlyjXgumiTgzHdN6G4plt4F4YRO9EjQYLUdTl5uYuebqSouNF4BeQ==
x-hs-target-asset: conversations-embed/static-1.16534/bundles/project.js

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 551 KB
92 KB 81ms
36ms Script
application/javascript 2606:4700::6812:8911
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=11.1.21

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8911 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd26d9d88899d0587c9377964b7d1ab478a318b0fdbee7b9d6a084e4aa6425f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: gzip
x-evy-trace-route-service-name: envoyset-translator
age: 81283
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1355/bundle/main/lead-flows-release.js&cfRay=891bcd053fc3b670-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"be45bdb720f44c8db4ee42bc228ff2a8"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1355/bundle/main/lead-flows-release.js
date: Tue, 11 Jun 2024 18:09:31 GMT
x-amz-version-id: HLkmxotJV8gQ_mnvhNwLT9fnVmh1uWjb
x-content-type-options: nosniff
cf-cache-status: HIT
via: 1.1 b77313059f3d50280ced20238b151620.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 22a16bd5-7053-4dec-bd03-1e1f52b10a9d
x-cache: Miss from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 48
x-evy-trace-route-configuration: listener_https/all
x-request-id: 22a16bd5-7053-4dec-bd03-1e1f52b10a9d
last-modified: Thu, 30 May 2024 10:22:15 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-tk5t7
cf-ray: 89238d7a2e2c8f40-FRA
x-amz-cf-id: 9eeGYtnzLM1aWKFmDS6bc601-WT3EqDuniFj3AIpkl6duU0mQkWkLw==

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 82 KB
24 KB 77ms
40ms Script
application/javascript 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=11.1.21

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2af4c240d46b3e99eea9ccbfd9c0c1c856c710a5ed3692f455767a96224171b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: gzip
x-evy-trace-route-service-name: envoyset-translator
age: 313
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1159/bundles/project.js&cfRay=892385d379becb27-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"e6c06eb0663c717e3d4635531672a1e1"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.1159/bundles/project.js
date: Tue, 11 Jun 2024 18:09:31 GMT
x-amz-version-id: V4YhUHRJMuZkqxb1cpgehoNLVpfwce83
x-content-type-options: nosniff
cf-cache-status: HIT
via: 1.1 ddeb8679359f033dad405557c487bfdc.cloudfront.net (CloudFront)
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD89-C3
x-hubspot-correlation-id: 5363057b-9b42-4b1d-b3af-a36f8128fe16
x-cache: RefreshHit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 25
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5363057b-9b42-4b1d-b3af-a36f8128fe16
last-modified: Mon, 03 Jun 2024 20:17:08 UTC
server: cloudflare
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HnFCKuXErQBEJDvjn1GnygBpR%2BKr31gOeh8DXudDM2J%2FzJcPM1yk8QZ4xaBFDSb%2Btk4H%2BwxJonFGlR58VHslaCDI3d1OI8vo3Q6Ju%2Fqb6PR93SRvj%2FrppzkzMm7L%2FTnIgr8%2BSVg9sp19TetA"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-ncdrp
cf-ray: 89238d7a19872bf5-FRA
x-amz-cf-id: L93Z_zSu4n2tswXu7JT0yITHrhw1JRa-nfPZOILwXQIv8k9HMMc12w==

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/21289959/ 71 KB
26 KB 363ms
320ms Script
text/javascript 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/21289959/banner.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=11.1.21
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd850c79f7a892108802a5759d61f4f7c85a42f3b31adc38e0383427990eccbd

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
x-amz-version-id: TbHCrPqSJMrMGSHImT8qlkESGBxuEK5p
content-encoding: gzip
cf-cache-status: REVALIDATED
x-amz-request-id: 2QYYJC0JT5GYWQBY
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: e54671e3-0c72-49b8-9e9c-7bd4d5ff2087
x-envoy-upstream-service-time: 24
x-amz-id-2: QtkLzXzgsdHy0ZemM1PPm8Im+oIpOcPHdOI+mZr8OtB3ZUYEBEd9uPIJ75NnV/J3GmcggHGgk6cvPq//tHDgZzsjlfvPMl+H
x-evy-trace-listener: listener_https
x-request-id: e54671e3-0c72-49b8-9e9c-7bd4d5ff2087
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 17 Apr 2024 06:11:04 GMT
server: cloudflare
etag: W/"c57571820b047732b06e0953e51ec876"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://cyble.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-vhl7w
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 89238d7a1d08bbf2-FRA
expires: Tue, 11 Jun 2024 18:14:31 GMT

GET
H2 200 21289959.js Show response
js.hs-analytics.net/analytics/1718129100000/ 67 KB
24 KB 198ms
156ms Script
text/javascript 2606:4700::6810:a0a8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1718129100000/21289959.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=11.1.21
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:a0a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c93e57fac1a0ce27a65fa4b26b5aab7996bd799bbad1dee1f8b10b37c373cfe

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: MISS
x-amz-request-id: AJBAQCH7SF7Q1P9K
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 892a7840-89f3-48ee-9422-b04841c32728
x-envoy-upstream-service-time: 21
x-amz-id-2: JSJV8HBbPqk3jRio9QBp/hyghAW91FR+ZLqzaU1s+h4SuxHEnthFBLsQ7KzCVW4X0R67oa2HeCM=
x-evy-trace-listener: listener_https
x-request-id: 892a7840-89f3-48ee-9422-b04841c32728
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 30 May 2024 21:18:06 GMT
server: cloudflare
etag: W/"0727e3e22cd3b1f5c23ec6d452e63a02"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-qr8zh
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 89238d7a19f518d8-FRA
expires: Tue, 11 Jun 2024 18:14:31 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 26ms
21ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-361856552&gtm=45je46a0z8868834701za200zb868834701&_p=1718129370360&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tcfd=10001&tag_exp=0&cid=1469679796.1718129371&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.141%7CChromium%3B125.0.6422.141%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1718129371&sct=1&seg=0&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fevasive-noescape-ransomware-uses-reflective-dll-injection%2F&dt=Cyble%20-%20Evasive%20NoEscape%20Ransomware%20Uses%20Reflective%20DLL%20Injection&en=page_view&_fv=1&_ss=1&tfd=4456
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-361856552&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 11 Jun 2024 18:09:31 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1126903675356441 Show response
connect.facebook.net/signals/config/ 57 KB
12 KB 82ms
81ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1126903675356441?v=2.9.157&r=stable&domain=cyble.com&hme=446fb981c8c3baeb03730fe3cbd404f7f15f64c693f24c7fe75da498bc2c95d8&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C174%2C170%2C171%2C173%2C28%2C94%2C50%2C73%2C172%2C155%2C158%2C167%2C168%2C175%2C122%2C14%2C48%2C180%2C179%2C124%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9cafd3ff60db4d736da86367f6f0fc958b2ddca6233bbe68f3fbdaf53ccdbf27

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 11 Jun 2024 18:09:31 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=30, rtx=1, c=31, mss=1297, tbw=63523, tp=-1, tpl=-1, uplat=69, ullat=0
pragma: public
x-fb-debug: xFWX4rCzVDcCBgS4xEpDo6OPuDvYxqkNMVKKFRYMcwAFlbOT/Wt243DQ8hgFcjNW4ONqoWYglPvZNuoIBoojgA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 api.min.js Show response
a.omappapi.com/app/js/ 51 KB
0 0ms
0ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 99142e3048ff980fa6ac618f8f99305efdf4bd1afa17aa842ae535a59716936d

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-661
cdn-cachedat: 06/06/2024 21:13:08
cdn-pullzone: 293267
last-modified: Mon, 15 Apr 2024 18:01:26 GMT
server: BunnyCDN-DE1-1082
cdn-fileserver: 750
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"661d6b76-cc60"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 2b2c864011b3f80fb47c1ce8b45293ed
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 g.gif
pixel.wp.com/ 50 B
177 B 33ms
15ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=221651828&post=17463&tz=-4&srv=cyble.com&hp=atomic&ac=2&amp=0&j=1%3A13.5&host=cyble.com&ref=&fcp=3666&rand=0.9730132883869369
Requested by: Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Tue, 11 Jun 2024 18:09:31 GMT
cache-control: no-cache
server: nginx
alt-svc: h3=":443"; ma=86400
content-length: 50
content-type: image/gif

OPTIONS
H2 200 public
api.hubspot.com/livechat-public/v1/message/ Frame 0
0 174ms
174ms Preflight
text/plain 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/livechat-public/v1/message/public?portalId=21289959&conversations-embed=static-1.16534&mobile=false&messagesUtk=e32de16c39534650b13f039182db853c&traceId=e32de16c39534650b13f039182db853c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: x-hubspot-messages-uri
Access-Control-Request-Method: GET
Origin: https://cyble.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://cyble.com
allow: HEAD,GET,OPTIONS
cf-cache-status: DYNAMIC
cf-ray: 89238d7bdc752bf5-FRA
content-length: 18
content-type: text/plain; charset=utf-8
date: Tue, 11 Jun 2024 18:09:31 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zamYPrssWyJMZKUg%2F8ZiLs3vEhdGoXoLK%2FZhLDRwcYvDds2uTeN1Phjw6ZmQf3dp4tuWtL9Gq%2FtzooJbpgs6U%2F%2FjI2w%2FPYUP7D%2BsQNyExTitVAwrBcp2SeU315MKhc9Y2uMy60D43FROZ22XoA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 4
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5d47c8d44f-mxrnb
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 6019d63e-2a34-4f3a-b224-7f341138dc3f
x-request-id: 6019d63e-2a34-4f3a-b224-7f341138dc3f

GET
H3 200 wp-emoji-release.min.js Show response
cyble.com/wp-includes/js/ 18 KB
5 KB 9ms
8ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/wp-emoji-release.min.js?ver=6.5.4

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 13 Feb 2024 14:36:07 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"65cb7e57-4926"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 / Show response
cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ 4 KB
1 KB 9ms
9ms XHR
application/json 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/?relatedposts=1

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/jetpack/_inc/build/related-posts/related-posts.min.js?ver=20240116

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

3068b720bef421635f8441a0688d783fc9d7bca6def3fefc9cc9b52ef711c806

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
x-requested-with: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

cf-edge-cache: cache,platform=wordpress
x-hacker: Want root? Visit join.a8c.com and mention this header.
date: Tue, 11 Jun 2024 18:09:31 GMT
strict-transport-security: max-age=31536000
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
content-encoding: br
server: nginx
x-ac: 2.hhn _atomic_ams STALE
vary: Accept-Encoding, accept, content-type, cookie
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
host-header: WordPress.com
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block

GET
H2 200 public Show response
api.hubspot.com/livechat-public/v1/message/ 3 KB
2 KB 339ms
338ms XHR
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bac3a3a8f92ee21274338805872833fbd279a9f65c96a9f7411851ce0866e4fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
X-HubSpot-Messages-Uri: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ac948da6-50de-4f65-a30e-d322f2978c12
x-envoy-upstream-service-time: 129
content-length: 1391
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ac948da6-50de-4f65-a30e-d322f2978c12
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5d47c8d44f-hrsdc
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kGALYOiWc8tlPrjZCoZKSIEuQZm1JCiPsE2mbD2rDN1%2BwiLnzDbSnyeYiHihRAL6bx05KpKurzev3Y6GvGlnYe5UcF2jg%2FTcvXayYh6pW3gYHKKUpGYWbTVuOwTn%2B2SPlubMu3L88aZqVUQ1xA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 89238d7cee5a2bf5-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 108 B
1 KB 320ms
319ms Fetch
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=21289959&currentUrl=https%3A%2F%2Fcyble.com%2Fblog%2Fevasive-noescape-ransomware-uses-reflective-dll-injection%2F

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a45c89da6cfa94009a61215c8921175ec1bf18444adb5bcba07e22e9b12954d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 00595835-f0d0-4335-b6b2-f51b8abf665a
content-encoding: br
x-envoy-upstream-service-time: 11
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 00595835-f0d0-4335-b6b2-f51b8abf665a
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sjTaOSPzm7gJcr3rLwq5DKoirmEcRTV8cUmcpyfBNanlMQOeoDjt5YBg%2FN7OBzR9wJvC9Z%2Br1oLtbw9430l59NUg2PoaB9PPUpQE2TOu4yokngfaTS2WdCiQ0pHTTSuKRIogazGggQWct2QuEWl4zTKTqp9%2BU2DOuOM%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 89238d7bdc7b2bf5-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-2vgvr

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
813 B 287ms
170ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=4053396&time=1718129371515&url=https%3A%2F%2Fcyble.com%2Fblog%2Fevasive-noescape-ransomware-uses-reflective-dll-injection%2F
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept: *
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
content-encoding: gzip
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: A98DB1E59C644687A332995098CE4EB7 Ref B: DUS30EDGE0818 Ref C: 2024-06-11T18:09:31Z
access-control-allow-methods: GET, OPTIONS
x-li-fabric: prod-ltx1
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
content-type: application/json
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYaoSrg7dg/Y4gSEqcOfQ==
x-fs-uuid: 00061aa12ae0edd83f63881212a70e7d

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1718129371515&url=https%3A%2F%2Fcyble.com%2Fblog%2Fevasive-noescape-ransomware-uses-reflective-dll-injection%2F
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1718129371515&url=https%3A%2F%2Fcyble.com%2Fblog%2Fevasive-noescape-ransomware-uses-reflective-dll-injection%2F&cookiesTest=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1718129371515&url=https%3A%2F%2Fcyble.com%2Fblog%2Fevasive-noescape-ransomware-uses-reflective-dll-injection%2F&cookiesTest=true&e_i...

0
265 B

270ms
195ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1718129371515&url=https%3A%2F%2Fcyble.com%2Fblog%2Fevasive-noescape-ransomware-uses-reflective-dll-injection%2F&cookiesTest=true&e_ipv6=AQIn94GEk8rADAAAAZAIfas9z7FEPJod6MTTqCMworbv-8A2vf99FRZfOlYVaSdV
Requested by: Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 1F46D4AA67E64E26B07418FAC158E473 Ref B: DUS30EDGE0814 Ref C: 2024-06-11T18:09:32Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYaoSrpbUKWDgtFgw0hzQ==

Redirect headers

date: Tue, 11 Jun 2024 18:09:31 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: B9C9B2F2763247F290E52B5A8D0A9214 Ref B: FRAEDGE1109 Ref C: 2024-06-11T18:09:31Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1718129371515&url=https%3A%2F%2Fcyble.com%2Fblog%2Fevasive-noescape-ransomware-uses-reflective-dll-injection%2F&cookiesTest=true&e_ipv6=AQIn94GEk8rADAAAAZAIfas9z7FEPJod6MTTqCMworbv-8A2vf99FRZfOlYVaSdV
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYaoSrky+QLscA6LGbN8g==

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
695 B 206ms
106ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: *
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 18E8448B165B4919BD897646FE10CEDD Ref B: FRAEDGE1109 Ref C: 2024-06-11T18:09:31Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
access-control-allow-origin: https://cyble.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYaoSrghnanxDtUoTpmFA==

GET
H/1.1 200
OK consent_tcfv2.js Show response
s.adroll.com/j/ 413 KB
83 KB 34ms
14ms Script
text/javascript 2600:9000:2644:d200:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/consent_tcfv2.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:d200:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 07b09b318c1d52ee134b788ec7834744cb9e6fd4bc19663988534fc29c3e7b1c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

X-Amz-Version-Id: OGpIu_84T3drKaDERUwfgDZMK.anucOX
Content-Encoding: gzip
Via: 1.1 146c0f4d7da9f5b3108ac41c3becbb82.cloudfront.net (CloudFront)
Date: Tue, 11 Jun 2024 18:07:51 GMT
Age: 101
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Wed, 29 May 2024 19:02:37 GMT
Server: AmazonS3
Etag: W/"5c3eafaf4760f345e170d1d226c98d22"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 1qdKl90UcZx-PyRLk0FDn6A_DrQ-JSoFfdm8jOdyNLaIlxqDUg0EMw==

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
205 B 39ms
38ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=704084541&t=pageview&_s=1&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fevasive-noescape-ransomware-uses-reflective-dll-injection%2F&ul=de-de&de=UTF-8&dt=Cyble%20-%20Evasive%20NoEscape%20Ransomware%20Uses%20Reflective%20DLL%20Injection&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aADAAAABEAAAAC~&jid=1771099641&gjid=1224733969&cid=1469679796.1718129371&tid=UA-201575643-1&_gid=966954893.1718129372&_r=1&_slc=1&gtm=45He46a0n81PMWT557v868834701za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tcfd=10001&tag_exp=0&npa=1&z=1989974489

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 11 Jun 2024 18:09:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 88 KB
27 KB 15ms
10ms Script
text/javascript 2600:9000:2644:d200:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:d200:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cd374bea8f2cce1e9514e9f9a7af6cd7efbb566a5eea5cda53affc1391ada818

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

X-Amz-Version-Id: mo7_u_yH02gprJDRXoC6WhXOKdSomtp.
Content-Encoding: gzip
Via: 1.1 146c0f4d7da9f5b3108ac41c3becbb82.cloudfront.net (CloudFront)
Date: Tue, 11 Jun 2024 17:54:37 GMT
Age: 895
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Wed, 05 Jun 2024 15:35:46 GMT
Server: AmazonS3
Etag: W/"39817cce3f515077c86e9cc99a65f623"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: MjypCZtiBZ7FxVqbOl0vB-lsf3QrxQZ06rd2Z3B4D2QUR5Epa40Skw==

GET
H2 200 tags.js Show response
tag.clearbitscripts.com/v1/pk_43e7489448ea26212d2c648f4818c8b5/ 16 KB
5 KB 218ms
177ms Script
application/javascript 2600:9000:2670:c800:7:d7d6:3c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.clearbitscripts.com/v1/pk_43e7489448ea26212d2c648f4818c8b5/tags.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2670:c800:7:d7d6:3c40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Clearbit /

Resource Hash

9e907e949bce3cec0efeaf4b707c2d5b1363467b174fced0e54fae1d501c36ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-envoy-response-flags: -
via: 1.1 aa6c36522a23788dfef1fae9af9fd5e0.cloudfront.net (CloudFront)
server: Clearbit
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA56-P9
etag: W/"9bd0e6149c66576fdc7ae464697b7327"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript;charset=utf-8
cache-control: private, max-age=600
x-amz-cf-id: uiRHg2o-Zwi5U9xQU7Wijz-ME7L_7n39rpYuXwU-zJXedUM4rzlYDg==

GET
H3 200 dialog.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/lib/dialog/ 11 KB
4 KB 7ms
7ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.21.8

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

749050b9e72078b086ef578e9d5c6e764c89985d149a4ac76861004e0e6945ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 27 May 2024 04:24:17 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66540af1-2a19"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 api.min.css
a.omappapi.com/app/js/ 10 KB
3 KB 48ms
48ms Stylesheet
text/css 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.css
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 0d47dbbac748871e5314dc3f196d618bd32e3f102be480b8dc6fdfe2690d676e

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
content-encoding: br
cdn-edgestorageid: 1082
perma-cache: HIT
cdn-storageserver: DE-664
cdn-cachedat: 06/06/2024 21:13:08
cdn-pullzone: 293267
last-modified: Mon, 15 Apr 2024 18:02:32 GMT
server: BunnyCDN-DE1-1082
cdn-fileserver: 728
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"661d6bb8-2644"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 74d7d26c8577f072e9160d3c957b51b5
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 r0hediyvvmvme9sqc9m4 Show response
api.omappapi.com/v2/embed/239265/ 4 KB
2 KB 167ms
120ms XHR
application/json 2606:4700:3108::ac42:2af8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/239265/r0hediyvvmvme9sqc9m4
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3108::ac42:2af8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 25a3ea31c9dd63f8283b02d7f38cf9b5b906e9b212b5405a7c052bce28f51c48

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
content-encoding: gzip
via: 1.1 bf5a173128ca82b73dcca1031d4b3d94.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-cache-config: 0 0
x-amz-cf-pop: FRA60-P10
x-cache-status: HIT
x-cache: Miss from cloudfront
x-optinmonster-campaign: r0hediyvvmvme9sqc9m4
x-user-agent: standard--
last-modified: Mon, 27 May 2024 06:54:24 GMT
server: cloudflare
etag: W/"59f9282ebef036a52eea7097706d8703"
vary: Accept-Encoding, User-Agent
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: X-OptinMonster-Campaign, X-User-Agent
cache-control: public, max-age=30, stale-while-revalidate=1800
cf-ray: 89238d7d6cde9279-FRA
access-control-allow-headers: X-CSRF-Token
x-amz-cf-id: xoD4_xFat4tectq8-ns_Jd6bbKAsxf5cUZb4tm03c6QCuJmE6-uRBQ==
expires: Tue, 11 Jun 2024 18:00:18 GMT

GET
H2 200 hrmi1wlyf5zkw7jqsfln Show response
api.omappapi.com/v2/embed/239265/ 4 KB
2 KB 156ms
118ms XHR
application/json 2606:4700:3108::ac42:2af8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/239265/hrmi1wlyf5zkw7jqsfln
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3108::ac42:2af8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1bd40f9074c4f514b346fc6c17bcdf7ee6ddb80c5b4fd2902ab97be22d07cc52

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
content-encoding: gzip
via: 1.1 bf5a173128ca82b73dcca1031d4b3d94.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-cache-config: 0 0
x-amz-cf-pop: FRA60-P10
x-cache-status: HIT
x-cache: Miss from cloudfront
x-optinmonster-campaign: hrmi1wlyf5zkw7jqsfln
x-user-agent: standard--
last-modified: Thu, 15 Feb 2024 07:35:11 GMT
server: cloudflare
etag: W/"13e11ac6fbb7b3b92b56c9a8daed16e7"
vary: Accept-Encoding, User-Agent
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: X-OptinMonster-Campaign, X-User-Agent
cache-control: public, max-age=30, stale-while-revalidate=1800
cf-ray: 89238d7d6ce19279-FRA
access-control-allow-headers: X-CSRF-Token
x-amz-cf-id: GeQOlaSZNahZ0xQKSWKboFihaku8ivak6K0adiQTvljUzZgliLq3pw==
expires: Tue, 11 Jun 2024 18:05:32 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
342 B 133ms
22ms XHR
text/plain 2a00:1450:400c:c0d::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-201575643-1&cid=1469679796.1718129371&jid=1771099641&gjid=1224733969&_gid=966954893.1718129372&npa=1&_u=aADAAAAAEAAAAC~&z=1784193484

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0d::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 11 Jun 2024 18:09:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
273 B 98ms
17ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1126903675356441&ev=PageView&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fevasive-noescape-ransomware-uses-reflective-dll-injection%2F&rl=&if=false&ts=1718129371743&sw=1600&sh=1200&v=2.9.157&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1718129371739.978476480869698851&ler=empty&cdl=API_unavailable&it=1718129371296&coo=false&tm=1&rqm=GET

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=9, rtx=0, c=10, mss=1297, tbw=2820, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 11 Jun 2024 18:09:31 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 261ms
181ms Image
image/png 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1126903675356441&ev=PageView&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fevasive-noescape-ransomware-uses-reflective-dll-injection%2F&rl=&if=false&ts=1718129371743&sw=1600&sh=1200&v=2.9.157&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1718129371739.978476480869698851&ler=empty&cdl=API_unavailable&it=1718129371296&coo=false&tm=1&rqm=FGET

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x94fbba6e9e6f8cd2","source_keys":["1","2"]},{"key_piece":"0xf8bd035c5f6db239","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding: zstd
x-content-type-options: nosniff
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security: max-age=15552000; preload
document-policy: force-load-at-top
date: Tue, 11 Jun 2024 18:09:31 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=12, rtx=1, c=10, mss=1297, tbw=3137, tp=-1, tpl=-1, uplat=177, ullat=0
pragma: no-cache
x-fb-debug: hikovSLyXFl2J+5H4A9xXsTqO9RWtmvbveWYhi3DmgB1Exx85cX6zh57n2nB9qM3PhetKfhkdO6iEr6QRg7SeQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 share-buttons.08f4daf4a4285a8632b8.bundle.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 2 KB
1 KB 29ms
11ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/share-buttons.08f4daf4a4285a8632b8.bundle.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.21.3

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

cb2f02d0ab6bea09b12bdddedaf9677b4bea9e1a390fd86b9e6328a09393051b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 24 May 2024 07:14:59 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66503e73-628"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Tue, 18 Jun 2024 08:01:07 GMT

GET
H3 200 load-more.bc9573b5d1f73abd80b9.bundle.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 5 KB
2 KB 29ms
12ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/load-more.bc9573b5d1f73abd80b9.bundle.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.21.3

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

86ab8ed42661c0f23333349e97a16a31a141e7008fdd5d89caac5617e4e09c2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 24 May 2024 07:14:59 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66503e73-147f"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Tue, 18 Jun 2024 08:01:07 GMT

GET
H3 200 posts.caaf3e27e57db8207afc.bundle.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 3 KB
2 KB 34ms
16ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/posts.caaf3e27e57db8207afc.bundle.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.21.3

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f97f10d92e036abfa77d3051f903c5c494d9e6b2c1ae9ae4c8086af58dd07a1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Fri, 24 May 2024 07:14:59 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66503e73-cf5"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Tue, 18 Jun 2024 08:01:07 GMT

GET
H3 200 text-editor.2c35aafbe5bf0e127950.bundle.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 1 KB
981 B 35ms
26ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.21.8

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

32d23bcb0c463b0b64881721007878d9303e97453c357c1351638d9074517724

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 27 May 2024 04:24:17 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66540af1-550"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Tue, 18 Jun 2024 08:01:07 GMT

GET
H/1.1 200
OK nextroll-32x32.png
s.adroll.com/i/favicon/ 2 KB
2 KB 10ms
9ms Image
image/png 2600:9000:2644:d200:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.adroll.com/i/favicon/nextroll-32x32.png
Requested by: Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2644:d200:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 17:21:15 GMT
X-Amz-Version-Id: eTpwxbAIDHDUN.4tfrROIgU_pzKN9Xh0
Via: 1.1 146c0f4d7da9f5b3108ac41c3becbb82.cloudfront.net (CloudFront)
Age: 2897
X-Amz-Cf-Pop: FRA60-P6
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 1615
Last-Modified: Mon, 28 Jun 2021 18:19:21 GMT
Server: AmazonS3
Etag: "403a0a7dcf2d617e7ea852bfb9d11945"
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 9ybMl3a6Uc0TpH4uIYFzzHs0UZW5FatCYV_NpocIvS8VXxwONkJ9DA==

GET
H2 200 5.ad5ae419.min.js Show response
a.omappapi.com/app/js/ 16 KB
6 KB 28ms
26ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/5.ad5ae419.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 5fd85023d4b7e68daa580930db825421c34ce8a005748eca44c2396922b2402e

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-664
cdn-cachedat: 06/06/2024 21:13:08
cdn-pullzone: 293267
last-modified: Tue, 12 Mar 2024 17:21:07 GMT
server: BunnyCDN-DE1-1082
cdn-fileserver: 750
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65f08f03-418b"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 5230d265dc37063ccb0730aa00b6f534
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 share-link.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/lib/share-link/ 3 KB
1 KB 110ms
107ms Script
application/javascript 192.0.78.231
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.21.8

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.21.8

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

1030dee6b293cd2f1331f5355130a5db48929f961ba7409a4d4ce83c73caefdd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 27 May 2024 04:24:17 GMT
server: nginx
x-ac: 2.hhn _atomic_ams HIT
etag: W/"66540af1-ac0"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
929 B 187ms
169ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 68fe8116-11d8-4d08-8b10-48078145b55c
x-envoy-upstream-service-time: 18
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 68fe8116-11d8-4d08-8b10-48078145b55c
last-modified: Tue, 11 Jun 2024 18:09:32 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-hqjks
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 89238d7f0db98f3a-FRA

GET
H3 200 Vietnamese-Entities-Targeted-by-China-Linked-Mustang-Panda-in-Cyber-Espionage-1.webp
i0.wp.com/cyble.com/wp-content/uploads/2024/06/ 40 KB
40 KB 9ms
8ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/06/Vietnamese-Entities-Targeted-by-China-Linked-Mustang-Panda-in-Cyber-Espionage-1.webp?fit=1200%2C600&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

be75c76a73484047e8a0d505f945d1e923ea2c4037ef4ae637c1fe32a503cc35

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 40970
x-nc: HIT hhn 3
last-modified: Mon, 10 Jun 2024 12:08:36 GMT
server: nginx
etag: "956182d9029c1abf"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://cyble.com/wp-content/uploads/2024/06/Vietnamese-Entities-Targeted-by-China-Linked-Mustang-Panda-in-Cyber-Espionage-1.webp>; rel="canonical"
expires: Thu, 11 Jun 2026 00:08:36 GMT

GET
H3 200 UNC1151-Strikes-Again-blog-1.webp
i0.wp.com/cyble.com/wp-content/uploads/2024/06/ 44 KB
44 KB 11ms
10ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2024/06/UNC1151-Strikes-Again-blog-1.webp?fit=1200%2C600&ssl=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

e899de874ca78a2dcb2d187fa5136aaaa52c1f98c8ea1c2575517611b744b98b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 45168
x-nc: HIT hhn 4
last-modified: Tue, 04 Jun 2024 12:30:00 GMT
server: nginx
etag: "94ca5dd18bfa5a81"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://cyble.com/wp-content/uploads/2024/06/UNC1151-Strikes-Again-blog-1.webp>; rel="canonical"
expires: Fri, 05 Jun 2026 00:30:00 GMT

GET
H2 200 destinations.min.js Show response
x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/ 0
172 B 241ms
197ms Script
application/javascript 18.158.205.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/destinations.min.js

Requested by

Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_43e7489448ea26212d2c648f4818c8b5/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.158.205.16 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-158-205-16.eu-central-1.compute.amazonaws.com

Software

Clearbit /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-envoy-response-flags: -
server: Clearbit
content-type: application/javascript;charset=utf-8
cache-control: private, max-age=600
content-length: 0

GET
H2 200 tracking.min.js Show response
x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/ 168 KB
45 KB 249ms
205ms Script
application/javascript 18.158.205.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/tracking.min.js

Requested by

Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_43e7489448ea26212d2c648f4818c8b5/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.158.205.16 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-158-205-16.eu-central-1.compute.amazonaws.com

Software

Clearbit /

Resource Hash

e5f578c050d7a40cfb1cdbc4482159b5177deb5a5cf606cc28cd4a2b42a97734

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-envoy-response-flags: -
server: Clearbit
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: private, max-age=600

GET
H2 200 e32de16c39534650b13f039182db853c
app.hubspot.com/conversations-visitor/21289959/threads/utk/ Frame 5652 0
0 325ms
294ms Document
text/html 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/conversations-visitor/21289959/threads/utk/e32de16c39534650b13f039182db853c?uuid=455c5b381bf44f28a7131b8aad9974e4&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=cyble.com&inApp53=false&messagesUtk=e32de16c39534650b13f039182db853c&url=https%3A%2F%2Fcyble.com%2Fblog%2Fevasive-noescape-ransomware-uses-reflective-dll-injection%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false&hideScrollToButton=true

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-credentials: false
age: 1799
cache-control: max-age=600
cache-tag: staticjsapp-conversations-visitor-ui-web-prod,staticjsapp-prod
cf-cache-status: DYNAMIC
cf-ray: 89238d7f6b429001-FRA
content-encoding: gzip
content-security-policy-report-only: script-src 'self' www.hubspot.com *.hsappstatic.net *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com *.hubspotfeedback.com *.usemessages.com js.hubspot.com *.hsadspixel.net *.hscollectedforms.net js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.google-analytics.com www.googletagmanager.com data: 'unsafe-inline' 'unsafe-eval' blob: connect.facebook.net www.gstatic.cn www.gstatic.com www.google.com www.recaptcha.net *.fullstory.com fullstory.com apis.google.com snap.licdn.com; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-visitor-ui/static-1.19007/html/index.html&cfRay=89238d7f6b429001&reqUrl=https%3A%2F%2Fapp.hubspot.com%2Fconversations-visitor%2F21289959%2Fthreads%2Futk%2Fe32de16c39534650b13f039182db853c%3Fuuid%3D455c5b381bf44f28a7131b8aad9974e4%26mobile%3Dfalse%26mobileSafari%3Dfalse%26hideWelcomeMessage%3Dfalse%26hstc%3D%26domain%3Dcyble.com%26inApp53%3Dfalse%26messagesUtk%3De32de16c39534650b13f039182db853c%26url%3Dhttps%253A%252F%252Fcyble.com%252Fblog%252Fevasive-noescape-ransomware-uses-reflective-dll-injection%252F%26inline%3Dfalse%26isFullscreen%3Dfalse%26globalCookieOptOut%3D%26isFirstVisitorSession%3Dtrue%26isAttachmentDisabled%3Dtrue%26isInitialInputFocusDisabled%3Dfalse%26enableWidgetCookieBanner%3Dfalse%26isInCMS%3Dfalse%26hideScrollToButton%3Dtrue&referrer=https%3A%2F%2Fcyble.com%2Fblog%2Fevasive-noescape-ransomware-uses-reflective-dll-injection%2F&cfenv=prod&pdt=2024-06-11&csp=ro
content-type: text/html; charset=utf-8
date: Tue, 11 Jun 2024 18:09:32 GMT
etag: W/"d32890c2bb3bc19062fd3b5eb986baae"
last-modified: Thu, 06 Jun 2024 15:28:37 UTC
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=89238d7f6b429001&resource=conversations-visitor-ui/static-1.19007/html/index.html"
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
via: 1.1 02d40d77941fe6c2f8e7ff5156c01128.cloudfront.net (CloudFront)
x-amz-cf-id: VlgOr2Xhn6QlKeoaUGFe96QTGUTM6jnkd_dWayd-h_y902MQqRaVQA==
x-amz-cf-pop: IAD12-P4
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-amz-version-id: RP.944si9NpfkFEYautFO.vzlAAbRngc
x-cache: Hit from cloudfront
x-content-type-options: no-sniff
x-envoy-upstream-service-time: 5
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-lw8xd
x-evy-trace-virtual-host: all
x-hs-cache-status: MISS
x-hs-target-asset: conversations-visitor-ui/static-1.19007/html/index.html
x-hs-worker-debug-mode: false
x-hubspot-correlation-id: d99cda06-169b-4b77-a9f4-4a0815b9efed
x-request-id: d99cda06-169b-4b77-a9f4-4a0815b9efed

GET
H2 200 4.d8754c5b.min.js Show response
a.omappapi.com/app/js/ 48 KB
14 KB 14ms
10ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/4.d8754c5b.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 0419af108684c7be468d5b2e8813d0f8c6a8dfe6e903f321fb5fb94b538f3f41

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:32 GMT
content-encoding: br
cdn-edgestorageid: 1079
perma-cache: HIT
cdn-storageserver: DE-677
cdn-cachedat: 06/06/2024 21:13:08
cdn-pullzone: 293267
last-modified: Thu, 11 Apr 2024 22:05:28 GMT
server: BunnyCDN-DE1-1082
cdn-fileserver: 382
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"66185ea8-c05a"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: da5dec06929087ee6e9f3dc0e269030c
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.32/ 61 KB
26 KB 33ms
31ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.32/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/hf2o0cm7gp?ref=gtm2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 5ba7b351020430e304e1c38988858e13690202831484697551e56fed5826004e

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:32 GMT
content-encoding: br
last-modified: Fri, 10 May 2024 17:30:20 GMT
etag: W/"0x8DC7116DE09E645"
vary: Accept-Encoding
x-azure-ref: 20240611T180932Z-16577d9575d9l9l8ba67b06k100000000d4000000000xbep
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 6c728f9f-801e-0015-2192-b53968000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28
x-fd-int-roxy-purgeid: 51562430

GET
H2 200 17.24171f7e.min.js Show response
a.omappapi.com/app/js/ 975 B
1 KB 21ms
21ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/17.24171f7e.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 228739c5660b9818a95c3b2c13f6c65cf4364f871c0cde499446c985be07a682

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:32 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-382
cdn-cachedat: 06/06/2024 21:13:10
cdn-pullzone: 293267
last-modified: Tue, 12 Sep 2023 04:06:13 GMT
server: BunnyCDN-DE1-1082
cdn-fileserver: 599
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"64ffe3b5-3cf"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: f1effa919c1db5dc835888af9efebfbf
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 19.b4e5b44b.min.js Show response
a.omappapi.com/app/js/ 4 KB
3 KB 18ms
15ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/19.b4e5b44b.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 753fb193306c662fa5918a839c29e6ac2aa6f6bc9067897914f7f88cb0b7b13a

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:32 GMT
content-encoding: br
cdn-edgestorageid: 1079
perma-cache: HIT
cdn-storageserver: DE-663
cdn-cachedat: 06/06/2024 21:13:08
cdn-pullzone: 293267
last-modified: Tue, 12 Mar 2024 17:02:36 GMT
server: BunnyCDN-DE1-1082
cdn-fileserver: 750
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65f08aac-10b0"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: d5287d5e024c5faf198a73f2ce6e4305
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 27.b5b10bd4.min.js Show response
a.omappapi.com/app/js/ 6 KB
3 KB 22ms
19ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/27.b5b10bd4.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 76e0cb78cc3495b6f1d43ce22fcd3b86eb896c36449130fa6f57d5d78d24f326

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:32 GMT
content-encoding: br
cdn-edgestorageid: 1079
perma-cache: HIT
cdn-storageserver: DE-665
cdn-cachedat: 06/06/2024 21:13:08
cdn-pullzone: 293267
last-modified: Fri, 12 Apr 2024 21:36:07 GMT
server: BunnyCDN-DE1-1082
cdn-fileserver: 728
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"6619a947-1991"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: f381811c49caaa56aaa2dfe49ede6e03
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 32.b9065693.min.js Show response
a.omappapi.com/app/js/ 11 KB
5 KB 28ms
25ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/32.b9065693.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 978277c7385002bbd8eca4f51d7bdac7424ef8c6d267066e36b018b25bf88f7a

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:32 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-663
cdn-cachedat: 06/06/2024 21:13:08
cdn-pullzone: 293267
last-modified: Mon, 18 Sep 2023 16:47:33 GMT
server: BunnyCDN-DE1-1082
cdn-fileserver: 587
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65087f25-2c41"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 07697828064d4d6d1cb75408f42355e9
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 10.d6ea746c.min.js Show response
a.omappapi.com/app/js/ 33 KB
10 KB 33ms
30ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/10.d6ea746c.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: dd46cd5b40060d4af54ab1826b49823e50e5765743b99854f649cd3328df54fd

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:32 GMT
content-encoding: br
cdn-edgestorageid: 1081
perma-cache: HIT
cdn-storageserver: DE-382
cdn-cachedat: 06/06/2024 21:13:08
cdn-pullzone: 293267
last-modified: Tue, 12 Mar 2024 17:10:35 GMT
server: BunnyCDN-DE1-1082
cdn-fileserver: 587
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65f08c8b-8515"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 375ec4b2ce85d3e7bb2ec51f57388e03
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 0.3271ac0a.min.js Show response
a.omappapi.com/app/js/ 7 KB
3 KB 34ms
31ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/0.3271ac0a.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 7ce730c88c3e9b94213f122d60df45837854975bb99a738f5a1c6890dd897fa5

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:32 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-664
cdn-cachedat: 06/06/2024 21:13:08
cdn-pullzone: 293267
last-modified: Tue, 12 Mar 2024 17:10:35 GMT
server: BunnyCDN-DE1-1082
cdn-fileserver: 709
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65f08c8b-1d49"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 13074c5a08706846cfe0bad88e3bb274
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 9.09463684.min.js Show response
a.omappapi.com/app/js/ 2 KB
2 KB 40ms
38ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/9.09463684.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 85ac85413190c43521f591c1a6396da00ca53691e1f5efa474b98eb19355864e

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:32 GMT
content-encoding: br
cdn-edgestorageid: 1079
perma-cache: HIT
cdn-storageserver: DE-680
cdn-cachedat: 06/06/2024 21:13:08
cdn-pullzone: 293267
last-modified: Tue, 12 Mar 2024 17:10:35 GMT
server: BunnyCDN-DE1-1082
cdn-fileserver: 728
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65f08c8b-879"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: f6188f8434489d942a144b4b022fe3a2
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 11.f24aae20.min.js Show response
a.omappapi.com/app/js/ 3 KB
2 KB 39ms
38ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/11.f24aae20.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: a8e8b78aa3a03c4da90595ae6701a7354f96b39eb7c2bfe8d48eea3c598a900e

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:32 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-677
cdn-cachedat: 06/06/2024 21:13:08
cdn-pullzone: 293267
last-modified: Tue, 12 Mar 2024 17:02:35 GMT
server: BunnyCDN-DE1-1082
cdn-fileserver: 728
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65f08aab-a40"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: da7911a1395d6c8dbe32df698651ee83
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 28.b1a68bf1.min.js Show response
a.omappapi.com/app/js/ 3 KB
2 KB 46ms
7ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/28.b1a68bf1.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 7145f523095f6104f82d9dbd26409181378e073eecfa04beec262ae8e99fc02f

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:32 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-663
cdn-cachedat: 06/06/2024 21:13:08
cdn-pullzone: 293267
last-modified: Tue, 12 Mar 2024 17:10:35 GMT
server: BunnyCDN-DE1-1082
cdn-fileserver: 587
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65f08c8b-d7b"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 5f79ea7393cab48bd75f0b4617ecdb37
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 26.ece538f7.min.js Show response
a.omappapi.com/app/js/ 2 KB
1 KB 50ms
5ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/26.ece538f7.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 40f5fcdf443b5777b6c40b7bcfb16ffb819fb166c7fb03dc4d3051f298b3a0c5

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:32 GMT
content-encoding: br
cdn-edgestorageid: 1081
perma-cache: HIT
cdn-storageserver: DE-664
cdn-cachedat: 06/06/2024 21:13:08
cdn-pullzone: 293267
last-modified: Tue, 12 Mar 2024 17:10:35 GMT
server: BunnyCDN-DE1-1082
cdn-fileserver: 709
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65f08c8b-6b6"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 6742e7eed586791214f66ce09a6ae6cd
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 16.f8b2cea4.min.js Show response
a.omappapi.com/app/js/ 1 KB
1 KB 53ms
9ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/16.f8b2cea4.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: a6117ff5cc0820717586d0f2ca8695cad42bf4194bcd64bcfb089c868dd9f292

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:32 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-677
cdn-cachedat: 06/06/2024 21:13:44
cdn-pullzone: 293267
last-modified: Tue, 12 Mar 2024 17:10:35 GMT
server: BunnyCDN-DE1-1082
cdn-fileserver: 587
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65f08c8b-51f"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 426470ec57c2c6878a4b49270ea4cad5
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 1.b1faf420.min.js Show response
a.omappapi.com/app/js/ 11 KB
3 KB 50ms
7ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/1.b1faf420.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 8bea43a9ea37aa3cb1e00bdb138fb4d55b2f3b469914a3e6920b77d1eb114954

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:32 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-679
cdn-cachedat: 06/06/2024 21:13:08
cdn-pullzone: 293267
last-modified: Mon, 15 Apr 2024 18:01:20 GMT
server: BunnyCDN-DE1-1082
cdn-fileserver: 750
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"661d6b70-2b87"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 09e72822aefca189513464e24c84f279
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 21.40afa0f2.min.js Show response
a.omappapi.com/app/js/ 2 KB
2 KB 51ms
7ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/21.40afa0f2.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: dc5d4b967ffff9726af04edc42a6fd8c0d270e5d3cf4585ce67ddb2e63848935

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:32 GMT
content-encoding: br
cdn-edgestorageid: 1079
perma-cache: HIT
cdn-storageserver: DE-680
cdn-cachedat: 06/06/2024 21:13:08
cdn-pullzone: 293267
last-modified: Tue, 12 Mar 2024 17:02:36 GMT
server: BunnyCDN-DE1-1082
cdn-fileserver: 750
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65f08aac-81f"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: b49f2c7bcaab3c77fcb7adbb08b027d1
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 22.6a8c2a93.min.js Show response
a.omappapi.com/app/js/ 1 KB
1 KB 54ms
11ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/22.6a8c2a93.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 2c594cdc36288037bc4996e8c3c2ae0ef8945b0935877926a76f97a1fc682f08

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:32 GMT
content-encoding: br
cdn-edgestorageid: 1081
perma-cache: HIT
cdn-storageserver: DE-677
cdn-cachedat: 06/06/2024 21:13:17
cdn-pullzone: 293267
last-modified: Thu, 11 Apr 2024 18:16:51 GMT
server: BunnyCDN-DE1-1082
cdn-fileserver: 750
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"66182913-595"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 1cd2bfc4353d1442f5c6a68c30b657e2
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 18.eb4928d4.min.js Show response
a.omappapi.com/app/js/ 2 KB
2 KB 52ms
11ms Script
application/javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/18.eb4928d4.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: daa51ba96131575f0fb77d304db2d12c8c7a297de89be5f4b74b02009fdf9e08

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:32 GMT
content-encoding: br
cdn-edgestorageid: 1082
perma-cache: HIT
cdn-storageserver: DE-382
cdn-cachedat: 06/06/2024 21:13:18
cdn-pullzone: 293267
last-modified: Tue, 12 Mar 2024 17:02:34 GMT
server: BunnyCDN-DE1-1082
cdn-fileserver: 588
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65f08aaa-7a4"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 4f5b2542d0ec836b3e01c69dcbc0971a
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
842 B 159ms
26ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Vollkorn%3Aital%2Cwght%400%2C400&family=Poppins%3Aital%2Cwght%400%2C400&family=Montserrat%3Aital%2Cwght%400%2C400&display=swap

Requested by

Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/4.d8754c5b.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

236f8f1571bf89d177950bddf1c9e7f8c1cdbfc44f3485aa564f062e7f4e321a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Tue, 11 Jun 2024 18:09:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 11 Jun 2024 18:09:32 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 11 Jun 2024 18:09:32 GMT

GET
H2 200 css2
fonts.googleapis.com/ 6 KB
2 KB 153ms
21ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Open+Sans%3Aital%2Cwght%400%2C400&display=swap

Requested by

Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/4.d8754c5b.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

12eebba255ce6f856459cab6b183b507be0417a322f46faf7dd71b3c4b0eec27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Tue, 11 Jun 2024 18:09:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 11 Jun 2024 17:02:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 11 Jun 2024 18:09:32 GMT

POST
H2 200 p Show response
app.clearbit.com/v1/ 16 B
1 KB 268ms
187ms XHR
application/json 18.158.205.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.clearbit.com/v1/p

Requested by

Host: x.clearbitjs.com
URL: https://x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/tracking.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.158.205.16 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-158-205-16.eu-central-1.compute.amazonaws.com

Software

Clearbit /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 11 Jun 2024 18:09:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-envoy-response-flags: -
server: Clearbit
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding, Origin
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://cyble.com
access-control-expose-headers
content-security-policy-report-only: default-src 'self'; script-src 'unsafe-inline' 'report-sample' 'self' https://browser.sentry-cdn.com https://cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js https://cdn.clearbit.com https://cdn.segment.com/analytics.js/v1/auzWlbWIBrAsKnGQIiT0X3IjfZyepgW5/analytics.min.js https://checkout.stripe.com https://connect.facebook.net https://edge.fullstory.com/s/fs.js https://fast.appcues.com https://www.google-analytics.com/analytics.js https://x.clearbitjs.com https://cdn.clearbit.com https://*.commandbar.com; style-src 'unsafe-inline' 'report-sample' 'self' https://cdn.clearbit.com https://*.commandbar.com https://fast.appcues.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.amplitude.com https://*.commandbar.com https://api.segment.io https://checkout.stripe.com https://rs.fullstory.com https://www.google-analytics.com wss://api.appcues.net https://stats.g.doubleclick.net https://sentry.io https://logo.clearbit.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://*.commandbar.com https://checkout.stripe.com; img-src 'self' https://*.commandbar.com https://*.stripe.com data: https://cdn.clearbit.com https://images.ctfassets.net https://logo.clearbit.com https://www.facebook.com https://connect.facebook.net https://www.google.com https://unpkg.com/react-flag-kit https://cloudfront.net/v1/avatars https://*.googleusercontent.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
access-control-allow-credentials: true
content-type: application/json

POST
H/1.1 204
No Content collect Show response
t.clarity.ms/ 0
273 B 376ms
127ms XHR
text/plain 20.114.189.70
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://t.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.32/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.114.189.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept: application/x-clarity-gzip
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Origin: https://cyble.com
Date: Tue, 11 Jun 2024 18:09:32 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.wp.com/s/opensans/v40/ 47 KB
47 KB 35ms
34ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-nc: HIT hhn 2
date: Tue, 11 Jun 2024 18:09:32 GMT
x-content-type-options: nosniff
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
server: nginx
age: 189227
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 48236
x-xss-protection: 0

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v40/ 18 KB
18 KB 97ms
17ms Font
font/woff2 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans%3Aital%2Cwght%400%2C400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts.googleapis.com/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 04:58:19 GMT
x-content-type-options: nosniff
age: 47473
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18668
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 02:00:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Jun 2025 04:58:19 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 93ms
16ms Font
font/woff2 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Vollkorn%3Aital%2Cwght%400%2C400&family=Poppins%3Aital%2Cwght%400%2C400&family=Montserrat%3Aital%2Cwght%400%2C400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts.googleapis.com/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 01:13:10 GMT
x-content-type-options: nosniff
age: 60982
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7884
x-xss-protection: 0
last-modified: Fri, 22 Mar 2024 00:00:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Jun 2025 01:13:10 GMT

GET
H2 200 0ybgGDoxxrvAnPhYGzMlQLzuMasz6Df2MHGeHmmc.woff2
fonts.gstatic.com/s/vollkorn/v23/ 25 KB
25 KB 71ms
30ms Font
font/woff2 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/vollkorn/v23/0ybgGDoxxrvAnPhYGzMlQLzuMasz6Df2MHGeHmmc.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8905434cd4c13924a376cf7f856282f63c3bcd98a5306395b7f3eec08704d6c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts.googleapis.com/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 11:16:08 GMT
x-content-type-options: nosniff
age: 24804
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25644
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:27:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Jun 2025 11:16:08 GMT

GET
H2 200 JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
fonts.gstatic.com/s/montserrat/v26/ 15 KB
15 KB 70ms
29ms Font
font/woff2 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v26/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b5816bbfc52587979139951355fe4048da02ce60e40cef8e4a1efb6cd396281

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts.googleapis.com/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 11:25:40 GMT
x-content-type-options: nosniff
age: 24232
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14940
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:46:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Jun 2025 11:25:40 GMT

GET
H2 200 92d93c6e1364abf9a8e5677f6480ce25-yesno.json Show response
a.omappapi.com/app/campaign-views/b584497dcf5c/hrmi1wlyf5zkw7jqsfln/ 32 KB
6 KB 47ms
21ms XHR
application/json 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/campaign-views/b584497dcf5c/hrmi1wlyf5zkw7jqsfln/92d93c6e1364abf9a8e5677f6480ce25-yesno.json
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 571203e9cb2ce57f18c3e46b01b7f9ca95d59d44d764fc83b0413ff350ceacfd

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:32 GMT
content-encoding: br
cdn-edgestorageid: 1082
perma-cache: HIT
cdn-storageserver: DE-677
cdn-cachedat: 06/11/2024 17:41:31
cdn-pullzone: 293267
last-modified: Thu, 15 Feb 2024 07:26:48 GMT
server: BunnyCDN-DE1-1082
cdn-fileserver: 709
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"65cdbcb8-8132"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 4f4e5c583088cb8f9cc0c487615f5584
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 a97f212e6fdc925757790115c5ddb3b5-yesno.json Show response
a.omappapi.com/app/campaign-views/b584497dcf5c/r0hediyvvmvme9sqc9m4/ 34 KB
7 KB 54ms
29ms XHR
application/json 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/campaign-views/b584497dcf5c/r0hediyvvmvme9sqc9m4/a97f212e6fdc925757790115c5ddb3b5-yesno.json
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 60b6ab520b702fe0d98ebae2e72edbae3ebc7092631c027b36e882c16deab6a8

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:32 GMT
content-encoding: br
cdn-edgestorageid: 1082
perma-cache: HIT
cdn-storageserver: DE-383
cdn-cachedat: 06/06/2024 23:48:40
cdn-pullzone: 293267
last-modified: Mon, 27 May 2024 06:55:57 GMT
server: BunnyCDN-DE1-1082
cdn-fileserver: 728
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"66542e7d-898d"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 5ac5f115f0ce5cd150f71fa6f101c9f6
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H3 200 api.js Show response
www.google.com/recaptcha/ 1 KB
974 B 67ms
30ms Script
text/javascript 172.217.16.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6Ld852MnAAAAAFzgX2FpHqe1Ic4SAQOJBd3NkMga

Requested by

Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f4.1e100.net

Software

GSE /

Resource Hash

566d84944fda920c3a33ea891a24a669faabfb86aade6c5a42d1a3882c55a7fb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 11 Jun 2024 18:09:33 GMT

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/9pvHvq7kSOTqqZusUzJ6ewaF/ 515 KB
205 KB 183ms
12ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/9pvHvq7kSOTqqZusUzJ6ewaF/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6Ld852MnAAAAAFzgX2FpHqe1Ic4SAQOJBd3NkMga

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdcf5ef19dcd3005f0369e3482b28be21a70496f2d045f5a4a15d64523018a1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Origin: https://cyble.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 14:53:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11782
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 209755
x-xss-protection: 0
last-modified: Mon, 03 Jun 2024 04:00:47 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 11 Jun 2025 14:53:11 GMT

GET
H3 200 anchor
www.google.com/recaptcha/api2/ Frame C01D 0
0 107ms
31ms Document
text/html 172.217.16.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld852MnAAAAAFzgX2FpHqe1Ic4SAQOJBd3NkMga&co=aHR0cHM6Ly9jeWJsZS5jb206NDQz&hl=de&v=9pvHvq7kSOTqqZusUzJ6ewaF&size=invisible&cb=a9gv6rgoul71

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/9pvHvq7kSOTqqZusUzJ6ewaF/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f4.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-TPhiHqJfp8BfU7oMSc914A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-TPhiHqJfp8BfU7oMSc914A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jun 2024 18:09:33 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H/1.1 204
No Content collect Show response
t.clarity.ms/ 0
273 B 411ms
303ms XHR
text/plain 20.114.189.70
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://t.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.32/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.114.189.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept: application/x-clarity-gzip
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Origin: https://cyble.com
Date: Tue, 11 Jun 2024 18:09:34 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ 9 KB
3 KB 69ms
31ms Script
application/javascript 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c3ea3a972768896d2a84d6eb36d3f5919478ad9c091477c22a5362eb6d53aee4

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:34 GMT
x-amz-version-id: 4TVPkf0eH3kVl0Vjj3KPZI_FUiecs6et
via: 1.1 c9499008aa7e1acd11e9fbc171281d82.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
content-encoding: gzip
x-amz-cf-pop: FRA56-P4
age: 53702
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 15 May 2024 06:37:27 GMT
server: cloudflare
etag: W/"5c7228fc2640a4dfce48217428980fe3"
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 89238d8bff4d18cb-FRA
x-amz-cf-id: jOXrpD1jmQgQF-N32xRbwyJmn0NCIngafAfIcIX6ZI3EKI7ARXDEOw==

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
1 KB 457ms
140ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=1608735010&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fcyble.com%2Fblog%2Fevasive-noescape-ransomware-uses-reflective-dll-injection%2F&pu=https%3A%2F%2Fcyble.com%2Fblog%2Fevasive-noescape-ransomware-uses-reflective-dll-injection%2F&t=Cyble+-+Evasive+NoEscape+Ransomware+Uses+Reflective+DLL+Injection&cts=1718129374143&vi=ee227ba28452b108ffbabced9248e8cb&nc=true&u=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&b=27441379.1.1718129374130&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 168e14a9-2fff-4df6-b013-c868f813e190
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 5
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 168e14a9-2fff-4df6-b013-c868f813e190
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rchdJ25tUZ%2Fhy%2FyZKjAqmTnWG0%2BHkhGkocQP5sDGAN2pxPxyklrWyumvgCTUyJ3SLGXBsWVy3w%2B60%2FAq6GXnDMjSU5Qylkwdj74ru4hQDoA8FrCoRGHYz%2BDnI%2FFMKyhJLBV9jj3Z8IbG8qMVdA0w"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-9rddg
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 89238d8e6abb2bcf-FRA
x-robots-tag: none

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=CF207DA5B4F64DA3AC40D7CBAA87574E&RedC=c.clarity.ms&MXFR=273A420441F768E906B5569F45F76648
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=CF207DA5B4F64DA3AC40D7CBAA87574E&MUID=0D2867AF52D66F822D667334535D6E8C

42 B
465 B

55ms
49ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=CF207DA5B4F64DA3AC40D7CBAA87574E&MUID=0D2867AF52D66F822D667334535D6E8C
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jun 2024 18:09:34 GMT
last-modified: Fri, 01 Mar 2024 22:54:48 GMT
server: Microsoft-IIS/10.0
etag: "3e26b762b6cda1:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Tue, 11 Jun 2024 18:09:33 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ED5C183E992E4A45AB1BACA66040A74A Ref B: FRA31EDGE0608 Ref C: 2024-06-11T18:09:34Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=CF207DA5B4F64DA3AC40D7CBAA87574E&MUID=0D2867AF52D66F822D667334535D6E8C
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 178 B
1 KB 196ms
195ms XHR
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=21289959&utk=ee227ba28452b108ffbabced9248e8cb&__hstc=27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1&__hssc=27441379.1.1718129374130&currentUrl=https%3A%2F%2Fcyble.com%2Fblog%2Fevasive-noescape-ransomware-uses-reflective-dll-injection%2F

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd8de800352621a26218307662607addd5b4dd9e701b52e0e3caecbe20926640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: da6fc488-5840-4334-be17-fa5a13519c04
content-encoding: br
x-envoy-upstream-service-time: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: da6fc488-5840-4334-be17-fa5a13519c04
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-virtual-host: all
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-fnshr
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PZwqaxilwzqJWq5S3h11oKJIY1%2FJxiFsTZFo91eyQXctoRIY8RYTPOExvy18ADWPsY8NetG8DCXpAhzZDLBWdCjWtV%2BW2ddIE3yXkDf01NRfZVLN6JKtZg8B1%2B2QVlJPAx5o8G%2BF%2FCiUzpY7Yxjl"}],"group":"cf-nel","max_age":604800}
x-robots-tag: none
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 89238d8c7aff2bf5-FRA

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 150 B
524 B 467ms
467ms Fetch
application/json 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 219cfc28c4f1839216cd6af5009f555fbcb18039ce0ccbcca59a185e7d64b162

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Bearer 07c397b8751687386690
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
visited_url: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/

Response headers

date: Tue, 11 Jun 2024 18:09:34 GMT
via: 1.1 8a6f67a9421de326f43e9107751b580e.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
x-amz-cf-pop: FRA56-P4
x-powered-by: Express
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
apigw-requestid: ZNvi3i7NvHcESaA=
server: cloudflare
etag: W/"96-7zn5cEsI4Jven+h+X6SB8M+ksDw"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cf-ray: 89238d8e6927975e-FRA
x-amz-cf-id: Hb0Qw4jEAtuQeKyW1-KEjIj2h2rU8WIMwgGsgsLqjwSKzH-qBN2X7w==

GET
H3 200 cropped-Cyble-Black-Logo-1-2127859258-1637602085949.png
i0.wp.com/cyble.com/wp-content/uploads/2021/11/ 682 B
1 KB 7ms
6ms Other
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://i0.wp.com/cyble.com/wp-content/uploads/2021/11/cropped-Cyble-Black-Logo-1-2127859258-1637602085949.png?fit=32%2C32&ssl=1

Protocol

Security

QUIC, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

666ce27930995b7f32000d6d54aa91af08ff3533f24ca54483d75b6090da352f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:34 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
content-length: 682
x-nc: HIT hhn 1
last-modified: Mon, 22 Jan 2024 14:37:24 GMT
server: nginx
etag: "962fc270f78ceb5c"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://cyble.com/wp-content/uploads/2021/11/cropped-Cyble-Black-Logo-1-2127859258-1637602085949.png>; rel="canonical"
expires: Thu, 22 Jan 2026 02:37:24 GMT

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 284ms
260ms Preflight 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://cyble.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
access-control-max-age: 0
alt-svc: h3=":443"; ma=86400
apigw-requestid: ZNviygMoPHcES7A=
cf-cache-status: DYNAMIC
cf-ray: 89238d8ccdfe975e-FRA
date: Tue, 11 Jun 2024 18:09:34 GMT
server: cloudflare
vary: Access-Control-Request-Headers
via: 1.1 8a6f67a9421de326f43e9107751b580e.cloudfront.net (CloudFront)
x-amz-cf-id: 2PB1XTOBsEnlX6s5MQfIfYrk4Os6xxPGZ-aPT3K7jOmmwJHtZ4fsDg==
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H3 200 / Show response
ws.zoominfo.com/pixel/661fab59248769d6d204b1b3/ 5 KB
3 KB 322ms
308ms Fetch
text/javascript 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/661fab59248769d6d204b1b3/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

e9ebd92796d659877a49809cbf12674d6fe0b7fdf2dd0b44181d1ff03f955956

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/javascript
visited-url: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
_vtok: ODAuMjU1LjEwLjIwNA==
_zitok: 4af52846b974e4e35d781718129374
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: https://cyble.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc: h3=":443"; ma=86400
cf-ray: 89238d92e8b29118-FRA

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/661fab59248769d6d204b1b3/ Frame 0
0 232ms
211ms Preflight
text/html 104.16.117.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/661fab59248769d6d204b1b3/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://cyble.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://cyble.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 89238d918b3518e4-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 11 Jun 2024 18:09:35 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
BLOB 200
OK cd25c177-2e2d-4c65-a7c8-69e2e3663a3e Show response
https://cyble.com/ 5 KB
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://cyble.com/cd25c177-2e2d-4c65-a7c8-69e2e3663a3e
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e9ebd92796d659877a49809cbf12674d6fe0b7fdf2dd0b44181d1ff03f955956

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Length: 4617
Content-Type: text/javascript

GET
H2 200 data.js Show response
tags.clickagy.com/ 79 KB
26 KB 218ms
8ms Script
text/javascript 2600:9000:211e:8600:4:8491:f2c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95

Requested by

Host: cyble.com
URL: blob:https://cyble.com/cd25c177-2e2d-4c65-a7c8-69e2e3663a3e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211e:8600:4:8491:f2c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

a34056b335f9e68454d6ef838129438295583a9c86a61d88def0de1ab5389e71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 17:33:00 GMT
x-amz-version-id: d9Yf0j1KEpsJKGSDCPPOm1ADD4FR05IE
content-encoding: br
x-content-type-options: nosniff
via: 1.1 307a3e1075dd3d0976c64513a6ec3d74.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000
x-amz-cf-pop: FRA56-C2
age: 2196
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 11 Jun 2024 17:32:52 GMT
server: AmazonS3
etag: W/"b0084708582cd507d7b759ad59017156"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: text/javascript
x-amz-cf-id: BGaAAflwt1H9DhW8bYZt7ahzmGf3GwvOEemzJKd63Y8AARQ3JX75_Q==

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 12 KB
5 KB 206ms
7ms Script
application/x-javascript 18.172.103.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: cyble.com
URL: blob:https://cyble.com/cd25c177-2e2d-4c65-a7c8-69e2e3663a3e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.172.103.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-172-103-101.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f4d1e641d47b4af1b6cb7936c59626f4dbab3933473009b447406034c34facb5

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 11 Jun 2024 02:48:26 GMT
Content-Encoding: gzip
Via: 1.1 84c3894c21a4640fb5c0efcf95646dca.cloudfront.net (CloudFront)
Last-Modified: Fri, 07 Jun 2024 09:20:53 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P8
Age: 55270
ETag: W/"a7eb6794e868fe870db350518165c868"
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: GIUfCTNzGYM3ySWne519MbtS9t7DgSDve1YjCicjVbQbKFatLhMd5A==

POST
H/1.1 204
No Content collect Show response
t.clarity.ms/ 0
273 B 196ms
196ms XHR
text/plain 20.114.189.70
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://t.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.32/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.114.189.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept: application/x-clarity-gzip
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Origin: https://cyble.com
Date: Tue, 11 Jun 2024 18:09:35 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H2 200 up
insight.adsrvr.org/track/ Frame 7229 0
0 217ms
36ms Document
text/html 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=ixkqho4&ref=https%3A%2F%2Fcyble.com%2Fblog%2Fevasive-noescape-ransomware-uses-reflective-dll-injection%2F&upid=x1swie6&upv=1.1.0&gdpr=1&gdpr_consent=undefined
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

content-length: 0
content-type: text/html
date: Tue, 11 Jun 2024 18:09:36 GMT
server: Kestrel

POST
H3 204 collect
region1.google-analytics.com/g/ 0
0 38ms
38ms Fetch
text/plain 216.239.34.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-N9ZXY95EM4&gtm=45Pe46a0v9106873920za200zb868834701&_p=1718129370360&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tcfd=10001&tag_exp=0&gdid=dZTNiMT&cid=1469679796.1718129371&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.141%7CChromium%3B125.0.6422.141%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1718129370&sct=1&seg=0&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fevasive-noescape-ransomware-uses-reflective-dll-injection%2F&dt=Cyble%20-%20Evasive%20NoEscape%20Ransomware%20Uses%20Reflective%20DLL%20Injection&en=scroll&epn.percent_scrolled=90&_et=35&tfd=9270&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=GT-WKTZW36
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.34.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 11 Jun 2024 18:09:36 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 data Show response
aorta.clickagy.com/ 57 B
502 B 386ms
98ms XHR
application/json 34.196.234.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://aorta.clickagy.com/data
Requested by: Host: tags.clickagy.com
URL: https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.234.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-234-131.compute-1.amazonaws.com
Software: Aorta/20240607.61299aaf0 /
Resource Hash: 8da0903c9728c432299f1fa674ba47acd7faf1a0af11a00a488c3eb72b08202f

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 11 Jun 2024 18:09:36 GMT
content-encoding: gzip
server: Aorta/20240607.61299aaf0
expect: 0
access-control-max-age: 31536000
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
access-control-allow-origin: https://cyble.com
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-aorta-region: us-east-1
x-aorta-host: 000b39c4ce24
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
content-length: 82

GET
H2

451

420246.gif
idsync.rlcdn.com/
Redirect Chain

https://aorta.clickagy.com/pixel.gif?clkgypv=jstag&ws=1
https://pixel-sync.sitescout.com/connectors/clickagy/usersync?redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D5%26cm%3D%7BuserId%7D
https://pixel-sync.sitescout.com/connectors/clickagy/usersync?cookieQ=1&redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D5%26cm%3D%7BuserId%7D
https://aorta.clickagy.com/pixel.gif?clkgypv=pxl&ch=5&cm=65b9f330-064b-4c81-ab46-238ed64d118b-666892e0-5553
https://dpm.demdex.net/ibs:dpid=79908&dpuuid=c:517bd30e8c3533ab4bae599d0ab11589&redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D124%26cm%3D%24%7BDD_UUID%7D
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=79908&dpuuid=c:517bd30e8c3533ab4bae599d0ab11589&redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D124%26cm%3D%24%7BDD_U...
https://aorta.clickagy.com/pixel.gif?clkgypv=pxl&ch=124&cm=07293726556763758700832222250193969036
https://aa.agkn.com/adscores/g.pixel?sid=9212289188&_puid=c:517bd30e8c3533ab4bae599d0ab11589&_redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D128%26cm%3D
https://d.agkn.com/pixel/10751/?che=1718129377193&ip=80.255.10.204&l1=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D128%26cm%3D219903204910003939506
https://aorta.clickagy.com/pixel.gif?clkgypv=pxl&ch=128&cm=219903204910003939506
https://sync.crwdcntrl.net/map/c=8545/tp=CKGY/tpid=c:517bd30e8c3533ab4bae599d0ab11589/gdpr=0/gdpr_consent=false/?https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D120%26cm%3D%24%7...
https://aorta.clickagy.com/pixel.gif?clkgypv=pxl&ch=120&cm=
https://idsync.rlcdn.com/420246.gif?partner_uid=c:517bd30e8c3533ab4bae599d0ab11589

0
98 B

52ms
19ms

Image
text/plain

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/420246.gif?partner_uid=c:517bd30e8c3533ab4bae599d0ab11589
Protocol: H2
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date: Tue, 11 Jun 2024 18:09:37 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

Redirect headers

date: Tue, 11 Jun 2024 18:09:37 GMT
server: Aorta/20240607.61299aaf0
expect: 0
access-control-max-age: 31536000
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
location: https://idsync.rlcdn.com/420246.gif?partner_uid=c:517bd30e8c3533ab4bae599d0ab11589
access-control-allow-origin: *
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-aorta-region: us-east-1
x-aorta-host: 736378818f01
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
content-length: 0

GET
H2 200 hasHashes Show response
hemsync.clickagy.com/external/ 2 B
322 B 321ms
94ms XHR
text/plain 52.200.234.22
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://hemsync.clickagy.com/external/hasHashes?clkgypv=jstag&cb=null
Requested by: Host: tags.clickagy.com
URL: https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.200.234.22 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-200-234-22.compute-1.amazonaws.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 11 Jun 2024 18:09:36 GMT
content-encoding: gzip
vary: origin
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://cyble.com
access-control-expose-headers: content-length, last-modified, expires, content-type
access-control-allow-credentials: true
content-length: 28

POST
H/1.1 204
No Content collect Show response
t.clarity.ms/ 0
273 B 97ms
96ms XHR
text/plain 20.114.189.70
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://t.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.32/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.114.189.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept: application/x-clarity-gzip
Referer: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Origin: https://cyble.com
Date: Tue, 11 Jun 2024 18:09:39 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

Verdicts & Comments Add Verdict or Comment

246 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

51 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.hsforms.net/	1970-01-20 21:15:31	Name: __cf_bm Value: sClaKdWCi4ZIPIimxCP8MkmDh9QElceIPVv29Y5JHvQ-1718129370-1.0.1.1-XsP5__kl20tnSQy1LYx62gMPZHgtW40OzptPKE97YCbkReNhJCGilSS55uJjARAFjP7LQFpxz2xtuptf2RlJHA
.cyble.com/	1970-01-21 06:51:29	Name: _ga_N9ZXY95EM4 Value: GS1.1.1718129370.1.0.1718129370.0.0.0
.gartner.com/	1969-12-31 23:59:59	Name: _cfuvid Value: TJbf92oCi01b_cgMyJLu0fRy.h6zN3Pitly2r4DsTx0-1718129371010-0.0.1.1-604800000
.cyble.com/	1970-01-21 06:51:29	Name: _ga_361856552 Value: GS1.1.1718129371.1.0.1718129371.0.0.0
.cyble.com/	1970-01-20 23:25:05	Name: _gcl_au Value: 1.1.175865828.1718129372
.cyble.com/	1970-01-21 06:51:29	Name: _ga Value: GA1.2.1469679796.1718129371
.cyble.com/	1970-01-20 21:16:55	Name: _gid Value: GA1.2.966954893.1718129372
.cyble.com/	1970-01-20 21:15:29	Name: _gat_UA-201575643-1 Value: 1
.gartner.com/	1970-01-20 21:15:31	Name: __cf_bm Value: _r.bSNhd0RLpuicQcMGwu1meqG_qVBacq89Zm.T_dPs-1718129371-1.0.1.1-WCRByPRcMLxWKtFibnUtwKh1WeW7xEx56iBD2Z02rvNNYaY6tnB_RMo5Mv16VkDjxKKuM_z9r1_3j2Wd_II0dg
cyble.com/	1970-01-21 06:51:29	Name: _omappvp Value: lF4yno32Z1ReXbr4pybrIPl1R0kHwpFkULrjMT0d3UHz6QB28WsSoiVGlIneL26Lu5oEUYWobUKyY8AQvZj7v9klfBAAqZLB
cyble.com/	1970-01-20 21:15:30	Name: _omappvs Value: 1718129371704
.cyble.com/	1970-01-20 23:25:05	Name: _fbp Value: fb.1.1718129371739.978476480869698851
.linkedin.com/	1970-01-20 23:25:05	Name: li_sugr Value: 3d5ff255-621d-4875-878d-85a7f1a5b7ee
.linkedin.com/	1970-01-21 06:01:05	Name: bcookie Value: "v=2&613dbd13-f5a1-418e-86ec-6532def464a8"
.linkedin.com/	1970-01-20 21:16:55	Name: lidc Value: "b=OGST02:s=O:r=O:a=O:p=O:g=3267:u=1:x=1:i=1718129371:t=1718215771:v=2:sig=AQHAY3_ji3WHVSmGN4wWol93DtQdWJzr"
www.clarity.ms/	1970-01-21 06:01:05	Name: CLID Value: ae34b5f4c81f40b39fe7a786bbc666d1.20240611.20250611
.gartner.com/	1970-01-21 06:01:05	Name: cf_clearance Value: Y1OU2LQaikAUbZ5KZSXz5XA0B_Mz4MtcmYh2icEUB7I-1718129371-1.0.1.1-RMGYTW04m2WNcApMCiYZPz.JOHf_aZXVR6bDEv5_dfUfDg0j0vPOOQdvybhTFYJCmOgWOeRIIAVtdaqr7.hX2w
.linkedin.com/	1970-01-21 01:34:41	Name: li_gc Value: MTswOzE3MTgxMjkzNzE7MjswMjFOsBZmquuJgMYjUYnvh9xGWpS4lv/u5q9dKXb1iBTt6g==
.hsforms.com/	1970-01-20 21:15:31	Name: __cf_bm Value: IC0Qbr_l6U9AjdDamKXF8L.fS5O7QW3VtFAvzBX7z7Y-1718129372-1.0.1.1-wfltX20exSEucjSYDwXUo1QSRwukAvKKHSJZNuC.XtCEeT2.EXiysBhyuiO.Q8._qnx1xxuF5Y7pV3SKOnNWUw
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: qlYuCuQAFhZFv8HQ9afS_9PqHJsn8wqyx1T5ikUpVvA-1718129372149-0.0.1.1-604800000
.cyble.com/	1970-01-21 06:01:05	Name: _clck Value: 1sbcyq0%7C2%7Cfmj%7C0%7C1623
.cyble.com/	1970-01-21 06:01:05	Name: cb_user_id Value: null
.cyble.com/	1970-01-21 06:01:05	Name: cb_group_id Value: null
.cyble.com/	1970-01-21 06:01:05	Name: cb_anonymous_id Value: %2264fcde2b-4adc-4f20-94f9-dc640a154dc3%22
.cyble.com/	1970-01-20 21:16:55	Name: _clsk Value: 1tcekz7%7C1718129372813%7C1%7C1%7Ct.clarity.ms%2Fcollect
cyble.com/	1970-01-20 21:58:41	Name: omSeen-hrmi1wlyf5zkw7jqsfln Value: 1718129372936
.cyble.com/	1970-01-21 01:34:41	Name: messagesUtk Value: e32de16c39534650b13f039182db853c
cyble.com/	1970-01-20 21:58:41	Name: omSeen-r0hediyvvmvme9sqc9m4 Value: 1718129373079
.labs.cyble.com/	1970-01-20 21:15:31	Name: __cf_bm Value: 4WcO2K8zyaJzk30AERHkWzDGyLDziiqJK8p1512eUCQ-1718129373-1.0.1.1-5NP7znsRA5NGIOqHyo18kuwYul4iVNqvfDqffdgjVsrZ.CDHStNfJ6J0Hf5_P.mY9J_DDD8s4Md9MhRzMdGUog
.labs.cyble.com/	1969-12-31 23:59:59	Name: __cfruid Value: 0eb5cfbef0bb14d70442b85d4ab78862e7e685a7-1718129373
.cyble.com/	1970-01-21 01:34:41	Name: __hstc Value: 27441379.ee227ba28452b108ffbabced9248e8cb.1718129374130.1718129374130.1718129374130.1
.cyble.com/	1970-01-21 01:34:41	Name: hubspotutk Value: ee227ba28452b108ffbabced9248e8cb
.cyble.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.cyble.com/	1970-01-20 21:15:31	Name: __hssc Value: 27441379.1.1718129374130
.bing.com/	1970-01-21 06:37:05	Name: MUID Value: 0D2867AF52D66F822D667334535D6E8C
.c.bing.com/	1970-01-20 21:25:34	Name: MR Value: 0
.c.bing.com/	1970-01-21 06:37:05	Name: SRM_B Value: 0D2867AF52D66F822D667334535D6E8C
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 06:37:05	Name: MUID Value: 0D2867AF52D66F822D667334535D6E8C
.c.clarity.ms/	1970-01-20 21:25:34	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 21:15:29	Name: ANONCHK Value: 0
.cyble.com/	1970-01-21 06:01:05	Name: _zitok Value: 4af52846b974e4e35d781718129374
.zoominfo.com/	1970-01-20 21:15:31	Name: __cf_bm Value: LBUOHpTAw55h_bqfDChVT9SVSNw_BQ1kq_cQGmGN_jo-1718129375-1.0.1.1-BvgtMyD96rkPT3Emj5HHdZkyrqVPkB85SLqOaGCkWE9hWxqS5_PQ.PSwZQvZUSQO1FooBk0MK_wweD9D8LFyxg
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: n0wo8TwC3cqLyF0hn5kqnvnzRtAiGRooA.RPlfq7fxc-1718129375456-0.0.1.1-604800000
.sitescout.com/	1970-01-21 06:01:05	Name: ssi Value: 65b9f330-064b-4c81-ab46-238ed64d118b#1718129376637
.demdex.net/	1970-01-21 01:34:41	Name: demdex Value: 07293726556763758700832222250193969036
.dpm.demdex.net/	1970-01-21 01:34:41	Name: dpm Value: 07293726556763758700832222250193969036
.hubspot.com/	1970-01-20 21:15:31	Name: __cf_bm Value: mynItcPylGYK5xBvnB.dgofvsOv6b4fn0S3S7AUNTMo-1718129377-1.0.1.1-055Qs_iJbmE3HNnFaqgTbevB0yrtEaHVX2PkQ044qJQpugiBPtOrRDLdbhf_31DxfnD2bjC3LJwJhVp1CivY1w
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: UtBavmhZgZailhz9E3L_W.8rUsrf4ik7G.jNsLjNbhQ-1718129377168-0.0.1.1-604800000
.agkn.com/	1970-01-21 06:01:05	Name: ab Value: 0001%3ATadGRKgcUwK27%2BR%2FzzK2wfrcX82zlkof
.agkn.com/	1970-01-21 06:01:05	Name: u Value: C\|0AAAAAAAALftPYQAAAAAA

91 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/(Line 2303) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/(Line 2303) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/(Line 2303) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/(Line 2303) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://idsync.rlcdn.com/420246.gif?partner_uid=c:517bd30e8c3533ab4bae599d0ab11589 Message: Failed to load resource: the server responded with a status of 451 ()
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://cyble.com/blog/evasive-noescape-ransomware-uses-reflective-dll-injection/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.omappapi.com
aa.agkn.com
aorta.clickagy.com
api.hubspot.com
api.omappapi.com
app.clearbit.com
app.hubspot.com
c.bing.com
c.clarity.ms
cdnjs.cloudflare.com
connect.facebook.net
cta-service-cms2.hubspot.com
cyble.com
d.adroll.com
d.agkn.com
dpm.demdex.net
fonts-api.wp.com
fonts.googleapis.com
fonts.gstatic.com
fonts.wp.com
forms.hubspot.com
hemsync.clickagy.com
i0.wp.com
idsync.rlcdn.com
insight.adsrvr.org
js.adsrvr.org
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsforms.net
js.hsleadflows.net
js.hubspot.com
js.usemessages.com
js.zi-scripts.com
perf-na1.hsforms.com
pixel-sync.sitescout.com
pixel.wp.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.google-analytics.com
s.adroll.com
s0.wp.com
snap.licdn.com
stats.g.doubleclick.net
stats.wp.com
sync.crwdcntrl.net
t.clarity.ms
tag.clearbitscripts.com
tags.clickagy.com
track.hubspot.com
unpkg.co
unpkg.com
ws.zoominfo.com
www.clarity.ms
www.facebook.com
www.gartner.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
x.clearbitjs.com
104.16.117.43
104.17.24.14
104.18.141.119
104.18.80.204
13.107.42.14
172.217.16.196
172.64.150.44
172.64.153.35
172.67.138.101
18.158.205.16
18.172.103.101
192.0.76.3
192.0.77.2
192.0.77.32
192.0.78.231
20.114.189.70
2001:4860:4802:34::36
216.239.34.36
2400:52e0:1e00::1082:1
2600:9000:211e:8600:4:8491:f2c0:93a1
2600:9000:2644:d200:6:9280:1080:93a1
2600:9000:2670:c800:7:d7d6:3c40:93a1
2606:4700:3108::ac42:2af8
2606:4700:4400::6812:22dd
2606:4700:4400::ac40:991b
2606:4700::6810:4c8e
2606:4700::6810:7574
2606:4700::6810:7674
2606:4700::6810:8dd1
2606:4700::6810:a0a8
2606:4700::6811:f6cb
2606:4700::6812:8911
2620:1ec:21::14
2620:1ec:bdf::45
2620:1ec:c11::237
2a00:1450:4001:803::200a
2a00:1450:4001:812::200e
2a00:1450:4001:813::2008
2a00:1450:4001:81d::2003
2a00:1450:4001:828::2003
2a00:1450:400c:c0d::9b
2a02:26f0:3500:16::215:149b
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
2a05:d018:cc3:fe04:9297:b64d:a588:fbec
34.196.234.131
34.249.71.131
34.36.216.150
35.244.174.68
52.200.234.22
52.212.11.218
52.223.40.198
52.57.183.178
54.171.118.212
68.219.88.97
02691c38db1b70e6897e594025a6080e91d8ff8e6af11d3c76d922af318cdc69
029dedf319bc4536d9c663ae9c0b10c95d1e9f5dd1de0aa73172e9e89ae254cc
0419af108684c7be468d5b2e8813d0f8c6a8dfe6e903f321fb5fb94b538f3f41
0641744c1c94355245e7f8ab83a10548e0330e546bf55dfe4fa94467cc3516c6
06b5d7b5a104259f6edf86af71454a9a43d26a63e99b9121b1729fd512c8db4e
07b09b318c1d52ee134b788ec7834744cb9e6fd4bc19663988534fc29c3e7b1c
08756c47213d461baa3b01f42448a76d11f524470c7a34f9018733889bd4f49c
0d47dbbac748871e5314dc3f196d618bd32e3f102be480b8dc6fdfe2690d676e
0e9ff8eedf45682fb97ed8924ef3d70e76b00f8c5684206e467d8a9675bc8971
1030dee6b293cd2f1331f5355130a5db48929f961ba7409a4d4ce83c73caefdd
12eebba255ce6f856459cab6b183b507be0417a322f46faf7dd71b3c4b0eec27
17b79ece7ef9d1454a90156690d33d64387b67a7a7548fc826012512e287a937
1bd40f9074c4f514b346fc6c17bcdf7ee6ddb80c5b4fd2902ab97be22d07cc52
1d014c39a7462223ad9b7121780f25bc6b2ee0c601f26c633e59b596c6afffe5
1d06242014fabc7be6a13c137113a9219c51850ca00f5b4ff8e1fb073c308a65
1d52e1ac7d3bc25a8b0ffc257153f9dd50249f96fe9a4df5e0d771241a69062c
1de115cafc1affe004ea56f0b2268116333c0a1637b6e1951a51d4d0be1134e0
1fdd1f2557312ea79ab0deaaa9c3dec9a2671e067839416a32fc8b699b9688c0
204a63d4db5a3c68102086f97005bd889e02d219a577d886ee953315dd016c20
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
216728e33a7de4be9b784eff527c6ccf1658319ea78fe66a7864c0b923200252
219cfc28c4f1839216cd6af5009f555fbcb18039ce0ccbcca59a185e7d64b162
228739c5660b9818a95c3b2c13f6c65cf4364f871c0cde499446c985be07a682
236f8f1571bf89d177950bddf1c9e7f8c1cdbfc44f3485aa564f062e7f4e321a
24004b1763b0275d5a1d9f66f08616a54b95aeec1f0034766bbb479679a82fc3
25825611ade7ceaed7df3862ec56dc91ad1d2be539966ef7bbe84306e51cfb08
25a3ea31c9dd63f8283b02d7f38cf9b5b906e9b212b5405a7c052bce28f51c48
265dc9381f2b760551a12eb31f4bbc194ea6609b90fd79a59fc53cb0e1210146
28033e449a31ebcc396e5be8b13b63152bf03094288fb5867034321927bce087
282130b4513ec550a3c9dac332c3d31e9b969503930faf930581c13d172adc6a
2af4c240d46b3e99eea9ccbfd9c0c1c856c710a5ed3692f455767a96224171b2
2c594cdc36288037bc4996e8c3c2ae0ef8945b0935877926a76f97a1fc682f08
2cb6dce7cbd8ec13c54b607be9a231681ea7579c70e6ff611c6b30718c8d9830
2d7c46ebb2b355059209e45367e00513f668aef1ddac8cd23a8107f67618c239
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2e1a7712f0f392d9f17d1b045689a26f5717bb465bc977b299a02f9a7e375813
3068b720bef421635f8441a0688d783fc9d7bca6def3fefc9cc9b52ef711c806
30e8dec743d4c3da4cb39797b8bd5da2ba3d68925d5fc9762a62931238e7f6c1
32d23bcb0c463b0b64881721007878d9303e97453c357c1351638d9074517724
36d8ec85c22c81136c75a65428184e376ae4cf635cabaffac7b42b9c53e43322
3989f34b6e5d6faa78ed4b57414e5140d019873846f7d3f5c0b5817e3f636fe5
3bc6a0f70b8792cf5564c7d756264316f1dce7b89e09db51730c6e8563fe5ecb
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3fb4d7917741c9844dc5685b70d497c8a2d4438f65393721b53278c4ce76f83a
40f5fcdf443b5777b6c40b7bcfb16ffb819fb166c7fb03dc4d3051f298b3a0c5
4191046282188511e39192189081ce8d7e1788b15e33e3f567c35bfafe70ae0a
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
444ddf787deff39d7f0971825470863a3086ad0a5050c3e62eeb43f054840a4e
448c2c8f586e597e18732391de3038defacd4fc0e67f1ff0378d0a62e2949f7a
47579d0130e564c7b92c45ff380b54132089d467f7b943967df79cb2a2ab83ea
4a8bd33bfe771e0bd46fade45435a9fa2d0c3a8af2409b1f5a74a6b96b03faa9
4b5816bbfc52587979139951355fe4048da02ce60e40cef8e4a1efb6cd396281
4b8521fd06207a88a9a06905d578dc414562bee7add4225a0e2478bf6f2a88e1
4c93e57fac1a0ce27a65fa4b26b5aab7996bd799bbad1dee1f8b10b37c373cfe
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4ff079893cbfe8eebd0d49b7c8bcbeba131173b3e0da0e13210ad611869e0e36
50d0c1742d80ac71f4cde20e8c04d41a24806af342831f479938b527fbff0972
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
52d995270969aed722e4e20184d2d424f0e1afb1040ef2273549bf0ba7c75d07
54c8ea0d64c3d52573359befbd4e5fab7ff3d18abedf40759fba7d500832177a
566d84944fda920c3a33ea891a24a669faabfb86aade6c5a42d1a3882c55a7fb
571203e9cb2ce57f18c3e46b01b7f9ca95d59d44d764fc83b0413ff350ceacfd
5915396cb9f9fff89a42497362e0091557b391dd1cf22be0a2731eadf3d9ea7d
5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c
5ba7b351020430e304e1c38988858e13690202831484697551e56fed5826004e
5badd609a51ede5bab5b89534fc3011a4dd1ab487cc7081d7cf38479bcbab855
5fd85023d4b7e68daa580930db825421c34ce8a005748eca44c2396922b2402e
60b6ab520b702fe0d98ebae2e72edbae3ebc7092631c027b36e882c16deab6a8
666ce27930995b7f32000d6d54aa91af08ff3533f24ca54483d75b6090da352f
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b3f9ff0e310be8af784f69794a2e4900406ad30fbda4f82fdeb8a94b3614fe0
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6dc90b0b36f3fca84ded0289b324c55a19a663b2b742b9b244508aae6526c51d
70208adf6f66d47e2c620793900d2f60c79f2b90ab74eb2e2c3e8fbb086c3bc3
7145f523095f6104f82d9dbd26409181378e073eecfa04beec262ae8e99fc02f
7313b1eb4c569200d3220d91d45dcb861827d6a61003d7cb0523ecbfe1b76476
749050b9e72078b086ef578e9d5c6e764c89985d149a4ac76861004e0e6945ca
753fb193306c662fa5918a839c29e6ac2aa6f6bc9067897914f7f88cb0b7b13a
75fe3fd162bdb4872633d5232d1d94359a212d866405a1c7fc6b6c090412d836
76e0cb78cc3495b6f1d43ce22fcd3b86eb896c36449130fa6f57d5d78d24f326
7851a6e073db7e856a91241c222624ca463042b17666cff2772b5e4ac64436a1
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
790b349be1914fde877d1307143688fb102447716476d468bd5190a4f487b1bc
7c1f25e67665d0c9004415a52ab9faeca8d9bf4ed689c07373343995b4beed49
7c62e2dd759bf92e6098e34877ea502a6c161ec325bb677703aba53ec6886d53
7ce730c88c3e9b94213f122d60df45837854975bb99a738f5a1c6890dd897fa5
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
83ebe8170b3b5dda2d20a80fe205ec14e1f8cb19ed40cfe73d480087b588e56c
85ac85413190c43521f591c1a6396da00ca53691e1f5efa474b98eb19355864e
865e7f4007fbf89709040fa18fb6a60081f425a74d603b3883321a6615722ab5
86ab8ed42661c0f23333349e97a16a31a141e7008fdd5d89caac5617e4e09c2d
8905434cd4c13924a376cf7f856282f63c3bcd98a5306395b7f3eec08704d6c8
899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9
8bea43a9ea37aa3cb1e00bdb138fb4d55b2f3b469914a3e6920b77d1eb114954
8da0903c9728c432299f1fa674ba47acd7faf1a0af11a00a488c3eb72b08202f
8da564575296935f5b6e332e092c8b57d8ac389a0894df83bf26178ce85763a1
9281e92347951df7b3764862686c89f3344547c77e10096acbb5196ff6c8645f
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
945f333ee61c0da7432df2210a10e3670b38ac2949abe8599a969c00c5db8965
94f83a6214b9eb056136d8c2de50f1bef8141e7da5aa0c744b5dc80dba388545
978277c7385002bbd8eca4f51d7bdac7424ef8c6d267066e36b018b25bf88f7a
99142e3048ff980fa6ac618f8f99305efdf4bd1afa17aa842ae535a59716936d
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a45c89da6cfa94009a61215c8921175ec1bf18444adb5bcba07e22e9b12954d
9cafd3ff60db4d736da86367f6f0fc958b2ddca6233bbe68f3fbdaf53ccdbf27
9d02f1a51000b5df3329a443ce51f1e8e5052e4d9acf2dde92af8907c0f32860
9e907e949bce3cec0efeaf4b707c2d5b1363467b174fced0e54fae1d501c36ed
a1b55c60b2932718ecb30670a31fea070a799f8608a9977e0a01f46ba9cf4b38
a2a915b430d2ecabd493dab5cd1c465e2cfe2b1515e51417f836896ce7be84f8
a34056b335f9e68454d6ef838129438295583a9c86a61d88def0de1ab5389e71
a4f072af9676801501625f6a62f9aad94c502c63a6e26f87d950b74ae23609c6
a6117ff5cc0820717586d0f2ca8695cad42bf4194bcd64bcfb089c868dd9f292
a67748caf04244e16b3434fce2e110af93332848b04bd86b659132505286609a
a68827190bc01a61ee0a62ec59efa74497a6bc5aa8586f1fac50a58d0cf42d88
a72fb86e087a914701c121d199dbd32977ba67eb19b327c040f02010736eb012
a8e8b78aa3a03c4da90595ae6701a7354f96b39eb7c2bfe8d48eea3c598a900e
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
aaeb06028d60cb2d9a5d970be72d27d231891a9c75cb063e9cd30519a9a101c5
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af359a9b4fe881027d634b8657d489acb4253801c908c389390a1c0e9c077a0b
b65b3de1bc923b9355248a0d941a0eaee15dfb9a6b8eadb51323a8df6189dcd1
b674ae72e31570fbfba5dd723788233676575b3d5ae6ca6f08846f1af6cd951c
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
baa1ba8abd9c448362c3d78195086c35aec7e480a2fcc164899574946dac998f
bac3a3a8f92ee21274338805872833fbd279a9f65c96a9f7411851ce0866e4fb
bac4ad58a5fd50a805c9b5fb87e844c16c61ea654bf12a8067fef84062ad7d31
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355
bd8de800352621a26218307662607addd5b4dd9e701b52e0e3caecbe20926640
be75c76a73484047e8a0d505f945d1e923ea2c4037ef4ae637c1fe32a503cc35
bec72f63e5d121152a0daa5fb9e072ab99918433a082043acc76cb5b9c2aef12
bf34d706d4c004085de9ea3e17c9020723d2c8e98ae84d8b3497d67599ed131e
c0e726d70fa9b01231d8f05d84a0a6847989673734f996961d47c8049f42ab3f
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4
c2cbdc9cf0321e7226108ef8657bb1ea371f2a3ea47f1c81aed2b583e420251a
c3ea3a972768896d2a84d6eb36d3f5919478ad9c091477c22a5362eb6d53aee4
c4596b16b126326b0d8fc2fb8bf91389ad3dc4671a269187913c19a8f2ad1094
c57e64fcb72bddafa9c38de574441c3e69ac6c961df96b0cad34da83658bd196
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
cb2f02d0ab6bea09b12bdddedaf9677b4bea9e1a390fd86b9e6328a09393051b
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
cd374bea8f2cce1e9514e9f9a7af6cd7efbb566a5eea5cda53affc1391ada818
cd850c79f7a892108802a5759d61f4f7c85a42f3b31adc38e0383427990eccbd
cdb27c4c29bde44208797bb665ed9a873bfbb2f8ea64461638ae8e82d6546d8c
ce6ca33022b621548150a78dd47d229a8f24524fc8334abc6bd57cd76d21cd2d
d22b095066cf39a3cd14a1106cf404887324685bc6b84f7728f045131305fc9c
d2a7a173045c7ed2c9474ee0edd3ebc0389454132b0a16e55b3eae6402c46a05
d2dee6d43c20b3785f9a08603c1763a4266a95410778dbad8d428cf5df357927
d3e5d32e12dd4b8462cc89b6ea7b148b63a9f7a80b5879257df116c030c9c10c
d743ad07240fdc75d2e2a357b4ff44b334f6d4c53683e31e824aaf61d3bad0c9
daa51ba96131575f0fb77d304db2d12c8c7a297de89be5f4b74b02009fdf9e08
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc5d4b967ffff9726af04edc42a6fd8c0d270e5d3cf4585ce67ddb2e63848935
dd26d9d88899d0587c9377964b7d1ab478a318b0fdbee7b9d6a084e4aa6425f7
dd2cf95288ae11b2ea6d05876958888ab337f71a9e4f932bc825ef81acbde7fe
dd46cd5b40060d4af54ab1826b49823e50e5765743b99854f649cd3328df54fd
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5f578c050d7a40cfb1cdbc4482159b5177deb5a5cf606cc28cd4a2b42a97734
e682faa8fbbe5bc2269aa2b011484a0fd8323bfe9f0c193f5c228559ea0c2f4f
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6
e7ff8cdf0b2d6e0b94dd28738282a8382413100aaea0f69ec81a158a55bf6887
e899de874ca78a2dcb2d187fa5136aaaa52c1f98c8ea1c2575517611b744b98b
e9ebd92796d659877a49809cbf12674d6fe0b7fdf2dd0b44181d1ff03f955956
ec7ef7aa5fd1e019f1c26193e95e46d481d4983673936a9dda086705ada6e3d5
ec875a62e570cca94dae1f788d91eb6c3fa201839bdd2100a11435d877a457dd
ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d
f0ae296f5c19db047491f1311d621ff18960b34cfa9cb07b69932a02ec298366
f233bb3ca2c2c51276ed0442f6451d25b64660e612d6e23b09ca90b1f8d9886f
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f3ad47c17d7a3be46f8e0f8a43887410419069238488ed969e72bccb9db86a6b
f4d1e641d47b4af1b6cb7936c59626f4dbab3933473009b447406034c34facb5
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f97f10d92e036abfa77d3051f903c5c494d9e6b2c1ae9ae4c8086af58dd07a1e
fdcf5ef19dcd3005f0369e3482b28be21a70496f2d045f5a4a15d64523018a1d
fec3ab99b7da211c21498630524f9e2ef23bea1e9fa69ea22f5714ffed68e87e
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ff8380deeec8242b5394f3a31c65131cbc93ab61c893b70fd7193ed3dcc5da49

cyble.com Open in urlscan Pro 192.0.78.231 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

202 Requests

96 %HTTPS

51 %IPv6

40 Domains

61 Subdomains

49 IPs

5 Countries

3770 kBTransfer

9708 kBSize

51 Cookies

76 Outgoing links

Page URL History

Redirected requests

202 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

cyble.com Open in urlscan Pro
192.0.78.231 Public Scan

Screenshot
Live screenshot

Full Image

202
Requests

96 %
HTTPS

51 %
IPv6

40
Domains

61
Subdomains

49
IPs

5
Countries

3770 kB
Transfer

9708 kB
Size

51
Cookies

202 HTTP transactions
0 data transactions