pages.cylance.com Open in urlscan Pro
104.17.74.206 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://thecyberwire.us16.list-manage.com/track/click?u=9f0cab23b3ee44f3bc482be80&id=415c591232&e=1842cd8c37
Effective URL:
https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Submission: On November 15 via manual (November 15th 2018, 3:54:45 pm UTC) from US

Summary HTTP 111 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 58 IPs in 6 countries across 49 domains to perform 111 HTTP transactions. The main IP is 104.17.74.206, located in San Francisco, United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is pages.cylance.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on May 29th 2018. Valid for: a year.

This is the only time pages.cylance.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	23.0.32.140 23.0.32.140	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
13	104.17.74.206 104.17.74.206	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
7	2.18.232.23 2.18.232.23	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
2	209.197.3.15 209.197.3.15	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
1	2a00:1450:400... 2a00:1450:4001:81a::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2606:4700::68... 2606:4700::6813:c597	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:81a::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
2	104.111.242.254 104.111.242.254	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
2	192.28.146.120 192.28.146.120	53580 (MARKETO) (MARKETO - MARKETO)
2 5	2a00:1450:400... 2a00:1450:4001:81a::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
2	54.85.83.177 54.85.83.177	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2	51.140.49.131 51.140.49.131	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
1	66.117.29.11 66.117.29.11	15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.)
4	2a00:1450:400... 2a00:1450:4001:81a::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a02:26f0:6c0... 2a02:26f0:6c00:296::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 3	185.33.223.208 185.33.223.208	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
1 2	52.17.170.37 52.17.170.37	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	172.217.23.162 172.217.23.162	15169 (GOOGLE) (GOOGLE - Google LLC)
1	23.111.8.24 23.111.8.24	33438 (HIGHWINDS2) (HIGHWINDS2 - Highwinds Network Group)
1 2	172.82.228.19 172.82.228.19	15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.)
2	2a00:1450:400... 2a00:1450:4001:821::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	13.32.223.141 13.32.223.141	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 3	2a05:f500:10:... 2a05:f500:10:101::b93f:9105	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
1 1	2620:109:c007... 2620:109:c007:102::5be1:f881	197612 (LINKEDIN-1) (LINKEDIN-1)
1 3	2a00:1450:400... 2a00:1450:4001:81a::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
2	204.79.197.200 204.79.197.200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
2	52.40.44.5 52.40.44.5	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
5	104.111.239.158 104.111.239.158	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
4	2a00:1450:400... 2a00:1450:4001:81b::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
2 2	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE - Google LLC)
1	13.32.223.209 13.32.223.209	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	13.32.223.24 13.32.223.24	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 4	35.190.27.37 35.190.27.37	15169 (GOOGLE) (GOOGLE - Google LLC)
2 2	52.31.82.142 52.31.82.142	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	13.32.223.164 13.32.223.164	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	54.164.163.128 54.164.163.128	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
5	192.28.146.84 192.28.146.84	53580 (MARKETO) (MARKETO - MARKETO)
1 2	18.235.27.179 18.235.27.179	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 1	13.32.223.128 13.32.223.128	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	13.32.223.168 13.32.223.168	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	18.196.229.250 18.196.229.250	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
4	2.18.233.40 2.18.233.40	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
6 7	54.228.180.155 54.228.180.155	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	13.32.223.210 13.32.223.210	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	35.190.9.26 35.190.9.26	15169 (GOOGLE) (GOOGLE - Google LLC)
1	130.211.39.131 130.211.39.131	15169 (GOOGLE) (GOOGLE - Google LLC)
1	35.201.94.92 35.201.94.92	15169 (GOOGLE) (GOOGLE - Google LLC)
1	35.227.215.104 35.227.215.104	15169 (GOOGLE) (GOOGLE - Google LLC)
2	130.211.47.17 130.211.47.17	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
1 2	52.57.229.114 52.57.229.114	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	92.122.31.61 92.122.31.61	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	213.19.162.80 213.19.162.80	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
2	151.101.2.2 151.101.2.2	54113 (FASTLY) (FASTLY - Fastly)
8 10	54.228.212.43 54.228.212.43	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC - PubMatic)
1 2	18.194.70.167 18.194.70.167	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1288:110... 2a00:1288:110:422::3000	34010 (YAHOO-IRD) (YAHOO-IRD)
1 2	18.153.11.1 18.153.11.1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	185.33.223.204 185.33.223.204	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
1	52.20.14.48 52.20.14.48	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 2	173.241.240.143 173.241.240.143	36089 (OPENX-AS1) (OPENX-AS1 - OPENX TECHNOLOGIES)
1 1	172.217.22.98 172.217.22.98	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
111	58

1 23.0.32.140 (Amsterdam, Netherlands) 1 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-0-32-140.deploy.static.akamaitechnologies.com

thecyberwire.us16.list-manage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 104.17.74.206 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

pages.cylance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2.18.232.23 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-232-23.deploy.static.akamaitechnologies.com

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.197.3.15 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip0x00f.map2.ssl.hwcdn.net

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:c597 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.242.254 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-242-254.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.28.146.120 (San Mateo, United States)

ASN53580 (MARKETO - MARKETO, Inc., US)

524-dom-989.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:81a::2004 (Ireland) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.85.83.177 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-85-83-177.compute-1.amazonaws.com

formalyzer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
t.sf14g.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.140.49.131 (London, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

secure.leadforensics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.29.11 (Lehi, United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)

cylance.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81a::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:296::25ea (European Union)

ASN20940 (AKAMAI-ASN1, US)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.223.208 (European Union) 2 redirects

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.17.170.37 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-17-170-37.eu-west-1.compute.amazonaws.com

ads.avocet.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.23.162 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s22-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.111.8.24 (Phoenix, United States)

ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US)

cdn.callrail.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.82.228.19 (Lehi, United States) 1 redirects

ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: *.sc.omtrdc.net

cylance.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:821::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.223.141 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-223-141.fra56.r.cloudfront.net

px.airpr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a05:f500:10:101::b93f:9105 (Ireland) 2 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:109:c007:102::5be1:f881 (United States) 1 redirects

ASN197612 (LINKEDIN-1, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81a::200e (Ireland) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 204.79.197.200 (Redmond, United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
PTR: a-0001.a-msedge.net

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.40.44.5 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-40-44-5.us-west-2.compute.amazonaws.com

www.cylance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.111.239.158 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-239-158.deploy.static.akamaitechnologies.com

sjrtp3-cdn.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rtp-static.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81b::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9d (Ireland) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.223.209 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-223-209.fra56.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.223.24 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-223-24.fra56.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.190.27.37 (Mountain View, United States) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: 37.27.190.35.bc.googleusercontent.com

d.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.31.82.142 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-31-82-142.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.223.164 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-223-164.fra56.r.cloudfront.net

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.164.163.128 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-164-163-128.compute-1.amazonaws.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 192.28.146.84 (San Mateo, United States)

ASN53580 (MARKETO - MARKETO, Inc., US)

sjrtp3.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.235.27.179 (Cambridge, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-18-235-27-179.compute-1.amazonaws.com

tracking.leadlander.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.223.128 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-223-128.fra56.r.cloudfront.net

widget.intercom.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.223.168 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-223-168.fra56.r.cloudfront.net

js.intercomcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.196.229.250 (Cambridge, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-196-229-250.eu-central-1.compute.amazonaws.com

dpx.airpr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.233.40 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-40.deploy.static.akamaitechnologies.com

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 54.228.180.155 (Dublin, Ireland) 6 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-228-180-155.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.223.210 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-223-210.fra56.r.cloudfront.net

api-iam.intercom.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.9.26 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 26.9.190.35.bc.googleusercontent.com

pixel.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 130.211.39.131 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 131.39.211.130.bc.googleusercontent.com

data.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.94.92 (Ann Arbor, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 92.94.201.35.bc.googleusercontent.com

page.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.215.104 (Ann Arbor, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 104.215.227.35.bc.googleusercontent.com

view.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 130.211.47.17 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 17.47.211.130.bc.googleusercontent.com

ids.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
e.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.57.229.114 (Frankfurt, Germany) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-57-229-114.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 92.122.31.61 (European Union) 1 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a92-122-31-61.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.19.162.80 (United Kingdom)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.2.2 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 54.228.212.43 (Dublin, Ireland) 8 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-228-212-43.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC - PubMatic, Inc., US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.194.70.167 (Cambridge, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-194-70-167.eu-central-1.compute.amazonaws.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:422::3000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.153.11.1 (Cambridge, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-153-11-1.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.223.204 (European Union)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.20.14.48 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-20-14-48.compute-1.amazonaws.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 173.241.240.143 (New York, United States) 1 redirects

ASN36089 (OPENX-AS1 - OPENX TECHNOLOGIES, INC., US)
PTR: ox-173-241-240-143.xa.dc.openx.org

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.22.98 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s18-in-f98.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	adroll.com 14 redirects s.adroll.com d.adroll.com	26 KB
15	cylance.com pages.cylance.com www.cylance.com	91 KB
10	marketo.com sjrtp3-cdn.marketo.com rtp-static.marketo.com sjrtp3.marketo.com	121 KB
7	adobedtm.com assets.adobedtm.com	78 KB
6	company-target.com 2 redirects api.company-target.com d.company-target.com segments.company-target.com	3 KB
5	doubleclick.net 3 redirects googleads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net	3 KB
5	google.com 2 redirects www.google.com	1 KB
4	google.de www.google.de	440 B
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com	2 KB
4	adnxs.com 2 redirects secure.adnxs.com ib.adnxs.com	3 KB
4	gstatic.com www.gstatic.com fonts.gstatic.com	125 KB
3	cdnbasket.net data.cdnbasket.net page.cdnbasket.net view.cdnbasket.net	1 KB
3	cdnwidget.com pixel.cdnwidget.com ids.cdnwidget.com e.cdnwidget.com	25 KB
3	google-analytics.com 1 redirects www.google-analytics.com	17 KB
3	airpr.com 1 redirects px.airpr.com dpx.airpr.com	3 KB
3	omtrdc.net 1 redirects cylance.tt.omtrdc.net cylance.sc.omtrdc.net	2 KB
2	openx.net 1 redirects us-u.openx.net	599 B
2	bidswitch.net 1 redirects x.bidswitch.net	1 KB
2	3lift.com 1 redirects eb2.3lift.com	979 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com	2 KB
2	advertising.com 1 redirects pixel.advertising.com	649 B
2	facebook.net connect.facebook.net	57 KB
2	intercomcdn.com js.intercomcdn.com	554 KB
2	intercom.io 1 redirects widget.intercom.io api-iam.intercom.io	1 KB
2	leadlander.com 1 redirects tracking.leadlander.com	644 B
2	rlcdn.com id.rlcdn.com idsync.rlcdn.com	70 B
2	bidr.io 2 redirects match.prod.bidr.io	707 B
2	bing.com bat.bing.com	7 KB
2	googleadservices.com www.googleadservices.com	18 KB
2	avocet.io 1 redirects ads.avocet.io	888 B
2	leadforensics.com secure.leadforensics.com	1 KB
2	mktoresp.com 524-dom-989.mktoresp.com	1 KB
2	marketo.net munchkin.marketo.net	6 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com	25 KB
1	facebook.com www.facebook.com	248 B
1	yahoo.com ads.yahoo.com	1 KB
1	taboola.com trc.taboola.com	279 B
1	pubmatic.com simage2.pubmatic.com	941 B
1	outbrain.com sync.outbrain.com	18 B
1	rubiconproject.com pixel.rubiconproject.com	371 B
1	demandbase.com tag.demandbase.com	15 KB
1	callrail.com cdn.callrail.com	14 KB
1	sf14g.com t.sf14g.com	37 KB
1	licdn.com snap.licdn.com	4 KB
1	formalyzer.com formalyzer.com	303 KB
1	googletagmanager.com www.googletagmanager.com	48 KB
1	cloudflare.com cdnjs.cloudflare.com	87 KB
1	googleapis.com fonts.googleapis.com	653 B
1	list-manage.com 1 redirects thecyberwire.us16.list-manage.com	601 B
111	49

	Domain	Requested by
17	d.adroll.com	14 redirects s.adroll.com
13	pages.cylance.com	pages.cylance.com
7	assets.adobedtm.com	pages.cylance.com assets.adobedtm.com
5	sjrtp3.marketo.com	sjrtp3-cdn.marketo.com rtp-static.marketo.com
5	www.google.com	2 redirects assets.adobedtm.com pages.cylance.com
4	s.adroll.com	assets.adobedtm.com s.adroll.com
4	rtp-static.marketo.com	sjrtp3-cdn.marketo.com
4	d.company-target.com	2 redirects pages.cylance.com
4	www.google.de	pages.cylance.com
3	www.google-analytics.com	1 redirects www.googletagmanager.com pages.cylance.com
3	px.ads.linkedin.com	2 redirects pages.cylance.com
3	fonts.gstatic.com	pages.cylance.com
3	secure.adnxs.com	2 redirects www.googletagmanager.com
2	us-u.openx.net	1 redirects
2	x.bidswitch.net	1 redirects
2	eb2.3lift.com	1 redirects
2	dsum-sec.casalemedia.com	1 redirects
2	pixel.advertising.com	1 redirects
2	connect.facebook.net	s.adroll.com connect.facebook.net
2	dpx.airpr.com	1 redirects
2	js.intercomcdn.com	js.intercomcdn.com
2	tracking.leadlander.com	1 redirects pages.cylance.com
2	match.prod.bidr.io	2 redirects
2	stats.g.doubleclick.net	2 redirects
2	www.cylance.com	www.googletagmanager.com
2	bat.bing.com	www.googletagmanager.com pages.cylance.com
2	googleads.g.doubleclick.net	www.googleadservices.com
2	cylance.sc.omtrdc.net	1 redirects pages.cylance.com
2	www.googleadservices.com	assets.adobedtm.com www.googletagmanager.com
2	ads.avocet.io	1 redirects pages.cylance.com
2	secure.leadforensics.com	assets.adobedtm.com secure.leadforensics.com
2	524-dom-989.mktoresp.com	pages.cylance.com munchkin.marketo.net
2	munchkin.marketo.net	pages.cylance.com munchkin.marketo.net
2	maxcdn.bootstrapcdn.com	pages.cylance.com
1	www.facebook.com
1	cm.g.doubleclick.net	1 redirects
1	idsync.rlcdn.com
1	ib.adnxs.com
1	ads.yahoo.com
1	trc.taboola.com
1	simage2.pubmatic.com
1	sync.outbrain.com
1	pixel.rubiconproject.com
1	e.cdnwidget.com
1	ids.cdnwidget.com	pixel.cdnwidget.com
1	view.cdnbasket.net	pixel.cdnwidget.com
1	page.cdnbasket.net	pixel.cdnwidget.com
1	data.cdnbasket.net	pixel.cdnwidget.com
1	pixel.cdnwidget.com	s.adroll.com
1	api-iam.intercom.io	js.intercomcdn.com
1	widget.intercom.io	1 redirects
1	id.rlcdn.com	pages.cylance.com
1	segments.company-target.com	pages.cylance.com
1	api.company-target.com	tag.demandbase.com
1	tag.demandbase.com	assets.adobedtm.com
1	sjrtp3-cdn.marketo.com	assets.adobedtm.com
1	www.linkedin.com	1 redirects
1	px.airpr.com	pages.cylance.com
1	cdn.callrail.com	assets.adobedtm.com
1	t.sf14g.com	pages.cylance.com
1	snap.licdn.com	assets.adobedtm.com
1	www.gstatic.com	www.google.com
1	cylance.tt.omtrdc.net	assets.adobedtm.com
1	formalyzer.com	assets.adobedtm.com
1	www.googletagmanager.com	pages.cylance.com
1	cdnjs.cloudflare.com	pages.cylance.com
1	fonts.googleapis.com	pages.cylance.com
1	thecyberwire.us16.list-manage.com	1 redirects
111	68

This site contains links to these domains. Also see Links.

Domain
www.cylance.com
www.linkedin.com
www.facebook.com
twitter.com
www.youtube.com
gist.github.com
github.com

Subject Issuer	Validity	Valid
pages.cylance.com CloudFlare Inc ECC CA-2	`2018-05-29` - `2019-05-29`	a year	crt.sh
assets.adobedtm.com DigiCert SHA2 High Assurance Server CA	`2018-04-06` - `2019-04-11`	a year	crt.sh
*.bootstrapcdn.com COMODO RSA Domain Validation Secure Server CA	`2018-10-03` - `2019-10-12`	a year	crt.sh
*.googleapis.com Google Internet Authority G3	`2018-10-30` - `2019-01-22`	3 months	crt.sh
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-09-22` - `2019-03-31`	6 months	crt.sh
*.google-analytics.com Google Internet Authority G3	`2018-10-30` - `2019-01-22`	3 months	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2018-02-22` - `2019-02-22`	a year	crt.sh
*.mktoresp.com Go Daddy Secure Certificate Authority - G2	`2015-12-02` - `2018-12-02`	3 years	crt.sh
www.google.com Google Internet Authority G3	`2018-10-30` - `2019-01-22`	3 months	crt.sh
*.formalyzer.com Go Daddy Secure Certificate Authority - G2	`2018-07-09` - `2019-09-07`	a year	crt.sh
*.leadforensics.com Go Daddy Secure Certificate Authority - G2	`2017-11-29` - `2019-01-14`	a year	crt.sh
*.tt.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2017-10-19` - `2020-11-25`	3 years	crt.sh
*.google.com Google Internet Authority G3	`2018-10-30` - `2019-01-22`	3 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2016-02-16` - `2019-04-17`	3 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2018-01-25` - `2019-01-25`	a year	crt.sh
*.avocet.io Amazon	`2018-08-03` - `2019-09-03`	a year	crt.sh
t.sf14g.com Go Daddy Secure Certificate Authority - G2	`2018-07-09` - `2019-09-07`	a year	crt.sh
*.g.doubleclick.net Google Internet Authority G3	`2018-10-30` - `2019-01-22`	3 months	crt.sh
cdn.callrail.com COMODO RSA Domain Validation Secure Server CA	`2018-06-10` - `2020-06-09`	2 years	crt.sh
*.sc.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2016-05-04` - `2019-05-23`	3 years	crt.sh
*.airpr.com Amazon	`2018-01-08` - `2019-02-08`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2017-06-06` - `2019-06-11`	2 years	crt.sh
www.bing.com Microsoft IT TLS CA 5	`2017-07-20` - `2019-07-10`	2 years	crt.sh
*.cylance.com DigiCert SHA2 Secure Server CA	`2018-08-10` - `2019-08-15`	a year	crt.sh
*.marketo.com DigiCert SHA2 Secure Server CA	`2018-02-13` - `2019-02-13`	a year	crt.sh
www.google.de Google Internet Authority G3	`2018-10-30` - `2019-01-22`	3 months	crt.sh
*.demandbase.com Go Daddy Secure Certificate Authority - G2	`2018-09-20` - `2020-11-19`	2 years	crt.sh
*.company-target.com Go Daddy Secure Certificate Authority - G2	`2017-08-18` - `2019-08-18`	2 years	crt.sh
*.d.company-target.com Go Daddy Secure Certificate Authority - G2	`2018-08-12` - `2019-10-11`	a year	crt.sh
*.rlcdn.com Go Daddy Secure Certificate Authority - G2	`2017-05-08` - `2019-06-21`	2 years	crt.sh
*.leadlander.com Go Daddy Secure Certificate Authority - G2	`2018-07-09` - `2019-09-07`	a year	crt.sh
*.intercomcdn.com Amazon	`2018-05-25` - `2019-06-25`	a year	crt.sh
*.adroll.com DigiCert SHA2 Secure Server CA	`2018-02-14` - `2019-02-14`	a year	crt.sh
*.intercom.com Amazon	`2018-07-09` - `2019-08-09`	a year	crt.sh
*.cdnwidget.com COMODO RSA Domain Validation Secure Server CA	`2018-03-01` - `2019-03-01`	a year	crt.sh
*.cdnbasket.net Go Daddy Secure Certificate Authority - G2	`2018-09-19` - `2019-09-27`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2017-12-15` - `2019-03-22`	a year	crt.sh
pixel.advertising.com DigiCert SHA2 High Assurance Server CA	`2017-06-14` - `2020-06-18`	3 years	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2018-04-16` - `2019-02-06`	10 months	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2016-01-12` - `2019-03-01`	3 years	crt.sh
f2.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2018-11-15` - `2019-09-07`	10 months	crt.sh
*.pubmatic.com COMODO RSA Organization Validation Secure Server CA	`2016-04-12` - `2019-05-27`	3 years	crt.sh
*.3lift.com Amazon	`2018-07-31` - `2019-08-31`	a year	crt.sh
*.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2018-07-05` - `2019-01-10`	6 months	crt.sh
*.bidswitch.net COMODO RSA Domain Validation Secure Server CA	`2018-03-22` - `2019-05-05`	a year	crt.sh
*.openx.net DigiCert ECC Secure Server CA	`2018-04-03` - `2019-04-08`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Frame ID: 7587F8D00FEED703204A18979F3B86B8
Requests: 109 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame.dd8d8484.js
Frame ID: 54D1FAAEE84989BA51E70A1D47B2DF45
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://thecyberwire.us16.list-manage.com/track/click?u=9f0cab23b3ee44f3bc482be80&id=415c591232&e=1842cd8c37 HTTP 302
https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=7... Page URL

Detected technologies

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

env /^adroll_/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+font-awesome(?:\.min)?\.css/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

env /^google_tag_manager$/i

Intercom (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^Intercom$/i

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

env /^Munchkin$/i

SiteCatalyst (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^s_(?:account|objectID|code|INST)$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js/i
env /^jQuery$/i

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

env /^Recaptcha$/i

Twitter Bootstrap () Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i

Page Statistics

111
Requests

100 %
HTTPS

23 %
IPv6

49
Domains

68
Subdomains

58
IPs

6
Countries

1675 kB
Transfer

5267 kB
Size

32
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cylance.com/

Search URL Search Domain Scan URL

URL: https://www.cylance.com/content/dam/cylance-web/en-us/resources/knowledge-center/resource-library/reports/WhiteCompanyOperationShaheenReport.pdf
Title:

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en_us/privacy-notice.html
Title: Privacy Notice

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cylanceinc
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/CylanceInc
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/cylanceinc
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/CylanceInc
Title:

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en_us/terms-of-service.html
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en_us/privacy-policy.html
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en_us/home.html#popup1
Title: GET A DEMO

Search URL Search Domain Scan URL

URL: https://gist.github.com/keithws/c3a93663da38630be0cf00924fdbbbe4/raw/f83ec04557c9cdb2dc425726178f27197960e604/mkto.form.listener.html
Title: view raw

Search URL Search Domain Scan URL

URL: https://gist.github.com/keithws/c3a93663da38630be0cf00924fdbbbe4#file-mkto-form-listener-html
Title: mkto.form.listener.html

Search URL Search Domain Scan URL

URL: https://github.com/
Title: GitHub

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://thecyberwire.us16.list-manage.com/track/click?u=9f0cab23b3ee44f3bc482be80&id=415c591232&e=1842cd8c37 HTTP 302
https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29

https://ads.avocet.io/s?add=5a61f448c71a10a80c990675&gtmcb=838362250 HTTP 302
https://ads.avocet.io/s?add=5a61f448c71a10a80c990675&bounce=true&gtmcb=838362250

Request Chain 40

https://cylance.sc.omtrdc.net/b/ss/cylan-production/1/JS-1.6.3-D7QN/s53499240328794?AQB=1&ndh=1&pf=1&t=15%2F10%2F2018%2015%3A54%3A33%204%200&D=D%3D&fid=1E7C3279C86FE2F1-384E673DA9C9AE4E&ce=UTF-8&g=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&cc=USD&c11=New&c13=8%3A54%20AM%7CThursday&c16=1&v16=8%3A54%20AM%7CThursday&c17=First%20Visit&v19=14&v20=New&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
https://cylance.sc.omtrdc.net/b/ss/cylan-production/1/JS-1.6.3-D7QN/s53499240328794?AQB=1&pccr=true&&ndh=1&pf=1&t=15%2F10%2F2018%2015%3A54%3A33%204%200&D=D%3D&fid=1E7C3279C86FE2F1-384E673DA9C9AE4E&ce=UTF-8&g=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&cc=USD&c11=New&c13=8%3A54%20AM%7CThursday&c16=1&v16=8%3A54%20AM%7CThursday&c17=First%20Visit&v19=14&v20=New&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

Request Chain 44

https://px.ads.linkedin.com/collect/?time=1542297273603&pid=37262&url=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&pageUrl=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&ref=&fmt=js&s=1 HTTP 302
https://px.ads.linkedin.com/collect/?time=1542297273603&pid=37262&url=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&pageUrl=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&ref=&fmt=js&s=1&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1542297273603%26pid%3D37262%26url%3Dhttps%253A%252F%252Fpages.cylance.com%252Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%253Fsfc%253D70144000001N29gAAC%26pageUrl%3Dhttps%253A%252F%252Fpages.cylance.com%252Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%253Fsfc%253D70144000001N29gAAC%26ref%3D%26fmt%3Djs%26s%3D1%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect/?time=1542297273603&pid=37262&url=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&pageUrl=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&ref=&fmt=js&s=1&cookiesTest=true&liSync=true

Request Chain 54

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j72&tid=UA-33464378-1&cid=1286300084.1542297274&jid=720897502&uid=false&gjid=1678580893&_gid=1952400569.1542297274&_u=YGBAgEAB~&z=1038214340 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1286300084.1542297274&jid=720897502&_v=j72&z=1038214340 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1286300084.1542297274&jid=720897502&_v=j72&z=1038214340&slf_rd=1&random=869409409

Request Chain 62

https://d.company-target.com/pixel?type=js&id=15320325252509&page=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC HTTP 302
https://d.company-target.com/ul_cb/pixel?type=js&id=15320325252509&page=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC

Request Chain 63

https://d.company-target.com/pixel?type=js&id=15320325254068&page=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC HTTP 302
https://d.company-target.com/ul_cb/pixel?type=js&id=15320325254068&page=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC

Request Chain 64

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AAM750632y0AACxhP-iG_g

Request Chain 72

https://tracking.leadlander.com/api/tracking?accountId=24130&page=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&referer=&fp=5dbc0281a014b7f8cf062da15ec05700 HTTP 302
https://tracking.leadlander.com/tracking.png

Request Chain 75

https://widget.intercom.io/widget/mzsa2nhj HTTP 302
https://js.intercomcdn.com/shim.ea95c45c.js

Request Chain 76

https://dpx.airpr.com/px?hostname=pages.cylance.com&profile=485573&ga_account_id=UA-33464378-1&ga_account_type=UA&ga_c=1286300084.1542297274&an=true HTTP 302
https://secure.adnxs.com/getuid?https://dpx.airpr.com/anpx?adnxs_uid=$UID&airpr_id=831424417 HTTP 302
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdpx.airpr.com%2Fanpx%3Fadnxs_uid%3D%24UID%26airpr_id%3D831424417 HTTP 302
https://dpx.airpr.com/anpx?adnxs_uid=4915178563911367021&airpr_id=831424417

Request Chain 79

https://www.google-analytics.com/r/collect?v=1&_v=j72&a=393561664&t=event&ni=1&_s=1&dl=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&ul=en-us&de=UTF-8&dt=Cylance%20%7C%20The%20White%20Company%3A%20Operation%20Shaheen%2C%20Inside%20a%20New%20Threat%20Actor%E2%80%99s%20Espionage%20Campaign&sd=24-bit&sr=1600x1200&vp=1600x1185&je=0&ec=tracking&ea=clienID%20created&el=clienID&_u=aHDACEABB~&jid=1898274596&gjid=634778623&cid=1286300084.1542297274&tid=UA-33464378-1&_gid=1952400569.1542297274&_r=1&gtm=2wgbc0PHJ5JMV&cd7=1286300084.1542297274&z=1431337937 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-33464378-1&cid=1286300084.1542297274&jid=1898274596&_gid=1952400569.1542297274&gjid=634778623&_v=j72&z=1431337937 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1286300084.1542297274&jid=1898274596&_v=j72&z=1431337937 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1286300084.1542297274&jid=1898274596&_v=j72&z=1431337937&slf_rd=1&random=2592879600

Request Chain 91

https://d.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB?adroll_fpc=d36b3de77e992f962ef0f419e7ae7b43&pv=34340866717.53336&cookie=&adroll_s_ref=&keyw=&arrfrr=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC HTTP 302
https://s.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/TB32AEMU6FEXRAAS24S2GJ.js

Request Chain 94

https://d.adroll.com/cm/aol/out?advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://pixel.advertising.com/ups/55980/sync?uid=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
https://pixel.advertising.com/ups/55980/sync?uid=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true

Request Chain 95

https://d.adroll.com/cm/index/out?advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&expiration=1573833276 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&expiration=1573833276&C=1

Request Chain 96

https://d.adroll.com/cm/n/out?advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&expires=365

Request Chain 97

https://d.adroll.com/cm/outbrain/out?advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://sync.outbrain.com/adroll/pixel?user_id=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA

Request Chain 98

https://d.adroll.com/cm/pubmatic/out?advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA

Request Chain 99

https://d.adroll.com/cm/taboola/out?advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA

Request Chain 100

https://d.adroll.com/cm/triplelift/out?advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://eb2.3lift.com/xuid?mid=4714&xuid=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&dongle=c85e HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&dongle=c85e&gdpr=1&cmp_cs=

Request Chain 102

https://d.adroll.com/cm/r/out?advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fesig%3D1~bf4e7dc4546a90c08591652d78a230d3f2ef5733%26nwid%3D10001032567%26sigv%3D1%26gdpr%3D1%26gdpr_consent%3DBOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 103

https://d.adroll.com/cm/b/out?advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://x.bidswitch.net/sync?dsp_id=44&user_id=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA

Request Chain 104

https://d.adroll.com/cm/x/out?advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://ib.adnxs.com/pxj?bidder=172&seg=802787&action=setuid(%27NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA%27)

Request Chain 105

https://d.adroll.com/cm/l/out?advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://idsync.rlcdn.com/377928.gif?partner_uid=54f46a30547c2be6a6ac6df1051039f0

Request Chain 106

https://d.adroll.com/cm/o/out?advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=54f46a30547c2be6a6ac6df1051039f0 HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=54f46a30547c2be6a6ac6df1051039f0

Request Chain 107

https://d.adroll.com/cm/g/out?advertisable=OU3SUNRJWBHPTCY5X23OHE&google_nid=adroll5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=VPRqMFR8K-amrG3xBRA58A&google_ula=1535926 HTTP 302
https://d.adroll.com/cm/g/in?google_ula=1535926,0

111 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html Show response
pages.cylance.com/
Redirect Chain

https://thecyberwire.us16.list-manage.com/track/click?u=9f0cab23b3ee44f3bc482be80&id=415c591232&e=1842cd8c37
https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC

66 KB
14 KB

592ms
440ms

Document
text/html

104.17.74.206
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f22cf02397a4230a1a2cca5f617580b8770e2838ab1bded1b88e847b5128f607

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: pages.cylance.com
:scheme: https
:path: /en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
date: Thu, 15 Nov 2018 15:54:32 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=d57bd61bc5ea90eddcccdf69af307d1431542297272; expires=Fri, 15-Nov-19 15:54:32 GMT; path=/; domain=.pages.cylance.com; HttpOnly BIGipServersj16web-nginx-app_https=!yqS3m7IOE7+28Bur6jIaQ+dbpC/uGoWdNyLKCzCdHzk1wNS5Vn0ftbUhQFLImOGzbYWRiDl6nnNWWFM=; path=/; Httponly; Secure
p3p: CP="CAO CURa ADMa DEVa TAIa OUR IND UNI COM NAV INT"
vary: *,Accept-Encoding
x-content-type-options: nosniff
x-cache-status: EXPIRED
x-mkto-nginx-cache: true
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 47a2e59eec4497b6-FRA
content-encoding: gzip

Redirect headers

Server: openresty
Content-Type: text/html; charset=UTF-8
Content-Length: 20
X-UA-Compatible: IE=edge,chrome=1
Location: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
X-Mc-Customer-Tier: paid
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Thu, 15 Nov 2018 15:54:31 GMT
Connection: keep-alive
Set-Cookie: _AVESTA_ENVIRONMENT=prod; path=/ _mcid=1.1a2140ce6f8e91e37f70b4ce0cb95513; expires=Fri, 15-Nov-2019 15:54:31 GMT; Max-Age=31536000; path=/; domain=.mailchimp.com

GET
H/1.1 200
OK satelliteLib-23ba5d1e186e4b4e63df6e5c7a14fedeadeef149.js Show response
assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/ 91 KB
28 KB 70ms
28ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/satelliteLib-23ba5d1e186e4b4e63df6e5c7a14fedeadeef149.js
Requested by: Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 2c7af620e565e936a3ac5be3eefa68650852484305f680f84034a5d8c46e2791

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 15 Nov 2018 15:54:32 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 Sep 2018 16:28:50 GMT
Server: Apache
ETag: "8c8ad043b297b2d752fffecde0f74829:1537374530"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *, *
Content-Length: 28672
Expires: Thu, 15 Nov 2018 16:54:32 GMT

GET
S 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/ 115 KB
19 KB 8ms
8ms Stylesheet
text/css 209.197.3.15
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css
Requested by: Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS: vip0x00f.map2.ssl.hwcdn.net
Software: /
Resource Hash: f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 15 Nov 2018 15:54:32 GMT
content-encoding: gzip
last-modified: Tue, 20 Feb 2018 05:57:55 GMT
status: 200
etag: "1519106275"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
x-hello-human: Say hello back! @getBootstrapCDN on Twitter
accept-ranges: bytes
content-length: 19240

GET
S 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/ 26 KB
6 KB 19ms
18ms Stylesheet
text/css 209.197.3.15
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css
Requested by: Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS: vip0x00f.map2.ssl.hwcdn.net
Software: /
Resource Hash: 936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 15 Nov 2018 15:54:32 GMT
content-encoding: gzip
last-modified: Sat, 17 Feb 2018 21:46:17 GMT
status: 200
etag: "1518903977"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
x-hello-human: Say hello back! @getBootstrapCDN on Twitter
accept-ranges: bytes
content-length: 6079

GET
S 200 css
fonts.googleapis.com/ 4 KB
653 B 18ms
17ms Stylesheet
text/css 2a00:1450:4001:81a::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,300,600,700,200

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81a::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

ef8d6a245a921d64a0d3e9d6f356747b3c7a50c95c6dc2e06cb108d81bfd0a65

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
last-modified: Thu, 15 Nov 2018 15:54:32 GMT
server: ESF
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
status: 200
date: Thu, 15 Nov 2018 15:54:32 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
x-xss-protection: 1; mode=block
expires: Thu, 15 Nov 2018 15:54:32 GMT

GET
S 200 jquery.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/ 287 KB
87 KB 12ms
11ms Script
application/javascript 2606:4700::6813:c597
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.js

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6813:c597 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 15 Nov 2018 15:54:32 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: HIT
status: 200
served-in-seconds: 0.297
last-modified: Thu, 17 May 2018 09:21:00 GMT
server: cloudflare
etag: W/"5afd497c-47a36"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 47a2e5a1bef8635b-FRA
expires: Tue, 05 Nov 2019 15:54:32 GMT

GET
H2 200 revenuepulse-lib-v6.js Show response
pages.cylance.com/rs/524-DOM-989/images/ 6 KB
1 KB 176ms
175ms Script
application/x-javascript 104.17.74.206
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://pages.cylance.com/rs/524-DOM-989/images/revenuepulse-lib-v6.js

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d056a8f811e1246b7bebd9d07ff4e86dc63859dd0631efcda0b47170eefb631

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /rs/524-DOM-989/images/revenuepulse-lib-v6.js
pragma: no-cache
cookie: __cfduid=d57bd61bc5ea90eddcccdf69af307d1431542297272; BIGipServersj16web-nginx-app_https=!yqS3m7IOE7+28Bur6jIaQ+dbpC/uGoWdNyLKCzCdHzk1wNS5Vn0ftbUhQFLImOGzbYWRiDl6nnNWWFM=
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: pages.cylance.com
referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
:scheme: https
:method: GET
Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 15 Nov 2018 15:54:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
status: 200
content-length: 1256
last-modified: Sat, 13 Oct 2018 01:55:27 GMT
server: cloudflare
etag: "2a09ca-173e-578127f7c70fb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 47a2e5a1bed497b6-FRA
expires: Thu, 15 Nov 2018 15:55:32 GMT

GET
H2 200 Cylance_Horz_RGB_WHT@2x.png
pages.cylance.com/rs/524-DOM-989/images/ 4 KB
4 KB 628ms
627ms Image
image/png 104.17.74.206
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pages.cylance.com/rs/524-DOM-989/images/Cylance_Horz_RGB_WHT@2x.png

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc924dab0b99a210e7b3b77af1aab3b82f77f2094cf2469730108dee7a8199e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /rs/524-DOM-989/images/Cylance_Horz_RGB_WHT@2x.png
pragma: no-cache
cookie: __cfduid=d57bd61bc5ea90eddcccdf69af307d1431542297272; BIGipServersj16web-nginx-app_https=!yqS3m7IOE7+28Bur6jIaQ+dbpC/uGoWdNyLKCzCdHzk1wNS5Vn0ftbUhQFLImOGzbYWRiDl6nnNWWFM=
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pages.cylance.com
referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
:scheme: https
:method: GET
Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 15 Nov 2018 15:54:33 GMT
x-content-type-options: nosniff
cf-cache-status: EXPIRED
last-modified: Sat, 13 Oct 2018 01:48:34 GMT
server: cloudflare
etag: "2a09b6-10a7-5781266e386bf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 47a2e5a1bed597b6-FRA
content-length: 4263
expires: Thu, 15 Nov 2018 15:55:33 GMT

GET
H2 200 download-icon.png
pages.cylance.com/rs/524-DOM-989/images/ 312 B
501 B 172ms
171ms Image
image/png 104.17.74.206
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pages.cylance.com/rs/524-DOM-989/images/download-icon.png

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

44dd49cb9f668cf70e36e5eef8a78d92d80e45c297cf61c5fdca28c4d470b0a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /rs/524-DOM-989/images/download-icon.png
pragma: no-cache
cookie: __cfduid=d57bd61bc5ea90eddcccdf69af307d1431542297272; BIGipServersj16web-nginx-app_https=!yqS3m7IOE7+28Bur6jIaQ+dbpC/uGoWdNyLKCzCdHzk1wNS5Vn0ftbUhQFLImOGzbYWRiDl6nnNWWFM=
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pages.cylance.com
referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
:scheme: https
:method: GET
Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 15 Nov 2018 15:54:32 GMT
x-content-type-options: nosniff
cf-cache-status: EXPIRED
last-modified: Sat, 13 Oct 2018 02:02:18 GMT
server: cloudflare
etag: "2a09f4-138-57812980342e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 47a2e5a1bed697b6-FRA
content-length: 312
expires: Thu, 15 Nov 2018 15:55:32 GMT

GET
H2 200 forms2.min.js Show response
pages.cylance.com/js/forms2/js/ 169 KB
57 KB 21ms
20ms Script
application/x-javascript 104.17.74.206
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://pages.cylance.com/js/forms2/js/forms2.min.js

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fbf63674053e3b35a34473fc7568df63730cb5e71f7e81aa8432e75374c758a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /js/forms2/js/forms2.min.js
pragma: no-cache
cookie: __cfduid=d57bd61bc5ea90eddcccdf69af307d1431542297272; BIGipServersj16web-nginx-app_https=!yqS3m7IOE7+28Bur6jIaQ+dbpC/uGoWdNyLKCzCdHzk1wNS5Vn0ftbUhQFLImOGzbYWRiDl6nnNWWFM=
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: pages.cylance.com
referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
:scheme: https
:method: GET
Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 15 Nov 2018 15:54:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 18 Jun 2018 17:51:59 GMT
server: cloudflare
etag: "18a034c-2a214-56eee38df8dc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=14400
cf-ray: 47a2e5a2cfd897b6-FRA
expires: Thu, 15 Nov 2018 19:54:32 GMT

GET
H2 200 linkedin-icon.png
pages.cylance.com/rs/524-DOM-989/images/ 284 B
438 B 163ms
162ms Image
image/png 104.17.74.206
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pages.cylance.com/rs/524-DOM-989/images/linkedin-icon.png

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3894cfb7e88e4924ad68b26fb1e886a7b6e641a3bd753d56820734d68cfdebac

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /rs/524-DOM-989/images/linkedin-icon.png
pragma: no-cache
cookie: __cfduid=d57bd61bc5ea90eddcccdf69af307d1431542297272; BIGipServersj16web-nginx-app_https=!yqS3m7IOE7+28Bur6jIaQ+dbpC/uGoWdNyLKCzCdHzk1wNS5Vn0ftbUhQFLImOGzbYWRiDl6nnNWWFM=; check=true; mbox=session#9d2d9c84a60842279ea3a8d10fde14df#1542299133
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pages.cylance.com
referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
:scheme: https
:method: GET
Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 15 Nov 2018 15:54:33 GMT
x-content-type-options: nosniff
cf-cache-status: EXPIRED
last-modified: Sat, 13 Oct 2018 02:32:38 GMT
server: cloudflare
etag: "2a0b1c-11c-57813047fe87a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 47a2e5a3584c97b6-FRA
content-length: 284
expires: Thu, 15 Nov 2018 15:55:33 GMT

GET
H2 200 facebook-icon.png
pages.cylance.com/rs/524-DOM-989/images/ 274 B
358 B 161ms
160ms Image
image/png 104.17.74.206
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pages.cylance.com/rs/524-DOM-989/images/facebook-icon.png

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

40c4236be47c1ddd55525935b15f6fd6afa4cc3591f3148e9da57f3045feb1cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /rs/524-DOM-989/images/facebook-icon.png
pragma: no-cache
cookie: __cfduid=d57bd61bc5ea90eddcccdf69af307d1431542297272; BIGipServersj16web-nginx-app_https=!yqS3m7IOE7+28Bur6jIaQ+dbpC/uGoWdNyLKCzCdHzk1wNS5Vn0ftbUhQFLImOGzbYWRiDl6nnNWWFM=; check=true; mbox=session#9d2d9c84a60842279ea3a8d10fde14df#1542299133|PC#9d2d9c84a60842279ea3a8d10fde14df.26_31#1605542073
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pages.cylance.com
referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
:scheme: https
:method: GET
Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 15 Nov 2018 15:54:33 GMT
x-content-type-options: nosniff
cf-cache-status: EXPIRED
last-modified: Sat, 13 Oct 2018 02:32:38 GMT
server: cloudflare
etag: "2a0b1d-112-57813047fffea"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 47a2e5a4592197b6-FRA
content-length: 274
expires: Thu, 15 Nov 2018 15:55:33 GMT

GET
H2 200 twitter-icon.png
pages.cylance.com/rs/524-DOM-989/images/ 348 B
431 B 178ms
177ms Image
image/png 104.17.74.206
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pages.cylance.com/rs/524-DOM-989/images/twitter-icon.png

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c0910d898a1dc8bd9db07bedbd28dd46b485cd506be2e733a622be4cefb8185

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /rs/524-DOM-989/images/twitter-icon.png
pragma: no-cache
cookie: __cfduid=d57bd61bc5ea90eddcccdf69af307d1431542297272; BIGipServersj16web-nginx-app_https=!yqS3m7IOE7+28Bur6jIaQ+dbpC/uGoWdNyLKCzCdHzk1wNS5Vn0ftbUhQFLImOGzbYWRiDl6nnNWWFM=; check=true; mbox=session#9d2d9c84a60842279ea3a8d10fde14df#1542299133|PC#9d2d9c84a60842279ea3a8d10fde14df.26_31#1605542073
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pages.cylance.com
referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
:scheme: https
:method: GET
Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 15 Nov 2018 15:54:33 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Sat, 13 Oct 2018 02:32:38 GMT
server: cloudflare
etag: "2a0b1e-15c-5781304822e83"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 47a2e5a55a5d97b6-FRA
content-length: 348
expires: Thu, 15 Nov 2018 15:55:33 GMT

GET
H2 200 youtube-icon.png
pages.cylance.com/rs/524-DOM-989/images/ 485 B
569 B 166ms
165ms Image
image/png 104.17.74.206
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pages.cylance.com/rs/524-DOM-989/images/youtube-icon.png

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0955faeb6c96d53329334b4ec84d3b7eb03d292b44381ac34998a42956e53fb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /rs/524-DOM-989/images/youtube-icon.png
pragma: no-cache
cookie: __cfduid=d57bd61bc5ea90eddcccdf69af307d1431542297272; BIGipServersj16web-nginx-app_https=!yqS3m7IOE7+28Bur6jIaQ+dbpC/uGoWdNyLKCzCdHzk1wNS5Vn0ftbUhQFLImOGzbYWRiDl6nnNWWFM=; check=true; mbox=session#9d2d9c84a60842279ea3a8d10fde14df#1542299133|PC#9d2d9c84a60842279ea3a8d10fde14df.26_31#1605542073
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pages.cylance.com
referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
:scheme: https
:method: GET
Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 15 Nov 2018 15:54:33 GMT
x-content-type-options: nosniff
cf-cache-status: EXPIRED
last-modified: Sat, 13 Oct 2018 02:32:38 GMT
server: cloudflare
etag: "2a0b1f-1e5-578130482614b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 47a2e5a5aab597b6-FRA
content-length: 485
expires: Thu, 15 Nov 2018 15:55:33 GMT

GET
H2 200 expand-icon.png
pages.cylance.com/rs/524-DOM-989/images/ 110 B
215 B 187ms
187ms Image
image/png 104.17.74.206
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pages.cylance.com/rs/524-DOM-989/images/expand-icon.png

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c48bc0845a13f41da83ec811f860e6c95d61aec6be1ad55b34c2d51e05a308f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /rs/524-DOM-989/images/expand-icon.png
pragma: no-cache
cookie: __cfduid=d57bd61bc5ea90eddcccdf69af307d1431542297272; BIGipServersj16web-nginx-app_https=!yqS3m7IOE7+28Bur6jIaQ+dbpC/uGoWdNyLKCzCdHzk1wNS5Vn0ftbUhQFLImOGzbYWRiDl6nnNWWFM=; check=true; mbox=session#9d2d9c84a60842279ea3a8d10fde14df#1542299133|PC#9d2d9c84a60842279ea3a8d10fde14df.26_31#1605542073
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pages.cylance.com
referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
:scheme: https
:method: GET
Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 15 Nov 2018 15:54:33 GMT
x-content-type-options: nosniff
cf-cache-status: EXPIRED
last-modified: Sat, 13 Oct 2018 02:32:39 GMT
server: cloudflare
etag: "2a0b20-6e-578130483bcf3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 47a2e5a68b5f97b6-FRA
content-length: 110
expires: Thu, 15 Nov 2018 15:55:33 GMT

GET
S 200 gtm.js Show response
www.googletagmanager.com/ 179 KB
48 KB 16ms
16ms Script
application/javascript 2a00:1450:4001:81a::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PHJ5JMV

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81a::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

1354698c9e5905a5556df6bb11704d96cd71a24c2f940a48e01b5ab985c80363

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 15 Nov 2018 15:54:33 GMT
content-encoding: gzip
server: Google Tag Manager (scaffolding)
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 49344
x-xss-protection: 1; mode=block
expires: Thu, 15 Nov 2018 15:54:33 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net// 1 KB
2 KB 56ms
11ms Script
application/x-javascript 104.111.242.254
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net//munchkin.js
Requested by: Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.242.254 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-242-254.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 82bbf4a0f25757d1c9b9f18672eabf510965e4873e9d989a407823eac0d99259

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 15 Nov 2018 15:54:32 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12 Jun 2018 01:36:41 GMT
Server: Apache
ETag: "8a1ad47bd9401d0c4cde2aab48eeb571:1528767401"
X-Serial: 1
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
X-Check-Cacheable: YES
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 752

GET
H/1.0 200
OK logPageVisit
524-dom-989.mktoresp.com/webevents/ 43 B
601 B 1031ms
334ms Image
image/gif 192.28.146.120
MARKETO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://524-dom-989.mktoresp.com/webevents/logPageVisit?_lpVid=15916&customer=cylance&_mchId=524-DOM-989

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC

Protocol

HTTP/1.0

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.28.146.120 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US),

Reverse DNS

Software

Apache /

Resource Hash

cbbd42bb1d88693e6805bd9d676840424af5ecf3e13d874fd06e6b57d53d8d40

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Nov 2018 15:54:34 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 15 Nov 2018 09:54:34 -0600
Server: Apache
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: close
Content-Type: image/gif; charset=utf-8
Content-Length: 43
Expires: -1

GET
H/1.1 200
OK mbox-contents-fb63f68fc450f4c262b63cc88d4fedc0f60a0fe6.js Show response
assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/ 106 KB
34 KB 133ms
132ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/mbox-contents-fb63f68fc450f4c262b63cc88d4fedc0f60a0fe6.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/satelliteLib-23ba5d1e186e4b4e63df6e5c7a14fedeadeef149.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: d07ffe3b2c9e396509a4b8dc6b6279e8932ad6c4d539b069dec5f1ee08283113

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Thu, 15 Nov 2018 15:54:32 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 Sep 2018 16:28:50 GMT
Server: Apache
ETag: "a6c025d58ec66d2076acd8db0ac3053a:1537374530"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *, *
Content-Length: 34355
Expires: Thu, 15 Nov 2018 16:54:32 GMT

GET
S 200 api.js Show response
www.google.com/recaptcha/ 762 B
545 B 18ms
15ms Script
text/javascript 2a00:1450:4001:81a::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/satelliteLib-23ba5d1e186e4b4e63df6e5c7a14fedeadeef149.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81a::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

2308d970454e801345cc8bae0c64dc8464b287a6de86b020e4c008ffb415f0b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Thu, 15 Nov 2018 15:54:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 447
x-xss-protection: 1; mode=block
expires: Thu, 15 Nov 2018 15:54:32 GMT

GET
S 200 formalyze_call_secure.js Show response
formalyzer.com/ 303 KB
303 KB 414ms
199ms Script
application/javascript 54.85.83.177
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://formalyzer.com/formalyze_call_secure.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/satelliteLib-23ba5d1e186e4b4e63df6e5c7a14fedeadeef149.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.85.83.177 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-54-85-83-177.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

579bfa3e4dcbdfe3a78e5924652da4e49b013e8163d94a3ec561905cc2957a5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Thu, 15 Nov 2018 15:54:32 GMT
last-modified: Fri, 09 Nov 2018 19:00:18 GMT
server: Kestrel
etag: "1d4785e74a377e7"
strict-transport-security: max-age=2592000
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 309991

GET
H/1.1 200
OK satellite-58b0635564746d2ae800cb69.js Show response
assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/scripts/ 306 B
683 B 147ms
122ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/scripts/satellite-58b0635564746d2ae800cb69.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/satelliteLib-23ba5d1e186e4b4e63df6e5c7a14fedeadeef149.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 2f947cd9998872022e43061f807673ba3cfe72c824081c78471fc91084e1c618

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Thu, 15 Nov 2018 15:54:32 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 Sep 2018 16:28:50 GMT
Server: Apache
ETag: "a7cbf776fe3cbdc8a4c301ce9a1a0d16:1537374530"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *, *
Content-Length: 241
Expires: Thu, 15 Nov 2018 16:54:32 GMT

GET
H/1.1 200
OK satellite-58b05e0664746d452c004b17.js Show response
assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/scripts/ 1 KB
1004 B 37ms
13ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/scripts/satellite-58b05e0664746d452c004b17.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/satelliteLib-23ba5d1e186e4b4e63df6e5c7a14fedeadeef149.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 1d89abcc73548a00545f33a39c2f5a35bcaa86e50b29218964c5b69edb44d225

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Thu, 15 Nov 2018 15:54:32 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 Sep 2018 16:28:50 GMT
Server: Apache
ETag: "902b51055c148accf0b1343449b55357:1537374530"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *, *
Content-Length: 562
Expires: Thu, 15 Nov 2018 16:54:32 GMT

GET
H/1.1 200
OK satellite-5b6b42a864746d0189000577.js Show response
assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/scripts/ 505 B
804 B 122ms
121ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/scripts/satellite-5b6b42a864746d0189000577.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/satelliteLib-23ba5d1e186e4b4e63df6e5c7a14fedeadeef149.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 00f7441aeacbb7a7143297332e21710d23a8af54667e50cc42a528804eea1e13

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 15 Nov 2018 15:54:33 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 Sep 2018 16:28:50 GMT
Server: Apache
ETag: "ef163175ae8aeca3d7e68465a45c6a6d:1537374530"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *, *
Content-Length: 362
Expires: Thu, 15 Nov 2018 16:54:33 GMT

GET
H/1.1 200
OK 111863.js Show response
secure.leadforensics.com/js/ 1 KB
914 B 139ms
23ms Script
text/javascript 51.140.49.131
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.leadforensics.com/js/111863.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/satelliteLib-23ba5d1e186e4b4e63df6e5c7a14fedeadeef149.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.140.49.131 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: Kestrel /
Resource Hash: 4134094f2e50772bf2e1084a4522aedb49a18ba9afca40a4999e3d9b4e47ae05

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Thu, 15 Nov 2018 15:54:32 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Kestrel
Transfer-Encoding: chunked
Content-Type: text/javascript

GET
S 200 json Show response
cylance.tt.omtrdc.net/m2/cylance/mbox/ 97 B
361 B 79ms
20ms XHR
application/json 66.117.29.11
Adobe Systems Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://cylance.tt.omtrdc.net/m2/cylance/mbox/json?mbox=target-global-mbox&mboxSession=9d2d9c84a60842279ea3a8d10fde14df&mboxPC=&mboxPage=7fc22fe8491e43688d116634fa44bd76&mboxVersion=1.1.0&mboxCount=1&mboxTime=1542297272834&mboxHost=pages.cylance.com&mboxURL=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&mboxReferrer=&browserHeight=1200&browserWidth=1600&browserTimeOffset=0&screenHeight=1200&screenWidth=1600&colorDepth=24
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/mbox-contents-fb63f68fc450f4c262b63cc88d4fedc0f60a0fe6.js
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 66.117.29.11 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software: /
Resource Hash: 30fbb0384f729d7a0adf08280e3b1810ba0bb73bc639d00a75afa274b2af0ec1

Request headers

Accept: application/json
Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Origin: https://pages.cylance.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Nov 2018 15:54:32 GMT
status: 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://pages.cylance.com
cache-control: no-cache
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 97
x-request-id: a933ecc6-e44a-4fde-9dd7-fb05e4fed018

GET
S 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/api2/v1541614764654/ 258 KB
89 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81a::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/api2/v1541614764654/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81a::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

dd86315d28c41239627e235a9cad43e0a2ab155ab6e639c06f5237f166d567f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 14 Nov 2018 19:04:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 07 Nov 2018 20:15:00 GMT
server: sffe
age: 75024
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 91509
x-xss-protection: 1; mode=block
expires: Thu, 14 Nov 2019 19:04:09 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
4 KB 7ms
6ms Script
application/x-javascript 2a02:26f0:6c00:296::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/scripts/satellite-58b0635564746d2ae800cb69.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:296::25ea , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 0e61af2bfebca120ae344dc48386bbd2b6d24486524cf98ed55327b084bf1702

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 15 Nov 2018 15:54:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Aug 2018 22:17:52 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=10919
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4105

GET
H/1.1 200
OK Capture.aspx Show response
secure.leadforensics.com/Track/ 0
123 B 51ms
50ms Script
text/javascript 51.140.49.131
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.leadforensics.com/Track/Capture.aspx?retType=js&trk_uid=&trk_user=111863&trk_sw=1600&trk_sh=1200&trk_ref=&trk_tit=Cylance%20%7C%20The%20White%20Company%3A%20Operation%20Shaheen%2C%20Inside%20a%20New%20Threat%20Actor%E2%80%99s%20Espionage%20Campaign&trk_loc=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&trk_agn=Netscape&trk_agv=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_13_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F67.0.3396.87%20Safari%2F537.36.lfcd24.lflngen-US&trk_dom=pages.cylance.com&trk_cookie=NA
Requested by: Host: secure.leadforensics.com
URL: https://secure.leadforensics.com/js/111863.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.140.49.131 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 15 Nov 2018 15:54:33 GMT
Server: Kestrel
Content-Length: 0
Content-Type: text/javascript

GET
H/1.1 200
OK px Show response
secure.adnxs.com/ 0
592 B 53ms
14ms Script
text/html 185.33.223.208
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/px?id=954577&t=1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PHJ5JMV

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.208 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

Software

nginx/1.13.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Nov 2018 15:54:35 GMT
X-Proxy-Origin: 148.251.45.254; 148.251.45.254; 311.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.199:80
AN-X-Request-Uuid: 79834abd-2ec3-406f-9147-512eb7776df7
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

s
ads.avocet.io/
Redirect Chain

https://ads.avocet.io/s?add=5a61f448c71a10a80c990675&gtmcb=838362250
https://ads.avocet.io/s?add=5a61f448c71a10a80c990675&bounce=true&gtmcb=838362250

35 B
417 B

29ms
29ms

Image
image/gif

52.17.170.37
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.avocet.io/s?add=5a61f448c71a10a80c990675&bounce=true&gtmcb=838362250
Requested by: Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.170.37 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-17-170-37.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 15 Nov 2018 15:54:33 GMT
Connection: keep-alive
P3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Content-Length: 35
Content-Type: image/gif

Redirect headers

Location: /s?add=5a61f448c71a10a80c990675&bounce=true&gtmcb=838362250
Date: Thu, 15 Nov 2018 15:54:33 GMT
Connection: keep-alive
P3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Content-Length: 90
Content-Type: text/html; charset=utf-8

GET
H2 200 piping-dark.png
pages.cylance.com/rs/524-DOM-989/images/ 181 B
286 B 162ms
162ms Image
image/png 104.17.74.206
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pages.cylance.com/rs/524-DOM-989/images/piping-dark.png

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b466abb9b00629b453ba2b9d3ceb453c0c6e6db5526be2ff3198e274c13d566f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /rs/524-DOM-989/images/piping-dark.png
pragma: no-cache
cookie: __cfduid=d57bd61bc5ea90eddcccdf69af307d1431542297272; BIGipServersj16web-nginx-app_https=!yqS3m7IOE7+28Bur6jIaQ+dbpC/uGoWdNyLKCzCdHzk1wNS5Vn0ftbUhQFLImOGzbYWRiDl6nnNWWFM=; check=true; mbox=session#9d2d9c84a60842279ea3a8d10fde14df#1542299133|PC#9d2d9c84a60842279ea3a8d10fde14df.26_31#1605542073; querystring=sfc%3D70144000001N29gAAC; lastvisited=lastvisited; _gcl_au=1.1.57801018.1542297273
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: pages.cylance.com
referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
:scheme: https
:method: GET
Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 15 Nov 2018 15:54:33 GMT
x-content-type-options: nosniff
cf-cache-status: EXPIRED
last-modified: Sat, 13 Oct 2018 02:37:23 GMT
server: cloudflare
etag: "2a0b27-b5-57813157fdee9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 47a2e5a74c1e97b6-FRA
content-length: 181
expires: Thu, 15 Nov 2018 15:55:33 GMT

GET
S 200 NaPDcZTIAOhVxoMyOr9n_E7ffBzCGItzY5abuWI.woff2
fonts.gstatic.com/s/titilliumweb/v6/ 12 KB
12 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:81a::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v6/NaPDcZTIAOhVxoMyOr9n_E7ffBzCGItzY5abuWI.woff2

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/js/forms2/js/forms2.min.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81a::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

cdb9af36b1c52b91f9477c88cfd39fb8a5a27764cb20f1ac3ca75a3fae0fdc23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Titillium+Web:400,300,600,700,200
Origin: https://pages.cylance.com

Response headers

date: Wed, 14 Nov 2018 17:33:22 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 18:27:26 GMT
server: sffe
age: 80471
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 12120
x-xss-protection: 1; mode=block
expires: Thu, 14 Nov 2019 17:33:22 GMT

GET
S 200 NaPecZTIAOhVxoMyOr9n_E7fdMPmDaZRbrw.woff2
fonts.gstatic.com/s/titilliumweb/v6/ 12 KB
12 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81a::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v6/NaPecZTIAOhVxoMyOr9n_E7fdMPmDaZRbrw.woff2

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/js/forms2/js/forms2.min.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81a::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

00eefad8cfe42f52ba984740be5df503849b4d4603913570d515db8f1bb1fffd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Titillium+Web:400,300,600,700,200
Origin: https://pages.cylance.com

Response headers

date: Wed, 14 Nov 2018 14:47:43 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 18:27:30 GMT
server: sffe
age: 90410
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 12252
x-xss-protection: 1; mode=block
expires: Thu, 14 Nov 2019 14:47:43 GMT

GET
H2 200 forms2.css
pages.cylance.com/js/forms2/css/ 13 KB
3 KB 34ms
34ms Stylesheet
text/css 104.17.74.206
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://pages.cylance.com/js/forms2/css/forms2.css

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

397d07fbfb19b6ac538d7b8bcdf5ebf7be881c9f9ad3982278d9d4f3a02c160b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /js/forms2/css/forms2.css
pragma: no-cache
cookie: __cfduid=d57bd61bc5ea90eddcccdf69af307d1431542297272; BIGipServersj16web-nginx-app_https=!yqS3m7IOE7+28Bur6jIaQ+dbpC/uGoWdNyLKCzCdHzk1wNS5Vn0ftbUhQFLImOGzbYWRiDl6nnNWWFM=; check=true; mbox=session#9d2d9c84a60842279ea3a8d10fde14df#1542299133|PC#9d2d9c84a60842279ea3a8d10fde14df.26_31#1605542073; querystring=sfc%3D70144000001N29gAAC; lastvisited=lastvisited; _gcl_au=1.1.57801018.1542297273
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: pages.cylance.com
referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
:scheme: https
:method: GET
Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 15 Nov 2018 15:54:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 2610
last-modified: Fri, 07 Apr 2017 19:34:58 GMT
server: cloudflare
etag: "18a0310-33f8-54c98b884bc80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 47a2e5a76c2b97b6-FRA
expires: Thu, 15 Nov 2018 19:54:33 GMT

GET
H2 200 forms2-theme-simple.css
pages.cylance.com/js/forms2/css/ 826 B
326 B 136ms
136ms Stylesheet
text/css 104.17.74.206
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://pages.cylance.com/js/forms2/css/forms2-theme-simple.css

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:path: /js/forms2/css/forms2-theme-simple.css
pragma: no-cache
cookie: __cfduid=d57bd61bc5ea90eddcccdf69af307d1431542297272; BIGipServersj16web-nginx-app_https=!yqS3m7IOE7+28Bur6jIaQ+dbpC/uGoWdNyLKCzCdHzk1wNS5Vn0ftbUhQFLImOGzbYWRiDl6nnNWWFM=; check=true; mbox=session#9d2d9c84a60842279ea3a8d10fde14df#1542299133|PC#9d2d9c84a60842279ea3a8d10fde14df.26_31#1605542073; querystring=sfc%3D70144000001N29gAAC; lastvisited=lastvisited; _gcl_au=1.1.57801018.1542297273
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: pages.cylance.com
referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
:scheme: https
:method: GET
Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 15 Nov 2018 15:54:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
content-length: 242
last-modified: Fri, 07 Apr 2017 19:34:58 GMT
server: cloudflare
etag: "36083c-33a-54c98b884bc80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 47a2e5a76c2d97b6-FRA
expires: Thu, 15 Nov 2018 19:54:33 GMT

GET
S 200 sf14g.js Show response
t.sf14g.com/ 37 KB
37 KB 446ms
209ms Script
application/javascript 54.85.83.177
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://t.sf14g.com/sf14g.js

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.85.83.177 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-54-85-83-177.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

86ecafc33ecb5976760d6b5f13a2874525e3f4bfa8b12a0e14d6c98ae9e727cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 15 Nov 2018 15:54:33 GMT
last-modified: Tue, 16 Oct 2018 18:33:02 GMT
server: Kestrel
etag: "1d4657eab9c909b"
strict-transport-security: max-age=2592000
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 37787

GET
S 200 conversion.js Show response
www.googleadservices.com/pagead/ 24 KB
9 KB 43ms
16ms Script
text/javascript 172.217.23.162
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/satelliteLib-23ba5d1e186e4b4e63df6e5c7a14fedeadeef149.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.23.162 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

c8c41639bd3ff6e53a3059638fcdd9ecec86fb44ce02e2558e54f1ce1175c884

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Thu, 15 Nov 2018 15:54:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 9188
x-xss-protection: 1; mode=block
server: cafe
etag: 12953853046162613171
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 15 Nov 2018 15:54:33 GMT

GET
H/1.1 200
OK satellite-5b7327f664746d2cf3004660.js Show response
assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/scripts/ 306 B
691 B 123ms
121ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/scripts/satellite-5b7327f664746d2cf3004660.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/satelliteLib-23ba5d1e186e4b4e63df6e5c7a14fedeadeef149.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: bc639d965eb9897e6ca584c0d8abb53d0187122fdc02a922ee793f8f5199a403

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 15 Nov 2018 15:54:33 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 Sep 2018 16:28:50 GMT
Server: Apache
ETag: "2d1ac32149fc2346b8d095e82e64f411:1537374530"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *, *
Content-Length: 249
Expires: Thu, 15 Nov 2018 16:54:33 GMT

GET
S 200 swap.js Show response
cdn.callrail.com/companies/345829233/ab20ed97f8ec933f7104/12/ 39 KB
14 KB 50ms
11ms Script
text/javascript 23.111.8.24
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.callrail.com/companies/345829233/ab20ed97f8ec933f7104/12/swap.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/satelliteLib-23ba5d1e186e4b4e63df6e5c7a14fedeadeef149.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.111.8.24 Phoenix, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),

Reverse DNS

Software

NetDNA-cache/2.2 /

Resource Hash

3a82897d7d48d2a556034c7975c043c8443a131b9183ece2dadb91dae0775b20

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

x-runtime: 0.006687
date: Thu, 15 Nov 2018 15:54:33 GMT
content-encoding: gzip
server: NetDNA-cache/2.2
etag: W/"3a82897d7d48d2a556034c7975c043c8"
strict-transport-security: max-age=31536000;
x-cache: HIT
content-type: text/javascript; charset=utf-8
status: 200, 200 OK
cache-control: max-age=3600, public
timing-allow-origin: *
x-request-id: fb755b5c-f29b-46bd-a954-df205492020a

GET
H/1.1 200
OK s-code-contents-0617095716c20ecdf580a0af2402d12d5e530614.js Show response
assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/ 33 KB
13 KB 19ms
18ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/s-code-contents-0617095716c20ecdf580a0af2402d12d5e530614.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/satelliteLib-23ba5d1e186e4b4e63df6e5c7a14fedeadeef149.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 1c3b59ee0ca86eaa084b7d64f600e4106eef5077f038e9f480114dc82887a74e

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 15 Nov 2018 15:54:33 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 Sep 2018 16:28:50 GMT
Server: Apache
ETag: "80ab156d485afe908fb9c7c18394052b:1537374530"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *, *
Content-Length: 12804
Expires: Thu, 15 Nov 2018 16:54:33 GMT

GET
H/1.1

200
OK

s53499240328794
cylance.sc.omtrdc.net/b/ss/cylan-production/1/JS-1.6.3-D7QN/
Redirect Chain

https://cylance.sc.omtrdc.net/b/ss/cylan-production/1/JS-1.6.3-D7QN/s53499240328794?AQB=1&ndh=1&pf=1&t=15%2F10%2F2018%2015%3A54%3A33%204%200&D=D%3D&fid=1E7C3279C86FE2F1-384E673DA9C9AE4E&ce=UTF-8&g=...
https://cylance.sc.omtrdc.net/b/ss/cylan-production/1/JS-1.6.3-D7QN/s53499240328794?AQB=1&pccr=true&&ndh=1&pf=1&t=15%2F10%2F2018%2015%3A54%3A33%204%200&D=D%3D&fid=1E7C3279C86FE2F1-384E673DA9C9AE4E&...

43 B
759 B

23ms
22ms

Image
image/gif

172.82.228.19
Adobe Systems Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cylance.sc.omtrdc.net/b/ss/cylan-production/1/JS-1.6.3-D7QN/s53499240328794?AQB=1&pccr=true&&ndh=1&pf=1&t=15%2F10%2F2018%2015%3A54%3A33%204%200&D=D%3D&fid=1E7C3279C86FE2F1-384E673DA9C9AE4E&ce=UTF-8&g=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&cc=USD&c11=New&c13=8%3A54%20AM%7CThursday&c16=1&v16=8%3A54%20AM%7CThursday&c17=First%20Visit&v19=14&v20=New&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

172.82.228.19 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),

Reverse DNS

*.sc.omtrdc.net

Software

Omniture DC/2.0.0 /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 15 Nov 2018 15:54:33 GMT
X-Content-Type-Options: nosniff
X-C: ms-6.5.1
P3P: CP="This is not a P3P policy"
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Fri, 16 Nov 2018 15:54:33 GMT
Server: Omniture DC/2.0.0
xserver: www6
ETag: "3312058174209589248-4945551627911184673"
Vary: *
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Expires: Wed, 14 Nov 2018 15:54:33 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 15 Nov 2018 15:54:33 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 16 Nov 2018 15:54:33 GMT
Server: Omniture DC
Access-Control-Allow-Origin: *
xserver: www290
X-C: ms-6.5.1
Content-Type: text/plain
Location: https://cylance.sc.omtrdc.net/b/ss/cylan-production/1/JS-1.6.3-D7QN/s53499240328794?AQB=1&pccr=true&&ndh=1&pf=1&t=15%2F10%2F2018%2015%3A54%3A33%204%200&D=D%3D&fid=1E7C3279C86FE2F1-384E673DA9C9AE4E&ce=UTF-8&g=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&cc=USD&c11=New&c13=8%3A54%20AM%7CThursday&c16=1&v16=8%3A54%20AM%7CThursday&c17=First%20Visit&v19=14&v20=New&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block
Expires: Wed, 14 Nov 2018 15:54:33 GMT

GET
S 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/858415995/ 2 KB
1 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:821::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858415995/?random=1542297273561&cv=9&fst=1542297273561&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&tiba=Cylance%20%7C%20The%20White%20Company%3A%20Operation%20Shaheen%2C%20Inside%20a%20New%20Threat%20Actor%E2%80%99s%20Espionage%20Campaign&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:821::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

14899cb1a3ed2f3b8432287548bf0f4f910e728626e7dd4c1c60c902786b7d9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Nov 2018 15:54:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1065
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 airpr.js Show response
px.airpr.com/ 7 KB
2 KB 61ms
8ms Script
application/javascript 13.32.223.141
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://px.airpr.com/airpr.js
Requested by: Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.32.223.141 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-32-223-141.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: 529b9c583e6cf8da02c9cadf8c38b5714198f0fde2dcde01da2d5ee681228738

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 13 Aug 2018 18:52:44 GMT
content-encoding: gzip
last-modified: Sat, 21 Apr 2018 18:03:55 GMT
server: nginx
age: 32571
etag: "5adb7d0b-853"
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=43200
content-length: 2131
via: 1.1 5d4ff22febf83d261f03aa068f5bdc04.cloudfront.net (CloudFront)
x-amz-cf-id: jyqnKWd6a9rxbZ3gYgFC70gauMrzHPtx0hoUciM4UzBBCprBVApzzw==
expires: Tue, 14 Aug 2018 06:52:44 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/154/ 8 KB
5 KB 9ms
9ms Script
application/x-javascript 104.111.242.254
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/154/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net//munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.242.254 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-242-254.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 9298a280eda6b54290d3c69fda3ae7da0cec1a0169d01d4e5944af63d68939d5

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 15 Nov 2018 15:54:33 GMT
Content-Encoding: gzip
Last-Modified: Fri, 18 May 2018 02:45:27 GMT
Server: Apache
ETag: "808fc844032f646c32adce24553838be:1526611527"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 3700
Expires: Sat, 23 Feb 2019 15:54:33 GMT

GET
S

200

/ Show response
px.ads.linkedin.com/collect/
Redirect Chain

https://px.ads.linkedin.com/collect/?time=1542297273603&pid=37262&url=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29...
https://px.ads.linkedin.com/collect/?time=1542297273603&pid=37262&url=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1542297273603%26pid%3D37262%26url%3Dhttps%253A%252F%252Fpages.cylance.com%252Fen-us-2018-11-oper...
https://px.ads.linkedin.com/collect/?time=1542297273603&pid=37262&url=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29...

0
95 B

117ms
116ms

Script
application/javascript

2a05:f500:10:101::b93f:9105
LinkedIn Corporation

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/collect/?time=1542297273603&pid=37262&url=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&pageUrl=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&ref=&fmt=js&s=1&cookiesTest=true&liSync=true
Requested by: Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 15 Nov 2018 15:54:34 GMT
content-encoding: gzip
server: Play
vary: Accept-Encoding
x-li-fabric: prod-lva1
status: 200
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 20
x-li-uuid: l+cEBzNXZxXgsIFe0CoAAA==

Redirect headers

date: Thu, 15 Nov 2018 15:54:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 302
vary: Accept-Encoding
content-length: 20
x-li-uuid: SdGB/jJXZxUggMuZgSsAAA==
server: Play
pragma: no-cache
x-li-pop: PROD-IDB2
x-frame-options: sameorigin
strict-transport-security: max-age=2592000
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect/?time=1542297273603&pid=37262&url=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&pageUrl=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&ref=&fmt=js&s=1&cookiesTest=true&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
S 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:81a::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PHJ5JMV

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81a::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 05 Nov 2018 21:10:09 GMT
server: Golfe2
age: 7193
date: Thu, 15 Nov 2018 13:54:40 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 17404
expires: Thu, 15 Nov 2018 15:54:40 GMT

GET
S 200 bat.js Show response
bat.bing.com/ 22 KB
7 KB 45ms
30ms Script
application/javascript 204.79.197.200
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PHJ5JMV
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.79.197.200 Redmond, United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS: a-0001.a-msedge.net
Software: /
Resource Hash: 6226202c1ea75ec89c213d14f9d1b6944e6ba6beec3eac721232a8e66e6d3a95

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 15 Nov 2018 15:54:32 GMT
content-encoding: gzip
last-modified: Tue, 16 Oct 2018 07:55:46 GMT
x-msedge-ref: Ref A: AB1041ED13A747349BCE4DED31A84ED5 Ref B: FRAEDGE0207 Ref C: 2018-11-15T15:54:33Z
status: 200
etag: "06d2da52565d41:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 7033

GET
S 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 23 KB
9 KB 17ms
17ms Script
text/javascript 172.217.23.162
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PHJ5JMV

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.217.23.162 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

1a7d8ac09be6eac4399f0f231cc1994e8ee1c7ecc349b0c8d75b23e4486b51ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 15 Nov 2018 15:54:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 8739
x-xss-protection: 1; mode=block
server: cafe
etag: 10852258307701183158
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 15 Nov 2018 15:54:33 GMT

GET
H/1.1 200
OK Cookie set marketo-listener.js Show response
www.cylance.com/content/dam/cylance-web/global/scripts/ 46 KB
4 KB 727ms
170ms Script
application/javascript 52.40.44.5
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cylance.com/content/dam/cylance-web/global/scripts/marketo-listener.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PHJ5JMV

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.40.44.5 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-52-40-44-5.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

7aa9bc4ef18f024cd5094430d69150089b6ef1ff457ab0fd09da977b37cd8e5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.cylance.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Cookie: check=true; mbox=session#9d2d9c84a60842279ea3a8d10fde14df#1542299133|PC#9d2d9c84a60842279ea3a8d10fde14df.26_31#1605542073; querystring=sfc%3D70144000001N29gAAC; lastvisited=lastvisited; _gcl_au=1.1.57801018.1542297273; s_fid=1E7C3279C86FE2F1-384E673DA9C9AE4E; s_lv_s=First%20Visit; s_vnum=1573833273549%26vn%3D1; s_invisit=true; s_cc=true; calltrk_referrer=direct; calltrk_landing=https%3A//pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC; s_lv=1542297273599; s_nr=1542297273599-New; calltrk_session_id=8a4e0383-2cd9-4d56-88e7-4f63e06bf1a7
Connection: keep-alive
Cache-Control: no-cache
Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 15 Nov 2018 15:54:34 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Nov 2018 02:14:22 GMT
Server: Apache
Cache-control: no-cache="set-cookie"
X-Frame-Options: SAMEORIGIN
ETag: "b6ad-57a31e8d7db80-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Set-Cookie: AWSELB=4D0BDD9F0A163D48ECFEF400CB706ACF82CD0195C8D5AF0B639C0FF52381F196F79B59DABDA4381BCD335FA13A79BACAFDE223CF13FD25873C7A2BC0E5C1F5ABCE7C0F7EBB;PATH=/;MAX-AGE=900
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Accept-Ranges: bytes
Content-Length: 3252
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK rtp.js Show response
sjrtp3-cdn.marketo.com/rtp-api/v1/ 146 KB
40 KB 161ms
107ms Script
application/x-javascript 104.111.239.158
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://sjrtp3-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cylance

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/scripts/satellite-5b6b42a864746d0189000577.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.239.158 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-239-158.deploy.static.akamaitechnologies.com

Software

Jetty(7.3.1.v20110307) /

Resource Hash

acbf8994f9c8a59ab79dd564be4a01cdb8f1ebdeec93cee7bd35b52c6fa54ded

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=63113904
Content-Encoding: gzip
Last-Modified: Wed, 24 Oct 2018 01:38:38 GMT
Server: Jetty(7.3.1.v20110307)
Date: Thu, 15 Nov 2018 15:54:33 GMT
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=UTF-8
Cache-Control: public, max-age=8
Connection: keep-alive
Content-Length: 40961

GET
H/1.1 200
OK visitWebPage Show response
524-dom-989.mktoresp.com/webevents/ 43 B
623 B 848ms
157ms XHR
image/gif 192.28.146.120
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL

https://524-dom-989.mktoresp.com/webevents/visitWebPage?_mchNc=1542297273622&_mchCn=en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer&_mchId=524-DOM-989&_mchTk=_mch-cylance.com-1542297273621-88159&_mchWs=j1RR&_mchHo=pages.cylance.com&_mchPo=&_mchRu=%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html&_mchPc=https%3A&_mchVr=154&_mchHa=&_mchRe=&_mchQp=sfc%3D70144000001N29gAAC

Requested by

Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/154/munchkin.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.28.146.120 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US),

Reverse DNS

Software

Apache /

Resource Hash

cbbd42bb1d88693e6805bd9d676840424af5ecf3e13d874fd06e6b57d53d8d40

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Origin: https://pages.cylance.com

Response headers

Pragma: no-cache
Date: Thu, 15 Nov 2018 15:54:34 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 15 Nov 2018 09:54:34 -0600
Server: Apache
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: Keep-Alive
Content-Type: image/gif
Keep-Alive: timeout=5, max=100
Content-Length: 43
Expires: -1

GET
S 200 /
www.google.com/pagead/1p-user-list/858415995/ 42 B
121 B 33ms
33ms Image
image/gif 2a00:1450:4001:81a::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/858415995/?random=1542297273561&cv=9&fst=1542294000000&num=1&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&tiba=Cylance%20%7C%20The%20White%20Company%3A%20Operation%20Shaheen%2C%20Inside%20a%20New%20Threat%20Actor%E2%80%99s%20Espionage%20Campaign&fmt=3&crd=CITQGw&cdct=2&is_vtc=1&random=3808013046&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81a::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Nov 2018 15:54:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 /
www.google.de/pagead/1p-user-list/858415995/ 42 B
110 B 22ms
21ms Image
image/gif 2a00:1450:4001:81b::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/858415995/?random=1542297273561&cv=9&fst=1542294000000&num=1&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&tiba=Cylance%20%7C%20The%20White%20Company%3A%20Operation%20Shaheen%2C%20Inside%20a%20New%20Threat%20Actor%E2%80%99s%20Espionage%20Campaign&fmt=3&crd=CITQGw&cdct=2&is_vtc=1&random=3808013046&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81b::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Nov 2018 15:54:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 collect
www.google-analytics.com/ 35 B
121 B 5ms
5ms Image
image/gif 2a00:1450:4001:81a::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j72&a=393561664&t=pageview&_s=1&dl=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&ul=en-us&de=UTF-8&dt=Cylance%20%7C%20The%20White%20Company%3A%20Operation%20Shaheen%2C%20Inside%20a%20New%20Threat%20Actor%E2%80%99s%20Espionage%20Campaign&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEAB~&jid=720897502&gjid=1678580893&cid=1286300084.1542297274&uid=false&tid=UA-33464378-1&_gid=1952400569.1542297274&gtm=2wgbc0PHJ5JMV&z=583729239

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81a::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Nov 2018 01:29:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 51903
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
S

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j72&tid=UA-33464378-1&cid=1286300084.1542297274&jid=720897502&uid=false&gjid=1678580893&_gid=1952400569.1542297274&_u=YGBAgEAB~&z=10...
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1286300084.1542297274&jid=720897502&_v=j72&z=1038214340
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1286300084.1542297274&jid=720897502&_v=j72&z=1038214340&slf_rd=1&random=869409409

42 B
110 B

16ms
16ms

Image
image/gif

2a00:1450:4001:81b::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1286300084.1542297274&jid=720897502&_v=j72&z=1038214340&slf_rd=1&random=869409409

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81b::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Nov 2018 15:54:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 15 Nov 2018 15:54:33 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1286300084.1542297274&jid=720897502&_v=j72&z=1038214340&slf_rd=1&random=869409409
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/858415995/ 2 KB
1 KB 46ms
45ms Script
text/javascript 2a00:1450:4001:821::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858415995/?random=1542297273655&cv=9&fst=1542297273655&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgbc0&sendb=1&frm=0&url=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&tiba=Cylance%20%7C%20The%20White%20Company%3A%20Operation%20Shaheen%2C%20Inside%20a%20New%20Threat%20Actor%E2%80%99s%20Espionage%20Campaign&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:821::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

54ce1cf93caed6200dc035fcf3bb62cfb78615d5356c16c3c128ba1b20fab791

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Nov 2018 15:54:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1077
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 6e7b478b.min.js Show response
tag.demandbase.com/ 55 KB
15 KB 57ms
10ms Script
application/javascript 13.32.223.209
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/6e7b478b.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/scripts/satellite-5b7327f664746d2cf3004660.js
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.32.223.209 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-32-223-209.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a740fc74ea7ed5a36035ebbf640b5677595bfb974cd40c92cfdc5fc57f23a6f4

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 08 Nov 2018 22:16:15 GMT
content-encoding: gzip
last-modified: Tue, 30 Oct 2018 15:24:14 GMT
server: AmazonS3
age: 1135
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: LpMY.LVrs8xF0wdBilUj2NSE4A8PyyBF
status: 200
cache-control: public, max-age=3600
content-type: application/javascript
x-amz-cf-id: wOQqxD9rg93fL1yuIS3kpZyEyaReNt1lW_gDiqegO0Isailwy-UTYA==
via: 1.1 c735fa223fb16fb135c387781f0fadf6.cloudfront.net (CloudFront)

GET
S 200 NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzY5abuWI.woff2
fonts.gstatic.com/s/titilliumweb/v6/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81a::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v6/NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzY5abuWI.woff2

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/js/forms2/js/forms2.min.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81a::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

d16b62e9833a9777233cdc8b707d56dc5fe4d50f1999fa677155a6a9ec504b64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Titillium+Web:400,300,600,700,200
Origin: https://pages.cylance.com

Response headers

date: Wed, 14 Nov 2018 12:54:13 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 18:26:23 GMT
server: sffe
age: 97220
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 11612
x-xss-protection: 1; mode=block
expires: Thu, 14 Nov 2019 12:54:13 GMT

GET
S 204 0
bat.bing.com/action/ 0
160 B 31ms
30ms Image
text/plain 204.79.197.200
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5637515&Ver=2&mid=d20f308b-07e4-036c-10d5-fa403060955f&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Cylance%20%7C%20The%20White%20Company%3A%20Operation%20Shaheen,%20Inside%20a%20New%20Threat%20Actor%E2%80%99s%20Espionage%20Campaign&p=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&r=&lt=1818&evt=pageLoad&msclkid=N&rn=352686
Requested by: Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.79.197.200 Redmond, United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS: a-0001.a-msedge.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Thu, 15 Nov 2018 15:54:33 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: D732E6EEA3324FA6BB54FB2A753AC9BC Ref B: FRAEDGE0207 Ref C: 2018-11-15T15:54:33Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 /
www.google.com/pagead/1p-user-list/858415995/ 42 B
121 B 33ms
33ms Image
image/gif 2a00:1450:4001:81a::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/858415995/?random=1542297273655&cv=9&fst=1542294000000&num=1&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgbc0&sendb=1&frm=0&url=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&tiba=Cylance%20%7C%20The%20White%20Company%3A%20Operation%20Shaheen%2C%20Inside%20a%20New%20Threat%20Actor%E2%80%99s%20Espionage%20Campaign&async=1&fmt=3&crd=CITQGw&cdct=2&is_vtc=1&random=2792858432&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81a::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Nov 2018 15:54:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 /
www.google.de/pagead/1p-user-list/858415995/ 42 B
110 B 23ms
23ms Image
image/gif 2a00:1450:4001:81b::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/858415995/?random=1542297273655&cv=9&fst=1542294000000&num=1&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgbc0&sendb=1&frm=0&url=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&tiba=Cylance%20%7C%20The%20White%20Company%3A%20Operation%20Shaheen%2C%20Inside%20a%20New%20Threat%20Actor%E2%80%99s%20Espionage%20Campaign&async=1&fmt=3&crd=CITQGw&cdct=2&is_vtc=1&random=2792858432&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81b::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Nov 2018 15:54:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ip.json Show response
api.company-target.com/api/v2/ 1 KB
1 KB 97ms
55ms XHR
application/json 13.32.223.24
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&page_title=Cylance%20%7C%20The%20White%20Company%3A%20Operation%20Shaheen%2C%20Inside%20a%20New%20Threat%20Actor%E2%80%99s%20Espionage%20Campaign&key=7535516323dadf7e3d35f603eaad6491&src=tag
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/6e7b478b.min.js
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.32.223.24 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-32-223-24.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: 4244bc2d0bb4995595a948b723783239fbb0dc0dcb13d7d4777df0f7f022ede6

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Origin: https://pages.cylance.com

Response headers

date: Thu, 15 Nov 2018 15:54:33 GMT
content-encoding: gzip
access-control-allow-origin: https://pages.cylance.com
x-cache: Miss from cloudfront
status: 200
access-control-max-age: 1728000
request-id: d59be410-5ffe-456f-ac27-dd458b52acbc
content-length: 582
pragma: no-cache
server: nginx
vary: Accept-Encoding, Origin
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 df874ca0e51df630ccc49eab9f1f7fb3.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: icZkl4fKfJ-2p5_sPWmKY2bmfQtuDKorYos219XjEF172gDPXEz0sg==
expires: Wed, 14 Nov 2018 15:54:33 GMT

GET
S

200

pixel
d.company-target.com/ul_cb/
Redirect Chain

https://d.company-target.com/pixel?type=js&id=15320325252509&page=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC
https://d.company-target.com/ul_cb/pixel?type=js&id=15320325252509&page=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N...

302 B
302 B

20ms
19ms

Image
text/javascript

35.190.27.37
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.company-target.com/ul_cb/pixel?type=js&id=15320325252509&page=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC
Requested by: Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.190.27.37 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 37.27.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 15 Nov 2018 15:54:33 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript; charset=UTF-8
alt-svc: clear
content-length: 302

Redirect headers

date: Thu, 15 Nov 2018 15:54:33 GMT
via: 1.1 google
status: 302
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://d.company-target.com/ul_cb/pixel?type=js&id=15320325252509&page=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC
cache-control: no-cache, no-store, must-revalidate
alt-svc: clear
content-length: 0

GET
S

200

pixel
d.company-target.com/ul_cb/
Redirect Chain

https://d.company-target.com/pixel?type=js&id=15320325254068&page=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC
https://d.company-target.com/ul_cb/pixel?type=js&id=15320325254068&page=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N...

302 B
302 B

23ms
23ms

Image
text/javascript

35.190.27.37
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.company-target.com/ul_cb/pixel?type=js&id=15320325254068&page=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC
Requested by: Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.190.27.37 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 37.27.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 15 Nov 2018 15:54:33 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript; charset=UTF-8
alt-svc: clear
content-length: 302

Redirect headers

date: Thu, 15 Nov 2018 15:54:33 GMT
via: 1.1 google
status: 302
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://d.company-target.com/ul_cb/pixel?type=js&id=15320325254068&page=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC
cache-control: no-cache, no-store, must-revalidate
alt-svc: clear
content-length: 0

GET
H/1.1

200
OK

log
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AAM750632y0AACxhP-iG_g

26 B
483 B

145ms
97ms

Image
image/gif

13.32.223.164
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/log?vendor=choca&user_id=AAM750632y0AACxhP-iG_g
Requested by: Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.32.223.164 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-32-223-164.fra56.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 15 Nov 2018 15:54:34 GMT
Via: 1.1 94d63cbf92082237b86267ffd4cacc64.cloudfront.net (CloudFront)
Connection: keep-alive
Content-Length: 26
X-Amz-Cf-Id: Xmbf5akbXedyXvADWpIIgSUSSLOJeV26zrDoN1DfrkrlvewOWvRDew==
X-Cache: Miss from cloudfront
Content-Type: image/gif

Redirect headers

location: https://segments.company-target.com/log?vendor=choca&user_id=AAM750632y0AACxhP-iG_g
Date: Thu, 15 Nov 2018 15:54:33 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
S 204 464526.gif
id.rlcdn.com/ 0
35 B 333ms
109ms Image
text/plain 54.164.163.128
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/464526.gif
Requested by: Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.164.163.128 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-164-163-128.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 204
date: Thu, 15 Nov 2018 15:54:34 GMT

GET
H/1.1 200
OK jquery.min.js Show response
rtp-static.marketo.com/rtp/libs/jquery/1.8.3/ 91 KB
33 KB 61ms
14ms Script
application/x-javascript 104.111.239.158
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://rtp-static.marketo.com/rtp/libs/jquery/1.8.3/jquery.min.js
Requested by: Host: sjrtp3-cdn.marketo.com
URL: https://sjrtp3-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cylance
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.239.158 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-239-158.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 15 Nov 2018 15:54:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Sep 2015 11:20:15 GMT
Server: Apache
ETag: "3576a6e73c9dccdbbc4a2cf8ff544ad7:1441624815"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 33467

GET
H/1.1 200
OK jquery-ui-insightera-custom-1.9.6.css
rtp-static.marketo.com/rtp/libs/ 22 KB
4 KB 50ms
7ms Stylesheet
text/css 104.111.239.158
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://rtp-static.marketo.com/rtp/libs/jquery-ui-insightera-custom-1.9.6.css
Requested by: Host: sjrtp3-cdn.marketo.com
URL: https://sjrtp3-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cylance
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.239.158 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-239-158.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 339b2b60e94b6dc169fd9e5b68ac16b1ca08ef6a4968e98a0f43c2add405e79a

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 15 Nov 2018 15:54:33 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Nov 2017 08:57:42 GMT
Server: Apache
ETag: "7f5b0bee9b1f7af8413b351cbceca223:1510045062"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/css
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 3752

GET
H/1.1 200
OK trw Show response
sjrtp3.marketo.com/gw1/ 0
435 B 614ms
150ms Script
application/x-javascript 192.28.146.84
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL

https://sjrtp3.marketo.com/gw1/trw?aid=cylance&trwv.uid=cylance-1542297273833-b78b411f&trwv.vc=1&trwsa.sid=cylance-1542297273833-2d6387a7&trwsb.cpv=1&ctzo=-00:00&uri=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&ma=id%3A524-DOM-989%26token%3A_mch-cylance.com-1542297273621-88159&pm=&viewedTypes=&rts=1542297273835

Requested by

Host: sjrtp3-cdn.marketo.com
URL: https://sjrtp3-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cylance

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.28.146.84 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US),

Reverse DNS

Software

Jetty(7.3.1.v20110307) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 15 Nov 2018 15:54:34 GMT
Cache-Control: no-cache
Server: Jetty(7.3.1.v20110307)
Connection: close
Content-Length: 0
Strict-Transport-Security: max-age=63113904
Content-Type: application/x-javascript; charset=UTF-8

GET
H/1.1 200
OK ga-integration-2.0.2.js Show response
rtp-static.marketo.com/rtp/libs/ 15 KB
5 KB 15ms
14ms Script
application/x-javascript 104.111.239.158
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.2.js
Requested by: Host: sjrtp3-cdn.marketo.com
URL: https://sjrtp3-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cylance
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.239.158 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-239-158.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7fb58f6c6c2c3b61909e3b4bb9e199d95d5e2a4e39b58f25d1a9894971ed16b9

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 15 Nov 2018 15:54:33 GMT
Content-Encoding: gzip
Last-Modified: Tue, 03 Jul 2018 13:42:27 GMT
Server: Apache
ETag: "52b7a5deba12e7e1147fcebaa9fd9691:1530625347"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 4977

GET
H/1.1 200
OK msg Show response
sjrtp3.marketo.com/gw1/ 0
494 B 636ms
156ms Script
text/javascript 192.28.146.84
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL

https://sjrtp3.marketo.com/gw1/msg?a=2&sid=cylance-1542297273833-2d6387a7&aid=cylance&ma=id%3A524-DOM-989%26token%3A_mch-cylance.com-1542297273621-88159&viewedTypes=&0.7296984123215122&rts=1542297273891

Requested by

Host: sjrtp3-cdn.marketo.com
URL: https://sjrtp3-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cylance

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.28.146.84 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US),

Reverse DNS

Software

Jetty(7.3.1.v20110307) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 15 Nov 2018 15:54:34 GMT
Content-Encoding: gzip
Server: Jetty(7.3.1.v20110307)
Transfer-Encoding: chunked
Connection: close
Content-Type: text/javascript; charset=UTF-8
Cache-Control: no-cache
Strict-Transport-Security: max-age=63113904

GET
H/1.1 200
OK jquery-custom-ui.min.js Show response
rtp-static.marketo.com/rtp/libs/jqueryui/1.9.2f/ 126 KB
35 KB 27ms
26ms Script
application/x-javascript 104.111.239.158
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://rtp-static.marketo.com/rtp/libs/jqueryui/1.9.2f/jquery-custom-ui.min.js
Requested by: Host: sjrtp3-cdn.marketo.com
URL: https://sjrtp3-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cylance
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.239.158 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-239-158.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 35f273e01e70db780ae423347dffecfc27cc348ba4abbd6099331559a7c5cd31

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 15 Nov 2018 15:54:33 GMT
Content-Encoding: gzip
Last-Modified: Tue, 09 Jan 2018 12:54:21 GMT
Server: Apache
ETag: "5a9f8dd85d85afd20544bd437a505338:1515502461"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Access-Control-Allow-Credentials: false
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 35484

GET
H/1.1

200
OK

tracking.png
tracking.leadlander.com/
Redirect Chain

https://tracking.leadlander.com/api/tracking?accountId=24130&page=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC...
https://tracking.leadlander.com/tracking.png

68 B
347 B

107ms
106ms

Image
image/png

18.235.27.179
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tracking.leadlander.com/tracking.png

Requested by

Host: pages.cylance.com
URL: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.235.27.179 Cambridge, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-18-235-27-179.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 15 Nov 2018 15:54:34 GMT
Last-Modified: Wed, 26 Sep 2018 16:48:51 GMT
Server: Kestrel
ETag: "1d455b8cd761bc4"
Strict-Transport-Security: max-age=2592000
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Location: /tracking.png
Date: Thu, 15 Nov 2018 15:54:34 GMT
Server: Kestrel
Connection: keep-alive
Content-Length: 0
Strict-Transport-Security: max-age=2592000

GET
H/1.1 200
OK marketo-listener.css
www.cylance.com/content/dam/cylance-web/global/scripts/ 21 KB
5 KB 171ms
171ms Stylesheet
text/css 52.40.44.5
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cylance.com/content/dam/cylance-web/global/scripts/marketo-listener.css

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PHJ5JMV

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.40.44.5 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-52-40-44-5.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

ccd7e62517f5e5cd74ab37871fd364a43900a183ab10b0db77e44ab13adb5533

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.cylance.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Cookie: check=true; mbox=session#9d2d9c84a60842279ea3a8d10fde14df#1542299133|PC#9d2d9c84a60842279ea3a8d10fde14df.26_31#1605542073; querystring=sfc%3D70144000001N29gAAC; lastvisited=lastvisited; _gcl_au=1.1.57801018.1542297273; s_fid=1E7C3279C86FE2F1-384E673DA9C9AE4E; s_lv_s=First%20Visit; s_vnum=1573833273549%26vn%3D1; s_invisit=true; s_cc=true; calltrk_referrer=direct; calltrk_landing=https%3A//pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC; s_lv=1542297273599; s_nr=1542297273599-New; calltrk_session_id=8a4e0383-2cd9-4d56-88e7-4f63e06bf1a7; _mkto_trk=id:524-DOM-989&token:_mch-cylance.com-1542297273621-88159; _ga=GA1.2.1286300084.1542297274; _gid=GA1.2.1952400569.1542297274; _dc_gtm_UA-33464378-1=1; trwv.uid=cylance-1542297273833-b78b411f%3A1; trwsa.sid=cylance-1542297273833-2d6387a7%3A1; AWSELB=4D0BDD9F0A163D48ECFEF400CB706ACF82CD0195C8D5AF0B639C0FF52381F196F79B59DABDA4381BCD335FA13A79BACAFDE223CF13FD25873C7A2BC0E5C1F5ABCE7C0F7EBB
Connection: keep-alive
Cache-Control: no-cache
Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 15 Nov 2018 15:54:34 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Nov 2018 02:14:23 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "53e3-57a31e8e71dc0-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/css
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Accept-Ranges: bytes
Content-Length: 4631
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK msg Show response
sjrtp3.marketo.com/gw1/ 0
494 B 563ms
157ms Script
text/javascript 192.28.146.84
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: sjrtp3-cdn.marketo.com
URL: https://sjrtp3-cdn.marketo.com/rtp-api/v1/rtp.js?aid=cylance

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.28.146.84 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US),

Reverse DNS

Software

Jetty(7.3.1.v20110307) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 15 Nov 2018 15:54:34 GMT
Content-Encoding: gzip
Server: Jetty(7.3.1.v20110307)
Transfer-Encoding: chunked
Connection: close
Content-Type: text/javascript; charset=UTF-8
Cache-Control: no-cache
Strict-Transport-Security: max-age=63113904

GET
S

200

shim.ea95c45c.js Show response
js.intercomcdn.com/
Redirect Chain

https://widget.intercom.io/widget/mzsa2nhj
https://js.intercomcdn.com/shim.ea95c45c.js

3 KB
2 KB

57ms
6ms

Script
application/javascript

13.32.223.168
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/shim.ea95c45c.js
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.32.223.168 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-32-223-168.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 83ee853db3f0603ddc6e56e8d56726a9115d99712c9de2c79eb7f156cb537740

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Thu, 15 Nov 2018 15:46:13 GMT
content-encoding: gzip
last-modified: Thu, 15 Nov 2018 15:46:12 GMT
server: AmazonS3
age: 503
etag: "e0d3cf83316c5428a4f4adde68897e5f"
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=604800, s-maxage=7200, public
accept-ranges: bytes
content-length: 1308
via: 1.1 ad5f86bd8cf229b8836b7c71c182bcd2.cloudfront.net (CloudFront)
x-amz-cf-id: Jf6oiL8DK1hsi4vQcu3Dtv5LFi98cO2XibNOlnxobxAYmCFkFhr3qA==

Redirect headers

date: Thu, 15 Nov 2018 15:53:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39
x-cache: Hit from cloudfront
status: 302, 302 Found
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-request-id: 004a6pt8ou5hg1k84i10
x-runtime: 0.005985
location: https://js.intercomcdn.com/shim.ea95c45c.js
server: nginx
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31557600; includeSubDomains; preload
content-type: text/html; charset=utf-8
via: 1.1 df874ca0e51df630ccc49eab9f1f7fb3.cloudfront.net (CloudFront)
x-intercom-version: 26d7032fa7e0b25bae522ddb2bf2cce6fedd72a7
cache-control: no-cache
x-amz-cf-id: OvXRODZrUwJQr2gRAyCtsVKKOApcaJChjppAliXxf7kbxAkXqybttw==

GET
H/1.1

204
No Content

anpx
dpx.airpr.com/
Redirect Chain

https://dpx.airpr.com/px?hostname=pages.cylance.com&profile=485573&ga_account_id=UA-33464378-1&ga_account_type=UA&ga_c=1286300084.1542297274&an=true
https://secure.adnxs.com/getuid?https://dpx.airpr.com/anpx?adnxs_uid=$UID&airpr_id=831424417
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdpx.airpr.com%2Fanpx%3Fadnxs_uid%3D%24UID%26airpr_id%3D831424417
https://dpx.airpr.com/anpx?adnxs_uid=4915178563911367021&airpr_id=831424417

0
171 B

9ms
9ms

Image
image/gif

18.196.229.250
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dpx.airpr.com/anpx?adnxs_uid=4915178563911367021&airpr_id=831424417
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.229.250 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-196-229-250.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 15 Nov 2018 15:56:41 GMT
Cache-Control: private
Server: nginx
Connection: keep-alive
Content-Length: 0
Content-Type: image/gif

Redirect headers

Pragma: no-cache
Date: Thu, 15 Nov 2018 15:54:37 GMT
X-Proxy-Origin: 148.251.45.254; 148.251.45.254; 311.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.71:80
AN-X-Request-Uuid: f4b00a2d-b8e2-4d4f-a8b0-069b76176842
Server: nginx/1.13.4
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://dpx.airpr.com/anpx?adnxs_uid=4915178563911367021&airpr_id=831424417
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK visitor Show response
sjrtp3.marketo.com/gw1/rtp/api/v1_1/ 203 B
866 B 617ms
151ms XHR
application/json 192.28.146.84
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL

https://sjrtp3.marketo.com/gw1/rtp/api/v1_1/visitor?sid=cylance-1542297273833-2d6387a7&aid=cylance&1542297275037

Requested by

Host: rtp-static.marketo.com
URL: https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.28.146.84 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US),

Reverse DNS

Software

Jetty(7.3.1.v20110307) /

Resource Hash

b3be4bf3061aacb1f84a41c6b202ff7f1c55f12c9aa05a22593e75fb35d07281

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Origin: https://pages.cylance.com

Response headers

Pragma: no-cache
Date: Thu, 15 Nov 2018 15:54:35 GMT
Content-Encoding: gzip
Last-Modified: Thu Nov 15 09:54:35 CST 2018
Server: Jetty(7.3.1.v20110307)
Strict-Transport-Security: max-age=63113904
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: https://pages.cylance.com
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Transfer-Encoding: chunked
Connection: close
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sgm Show response
sjrtp3.marketo.com/gw1/ga/ 48 B
500 B 638ms
157ms XHR
text/json 192.28.146.84
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL

https://sjrtp3.marketo.com/gw1/ga/sgm?sid=cylance-1542297273833-2d6387a7&1542297275038

Requested by

Host: rtp-static.marketo.com
URL: https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.28.146.84 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US),

Reverse DNS

Software

Jetty(7.3.1.v20110307) /

Resource Hash

25b4e974dc91d718d1b66bf120388c20da6dfd3a886ec8401af1c269dd169a44

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Origin: https://pages.cylance.com

Response headers

Date: Thu, 15 Nov 2018 15:54:35 GMT
Server: Jetty(7.3.1.v20110307)
Strict-Transport-Security: max-age=63113904
Content-Type: text/json;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: close
Content-Length: 48

GET
S

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j72&a=393561664&t=event&ni=1&_s=1&dl=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-33464378-1&cid=1286300084.1542297274&jid=1898274596&_gid=1952400569.1542297274&gjid=634778623&_v=j72&z=1431337937
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1286300084.1542297274&jid=1898274596&_v=j72&z=1431337937
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1286300084.1542297274&jid=1898274596&_v=j72&z=1431337937&slf_rd=1&random=2592879600

42 B
110 B

16ms
15ms

Image
image/gif

2a00:1450:4001:81b::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1286300084.1542297274&jid=1898274596&_v=j72&z=1431337937&slf_rd=1&random=2592879600

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81b::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Nov 2018 15:54:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 15 Nov 2018 15:54:35 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1286300084.1542297274&jid=1898274596&_v=j72&z=1431337937&slf_rd=1&random=2592879600
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 32 KB
11 KB 41ms
7ms Script
text/javascript 2.18.233.40
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/89485d8d1f8f0b52e4a1521906d3ee75ee659697/scripts/satellite-58b05e0664746d452c004b17.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 76d7d342cd49267d8c624a82b7f8447143c79885c0045452e1c99019a78db7df

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id: D_ppkRbRcIT4U4fOaOFgqx4YgB0fkJnq
Content-Encoding: gzip
ETag: "6749a4b78590c05253d8d4e33fe4a353"
x-amz-request-id: 5BE025CAD2B170AA
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 10325
x-amz-id-2: rIfp5chrsp6vpwXhC9IXGaeNbym3Knz9kwUrHZNmVHYIPs9RvU/sP3tTtnL1kVWkwxQn80QOuj0=
Last-Modified: Tue, 30 Oct 2018 18:43:06 GMT
Server: AmazonS3
Date: Thu, 15 Nov 2018 15:54:35 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK OU3SUNRJWBHPTCY5X23OHE Show response
d.adroll.com/consent/check/ 40 B
200 B 135ms
28ms Script
application/javascript 54.228.180.155
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/OU3SUNRJWBHPTCY5X23OHE?_s=1672f2c3104a5b19eebce38b9591bc80
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.228.180.155 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-228-180-155.eu-west-1.compute.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: 867bd168728faba904fe15de941932d1d7537130b0edb918970901435cf39929

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 15 Nov 2018 15:54:35 GMT
Server: nginx/1.12.1
Connection: keep-alive
Content-Length: 40
Content-Type: application/javascript

GET
S 200 frame.dd8d8484.js Show response
js.intercomcdn.com/ Frame 54D1 2 MB
552 KB 8ms
7ms Script
application/javascript 13.32.223.168
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://js.intercomcdn.com/frame.dd8d8484.js
Requested by: Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/shim.ea95c45c.js
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.32.223.168 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-32-223-168.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1909d554e59d8a77609b01533be42f6c5525ce74f7bba0902f962f3f5e93b849

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Thu, 15 Nov 2018 15:46:13 GMT
content-encoding: gzip
last-modified: Thu, 15 Nov 2018 15:46:12 GMT
server: AmazonS3
age: 503
etag: "aae02113b84a284f5844c79e598dd97e"
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=604800, s-maxage=7200, public
accept-ranges: bytes
content-length: 564646
via: 1.1 ad5f86bd8cf229b8836b7c71c182bcd2.cloudfront.net (CloudFront)
x-amz-cf-id: _BaZzviOOzvbzACy8cUAl6Q93VoiZNIQxfI9owJjRuS0IZP8A5C12Q==

POST
S 403 ping Show response
api-iam.intercom.io/messenger/web/ Frame 54D1 170 B
872 B 174ms
133ms XHR
application/json 13.32.223.210
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://api-iam.intercom.io/messenger/web/ping

Requested by

Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame.dd8d8484.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.32.223.210 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-13-32-223-210.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

ce4f4b70002ff090e1d722734f5a3f0c2c668d66cf5c5bf3b10b493f3aa743ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Origin: https://pages.cylance.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 15 Nov 2018 15:54:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
access-control-allow-origin: https://pages.cylance.com
x-cache: Error from cloudfront
status: 403, 403 Forbidden
strict-transport-security: max-age=31557600; includeSubDomains; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-request-id: 000354k6q4cenuk6g6ug
x-runtime: 0.035998
server: nginx
x-frame-options: SAMEORIGIN
x-ratelimit-remaining: 1998
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json; charset=utf-8
via: 1.1 c735fa223fb16fb135c387781f0fadf6.cloudfront.net (CloudFront)
x-intercom-version: 26d7032fa7e0b25bae522ddb2bf2cce6fedd72a7
cache-control: no-cache
access-control-allow-credentials: true
x-ratelimit-reset: 1542297300
x-ratelimit-limit: 2000
access-control-allow-headers: Content-Type
x-amz-cf-id: ViCM9p3LzZSo4e2jnqYHGBON-ICI6EL8mmSg8Ge8-_xRG6DyMu12fQ==

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/exp/OU3SUNRJWBHPTCY5X23OHE/ 37 B
689 B 11ms
10ms Script
application/javascript 2.18.233.40
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/OU3SUNRJWBHPTCY5X23OHE/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 2fb574e7bb951deb621f32ec4a6d95faa84d74218fdfaf60f77333c5c106b185

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id: ECGUiYc5_ZIXSKm52NsA6TPMPhtHk5f4
ETag: "3e831ba8e3905ef1055f66e223ec3042"
x-amz-request-id: 240A6FCC6DA5030D
x-amz-server-side-encryption: AES256
Connection: keep-alive
Content-Length: 37
x-amz-id-2: 8gD6F/GPH3PtEiZdzoijWQpe/+eLBGqiCnFXqEVPYweE+k2Qo0fVoAemB9i1tfh/YTJ3fgY3D80=
Last-Modified: Wed, 14 Nov 2018 18:36:29 GMT
Server: AmazonS3
Date: Thu, 15 Nov 2018 15:54:35 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
S 200 c.min.js Show response
pixel.cdnwidget.com/cdn/ 76 KB
24 KB 66ms
7ms Script
text/javascript 35.190.9.26
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.cdnwidget.com/cdn/c.min.js?data-gdis=1&data-apikey=afaa2674&id=c.js&data-adcb=adroll_callback_adcb
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.190.9.26 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 26.9.190.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 5bca66beac5365d7a5e9a883b7b9d4dd177cb7a780ff90bfeee22a6c9d057cbc

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 14 Nov 2018 22:00:04 GMT
content-encoding: gzip
age: 64471
x-guploader-uploadid: AEnB2UrtAPLTRXMHuPBZb86TRTDcRYdxXoiMndjqviI8XEA5BE-4k0llF6rTcIiI26RodoFJ8h8WvKqrECt2m6wJYQTjIvfMbw
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 24538
last-modified: Tue, 13 Nov 2018 19:20:37 GMT
server: UploadServer
etag: "adfb282568c28b17fae1e3a441815fa0"
x-goog-hash: crc32c=n0pA4w==, md5=rfsoJWjCixf64eOkQYFfoA==
x-goog-generation: 1542136837581510
cache-control: public,max-age=86400,no-transform
x-goog-stored-content-length: 24538
accept-ranges: bytes
content-type: text/javascript; charset=utf-8
expires: Thu, 15 Nov 2018 22:00:04 GMT

GET
H/1.1 200
OK / Show response
data.cdnbasket.net/ 57 B
382 B 471ms
107ms XHR
application/json 130.211.39.131
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://data.cdnbasket.net/
Requested by: Host: pixel.cdnwidget.com
URL: https://pixel.cdnwidget.com/cdn/c.min.js?data-gdis=1&data-apikey=afaa2674&id=c.js&data-adcb=adroll_callback_adcb
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 130.211.39.131 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 131.39.211.130.bc.googleusercontent.com
Software: /
Resource Hash: ade966c3d2ebbd7ea20bdfebde3f521aa0bbbbd7e042fc69e74a5940a7c0cc66

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Origin: https://pages.cylance.com

Response headers

Pragma: no-cache
Date: Thu, 15 Nov 2018 15:54:36 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H/1.1 200
OK / Show response
page.cdnbasket.net/ 100 B
425 B 571ms
237ms XHR
application/json 35.201.94.92
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://page.cdnbasket.net/
Requested by: Host: pixel.cdnwidget.com
URL: https://pixel.cdnwidget.com/cdn/c.min.js?data-gdis=1&data-apikey=afaa2674&id=c.js&data-adcb=adroll_callback_adcb
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.201.94.92 Ann Arbor, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 92.94.201.35.bc.googleusercontent.com
Software: /
Resource Hash: 8290237df3b8108c6fa408c82e41dcc2e4c9613346cbe7b2abe0f52f4a4375b9

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Origin: https://pages.cylance.com

Response headers

Pragma: no-cache
Date: Thu, 15 Nov 2018 15:54:36 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H/1.1 200
OK / Show response
view.cdnbasket.net/ 100 B
425 B 570ms
238ms XHR
application/json 35.227.215.104
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://view.cdnbasket.net/
Requested by: Host: pixel.cdnwidget.com
URL: https://pixel.cdnwidget.com/cdn/c.min.js?data-gdis=1&data-apikey=afaa2674&id=c.js&data-adcb=adroll_callback_adcb
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.227.215.104 Ann Arbor, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 104.215.227.35.bc.googleusercontent.com
Software: /
Resource Hash: dbbec61d403dc9e2f8fa4a849d04b2fa94e1576f3f6c59820846f612cf52aad0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Origin: https://pages.cylance.com

Response headers

Pragma: no-cache
Date: Thu, 15 Nov 2018 15:54:36 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
S 200 c Show response
ids.cdnwidget.com/ 37 B
179 B 138ms
105ms XHR
application/json 130.211.47.17
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ids.cdnwidget.com/c?cookieID=&deviceID=&iv=&v=&GCH1=fc14fd574ab0484fa9b759e0ef086212&SCH1=&GCS1=124113075&GCS2=MTQ4LjI1MS40NS4xNzAsMmEwMTo0Zjg6MjAyOmE5Ojoy&pe=false&log=%7B%22config%22%3A%7B%22gmEN%22%3Afalse%2C%22pixEN%22%3Afalse%2C%22graphEN%22%3Afalse%7D%2C%22apikey%22%3A%22afaa2674%22%2C%22cjsversion%22%3A%221.5.7%22%2C%22loadID%22%3A%22Ekh1FULASBcKrDA%22%2C%22timing%22%3A%7B%22sessionStorageLoad%22%3A5%2C%22IDStageStart%22%3A5%2C%22netComplete%22%3A153%2C%22obsReq0%22%3A481%2C%22obsReq2%22%3A587%2C%22obsReq1%22%3A587%2C%22IDStagePrefire%22%3A588%7D%2C%22matches%22%3A%7B%22cookie%22%3Afalse%2C%22LS%22%3Afalse%7D%2C%22info%22%3A%7B%22isSpoofed%22%3Atrue%2C%22PM%22%3Afalse%2C%22DNT%22%3Afalse%2C%22deviceTimezone%22%3A0%2C%22extensionID%22%3Anull%2C%22externalID%22%3Anull%7D%7D
Requested by: Host: pixel.cdnwidget.com
URL: https://pixel.cdnwidget.com/cdn/c.min.js?data-gdis=1&data-apikey=afaa2674&id=c.js&data-adcb=adroll_callback_adcb
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 130.211.47.17 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 17.47.211.130.bc.googleusercontent.com
Software: /
Resource Hash: 33207c82efa045da3fbae51ad279020135b038e8a581fa89b34dd9faada6fb62

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
Origin: https://pages.cylance.com

Response headers

status: 200
date: Thu, 15 Nov 2018 15:54:36 GMT
via: 1.1 google
access-control-allow-credentials: true
access-control-allow-origin: https://pages.cylance.com
alt-svc: clear
content-type: application/json

GET
S 204 cjs-logger
e.cdnwidget.com/ 0
50 B 183ms
160ms Image
image/png 130.211.47.17
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.cdnwidget.com/cjs-logger?source=ID%20generation%20error&severity=Warning&error=Not%20Allowed%20on%20EU%20traffic&cookieID=&deviceID=&BXWID=&warpspeed=afaa2674&loadID=Ekh1FULASBcKrDA&version=1.5.7
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 130.211.47.17 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 17.47.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 204
date: Thu, 15 Nov 2018 15:54:36 GMT
via: 1.1 google
alt-svc: clear
content-type: image/png

GET
H/1.1

200
OK

TB32AEMU6FEXRAAS24S2GJ.js Show response
s.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/
Redirect Chain

https://d.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB?adroll_fpc=d36b3de77e992f962ef0f419e7ae7b43&pv=34340866717.53336&cookie=&adroll_s_ref=&keyw=&arrfrr=https%3A%2F%2Fpages.cyla...
https://s.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/TB32AEMU6FEXRAAS24S2GJ.js

7 KB
3 KB

36ms
35ms

Script
text/javascript

2.18.233.40
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/TB32AEMU6FEXRAAS24S2GJ.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 40366624a30087f42df986e79b53157a6bf76b1483c05c0890d034b03aae8e96

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id: VBm6q7Bo_fnHrUf.bP5Kvst7ZMIBUtdK
Content-Encoding: gzip
ETag: "d90c54aa014b772254b48d5154faef58"
x-amz-request-id: 4D0E3C3350C7034E
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 1919
x-amz-id-2: W++5wcse6Hyc4TW8gIegk6S8SKt7PDn+Z75Af/iCvtjRVmpxcaGZbInVli7E1LkipfNiKNyIXNE=
Last-Modified: Thu, 15 Nov 2018 15:49:52 GMT
Server: AmazonS3
Date: Thu, 15 Nov 2018 15:54:36 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Thu, 15 Nov 2018 15:54:36 GMT
X-Segment-Display-Name
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Connection: keep-alive
Content-Length: 0
Pragma: no-cache
X-Conversion-Value: 0.0
Server: nginx/1.12.1
X-Rule: *
X-Segment-Eid: TB32AEMU6FEXRAAS24S2GJ
Location: https://s.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/TB32AEMU6FEXRAAS24S2GJ.js
Cache-Control: no-store, no-cache, must-revalidate
X-Pixel-Eid: JFQUMKJ3NRFIFLRA5FOQKB
X-Segment-Name: *
X-Advertisable-Eid: OU3SUNRJWBHPTCY5X23OHE
X-Conversion-Currency

GET
S 200 fbevents.js Show response
connect.facebook.net/en_US/ 51 KB
15 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: s.adroll.com
URL: https://s.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/TB32AEMU6FEXRAAS24S2GJ.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

81b3511c035def5eb9622b30e2abeb52c5a0e276355cfe7b74c28ee0afbf4472

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: public
x-fb-debug: txDCelvROtYr3ArlG+jl1tpv2MvEXNJPgThLvRrf9eZCZHwruqmoluMy6sm29ZHxr0Cqqv2atv2AEd3f/33eDg==
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: DENY
date: Thu, 15 Nov 2018 15:54:36 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
vary: Accept-Encoding
content-length: 14862
x-xss-protection: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK sendrolling.js Show response
s.adroll.com/j/ 9 KB
3 KB 7ms
6ms Script
text/javascript 2.18.233.40
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/sendrolling.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/TB32AEMU6FEXRAAS24S2GJ.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 0e8d3647d7007583e9190b3fce74c540b9bf0421c2208996a127cc19622b08aa

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id: jGd3_YNgwFn30U9HVcyfO3kguCpH9d5o
Content-Encoding: gzip
ETag: "85b93291e89d9a13691b42e5716334ee"
x-amz-request-id: F728032D3BA51065
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 2039
x-amz-id-2: M6s8aat+ZEo9/uG+oq+4HV8xh4FLEFfk28LSMD3KTuaHnlNIAkHiFVgwJeyxET33jgKkFKtA974=
Last-Modified: Tue, 16 Oct 2018 17:27:45 GMT
Server: AmazonS3
Date: Thu, 15 Nov 2018 15:54:36 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
S

204

sync
pixel.advertising.com/ups/55980/
Redirect Chain

https://d.adroll.com/cm/aol/out?advertisable=OU3SUNRJWBHPTCY5X23OHE
https://pixel.advertising.com/ups/55980/sync?uid=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
https://pixel.advertising.com/ups/55980/sync?uid=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true

0
300 B

9ms
9ms

Image
text/plain

52.57.229.114
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.advertising.com/ups/55980/sync?uid=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.229.114 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-57-229-114.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 204
date: Thu, 15 Nov 2018 15:54:36 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status: 302
date: Thu, 15 Nov 2018 15:54:36 GMT
content-length: 0
location: https://pixel.advertising.com/ups/55980/sync?uid=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://d.adroll.com/cm/index/out?advertisable=OU3SUNRJWBHPTCY5X23OHE
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&expiration=1573833276
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&expiration=1573833276&C=1

43 B
1 KB

72ms
70ms

Image
image/gif

92.122.31.61
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&expiration=1573833276&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.122.31.61 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a92-122-31-61.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Nov 2018 15:54:36 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 15 Nov 2018 15:54:36 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 15 Nov 2018 15:54:36 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&expiration=1573833276&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 333
Expires: Thu, 15 Nov 2018 15:54:36 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://d.adroll.com/cm/n/out?advertisable=OU3SUNRJWBHPTCY5X23OHE
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&expires=365

42 B
371 B

89ms
20ms

Image
image/gif

213.19.162.80
The Rubicon Project

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&expires=365
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 213.19.162.80 , United Kingdom, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: Rubicon Project /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Nov 2018 15:54:36 GMT
Server: Rubicon Project
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
X-RPHost: aaps-ge8qIJJLGA9zEpARQ
Expires: 0

Redirect headers

Pragma: no-cache
Date: Thu, 15 Nov 2018 15:54:36 GMT
Server: nginx/1.12.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&expires=365
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 124

GET
S

200

pixel
sync.outbrain.com/adroll/
Redirect Chain

https://d.adroll.com/cm/outbrain/out?advertisable=OU3SUNRJWBHPTCY5X23OHE
https://sync.outbrain.com/adroll/pixel?user_id=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA

18 B
18 B

114ms
91ms

Image
text/plain

151.101.2.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.outbrain.com/adroll/pixel?user_id=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains;

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=0; includeSubDomains;
content-encoding: gzip
traffic-path: NYDC1, JFK, FRA, Europe1
x-timer: S1542297277.921065,VS0,VE86
date: Thu, 15 Nov 2018 15:54:37 GMT
x-served-by: cache-jfk8134-JFK, cache-fra19136-FRA
x-cache: MISS, MISS
status: 200
backend-ip: 104.156.90.34
accept-ranges: bytes, bytes
content-length: 44
via: 1.1 varnish, 1.1 varnish
x-cache-hits: 0, 0

Redirect headers

Pragma: no-cache
Date: Thu, 15 Nov 2018 15:54:36 GMT
Server: nginx/1.12.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://sync.outbrain.com/adroll/pixel?user_id=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 96

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/
Redirect Chain

https://d.adroll.com/cm/pubmatic/out?advertisable=OU3SUNRJWBHPTCY5X23OHE
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENA...

1 B
941 B

61ms
12ms

Image
text/html

185.64.189.110
PubMatic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Thu, 15 Nov 2018 15:54:36 GMT
X-lat: Pug22003:0:963
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

Pragma: no-cache
Date: Thu, 15 Nov 2018 15:54:36 GMT
Server: nginx/1.12.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 220

GET
S

204

/
trc.taboola.com/sg/adroll-network/1/rtb-h/
Redirect Chain

https://d.adroll.com/cm/taboola/out?advertisable=OU3SUNRJWBHPTCY5X23OHE
https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA

0
279 B

15ms
15ms

Image
text/plain

151.101.2.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 15 Nov 2018 15:54:36 GMT
via: 1.1 varnish
server: nginx
x-timer: S1542297277.906899,VS0,VE9
x-served-by: cache-fra19136-FRA
x-cache: MISS
status: 204
x-cache-hits: 0
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 15 Nov 2018 15:54:36 GMT
Server: nginx/1.12.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 111

GET
H/1.1

200
OK

xuid
eb2.3lift.com/
Redirect Chain

https://d.adroll.com/cm/triplelift/out?advertisable=OU3SUNRJWBHPTCY5X23OHE
https://eb2.3lift.com/xuid?mid=4714&xuid=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&dongle=c85e
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&dongle=c85e&gdpr=1&cmp_cs=

37 B
466 B

8ms
7ms

Image
image/gif

18.194.70.167
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&dongle=c85e&gdpr=1&cmp_cs=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.70.167 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-194-70-167.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 15 Nov 2018 15:54:36 GMT
cache-control: no-cache, no-store, must-revalidate
Connection: keep-alive
P3P: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
Content-Length: 37
content-type: image/gif

Redirect headers

location: /xuid?ld=1&mid=4714&xuid=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA&dongle=c85e&gdpr=1&cmp_cs=
date: Thu, 15 Nov 2018 15:54:36 GMT
cache-control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
P3P: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK in
d.adroll.com/cm/mk/ADVERTISABLE_EID/ 42 B
465 B 28ms
27ms Image
image/gif 54.228.212.43
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/mk/ADVERTISABLE_EID/in?id=id%3A524-DOM-989%26token%3A_mch-cylance.com-1542297273621-88159
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.228.212.43 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-228-212-43.eu-west-1.compute.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Nov 2018 15:54:36 GMT
Server: nginx/1.12.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42

GET
H/1.1

200
OK

pixel
ads.yahoo.com/
Redirect Chain

https://d.adroll.com/cm/r/out?advertisable=OU3SUNRJWBHPTCY5X23OHE
https://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fesig%3D1~bf4e7dc4546a90c08591652d78a230d3f2ef5733%26nwid%3D10001032567%26sigv%3D1%26gdpr%3D1%26gdpr_con...

0
1 KB

132ms
39ms

Image
text/plain

2a00:1288:110:422::3000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fesig%3D1~bf4e7dc4546a90c08591652d78a230d3f2ef5733%26nwid%3D10001032567%26sigv%3D1%26gdpr%3D1%26gdpr_consent%3DBOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:422::3000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 15 Nov 2018 15:54:37 GMT
X-Content-Type-Options: nosniff
Server: ATS
Age: 0
Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Strict-Transport-Security: max-age=31536000
Public-Key-Pins-Report-Only: max-age=2592000; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o="; pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="dolnbtzEBnELx/9lOEQ22e6OZO/QNb6VSSX2XHA3E7A="; pin-sha256="i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc="; includeSubdomains; report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only"
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block

Redirect headers

Pragma: no-cache
Date: Thu, 15 Nov 2018 15:54:36 GMT
Server: nginx/1.12.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fesig%3D1~bf4e7dc4546a90c08591652d78a230d3f2ef5733%26nwid%3D10001032567%26sigv%3D1%26gdpr%3D1%26gdpr_consent%3DBOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 248

GET
H/1.1

200
OK

sync
x.bidswitch.net/ul_cb/
Redirect Chain

https://d.adroll.com/cm/b/out?advertisable=OU3SUNRJWBHPTCY5X23OHE
https://x.bidswitch.net/sync?dsp_id=44&user_id=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA

43 B
575 B

15ms
14ms

Image
image/gif

18.153.11.1
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.153.11.1 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-153-11-1.eu-central-1.compute.amazonaws.com
Software: nginx/1.12.0 /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 15 Nov 2018 15:54:37 GMT
Server: nginx/1.12.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=10
Content-Length: 43

Redirect headers

Date: Thu, 15 Nov 2018 15:54:37 GMT
Server: nginx/1.12.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Keep-Alive: timeout=10
Content-Length: 0

GET
H/1.1

200
OK

pxj
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out?advertisable=OU3SUNRJWBHPTCY5X23OHE
https://ib.adnxs.com/pxj?bidder=172&seg=802787&action=setuid(%27NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA%27)

0
590 B

57ms
13ms

Image
text/html

185.33.223.204
AppNexus

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/pxj?bidder=172&seg=802787&action=setuid(%27NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA%27)

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.204 , European Union, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

Software

nginx/1.13.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Nov 2018 15:54:39 GMT
X-Proxy-Origin: 148.251.45.254; 148.251.45.254; 319.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.9:80
AN-X-Request-Uuid: c4309691-e7b7-4504-898b-51862d90a90d
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 15 Nov 2018 15:54:36 GMT
Server: nginx/1.12.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://ib.adnxs.com/pxj?bidder=172&seg=802787&action=setuid('NTRmNDZhMzA1NDdjMmJlNmE2YWM2ZGYxMDUxMDM5ZjA')
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 113

GET
S

204

377928.gif
idsync.rlcdn.com/
Redirect Chain

https://d.adroll.com/cm/l/out?advertisable=OU3SUNRJWBHPTCY5X23OHE
https://idsync.rlcdn.com/377928.gif?partner_uid=54f46a30547c2be6a6ac6df1051039f0

0
35 B

320ms
106ms

Image
text/plain

52.20.14.48
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/377928.gif?partner_uid=54f46a30547c2be6a6ac6df1051039f0
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.20.14.48 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-20-14-48.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 204
date: Thu, 15 Nov 2018 15:54:37 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 15 Nov 2018 15:54:36 GMT
Server: nginx/1.12.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://idsync.rlcdn.com/377928.gif?partner_uid=54f46a30547c2be6a6ac6df1051039f0
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 86

GET
S

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out?advertisable=OU3SUNRJWBHPTCY5X23OHE
https://us-u.openx.net/w/1.0/sd?id=537103138&val=54f46a30547c2be6a6ac6df1051039f0
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=54f46a30547c2be6a6ac6df1051039f0

43 B
256 B

19ms
19ms

Image
image/gif

173.241.240.143
OPENX TECHNOLOGIES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=54f46a30547c2be6a6ac6df1051039f0
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 173.241.240.143 New York, United States, ASN36089 (OPENX-AS1 - OPENX TECHNOLOGIES, INC., US),
Reverse DNS: ox-173-241-240-143.xa.dc.openx.org
Software: OXGW/16.110.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Nov 2018 15:54:37 GMT
server: OXGW/16.110.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
status: 200
cache-control: private, max-age=0, no-cache
content-type: image/gif
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

status: 302
date: Thu, 15 Nov 2018 15:54:37 GMT
server: OXGW/16.110.0
content-length: 0
location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=54f46a30547c2be6a6ac6df1051039f0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H/1.1

200
OK

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?advertisable=OU3SUNRJWBHPTCY5X23OHE&google_nid=adroll5
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=VPRqMFR8K-amrG3xBRA58A&google_ula=1535926
https://d.adroll.com/cm/g/in?google_ula=1535926,0

42 B
510 B

29ms
28ms

Image
image/gif

54.228.212.43
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in?google_ula=1535926,0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.228.212.43 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-228-212-43.eu-west-1.compute.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 15 Nov 2018 15:54:37 GMT
Server: nginx/1.12.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
X-Result: g.-1.-1.1535926.0.-1

Redirect headers

pragma: no-cache
date: Thu, 15 Nov 2018 15:54:37 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://d.adroll.com/cm/g/in?google_ula=1535926,0
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 246
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 1792927231029740 Show response
connect.facebook.net/signals/config/ 179 KB
42 KB 44ms
44ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1792927231029740?v=2.8.33&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

351f08d04d55a2bf5ecb38bbe1bf0ba13d8e4635fc75c9ba130d2f548df71559

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
x-xss-protection: 0
pragma: public
x-fb-debug: 6o/Dov2X5Bw30K12ic/UR7HxC6Oc/WLYBMRfXKQUkxywKf3gUVhO3nIJrKvGmU3JdNzsNqnTwfkxfvMWtviymw==
x-frame-options: DENY
date: Thu, 15 Nov 2018 15:54:36 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
S 200 /
www.facebook.com/tr/ 44 B
248 B 6ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/tr/?id=1792927231029740&ev=PageView&dl=https%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC&rl=&if=false&ts=1542297276868&cd[segment_eid]=TB32AEMU6FEXRAAS24S2GJ&sw=1600&sh=1200&v=2.8.33&r=stable&ec=0&o=29&fbp=fb.1.1542297276868.1860763423&it=1542297276795&coo=false
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer: https://pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html?sfc=70144000001N29gAAC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 15 Nov 2018 15:54:36 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Thu, 15 Nov 2018 15:54:36 GMT

Verdicts & Comments Add Verdict or Comment

191 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

32 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cylance.com/	1970-01-18 21:08:09	Name: utm_medium Value: Direct
.cylance.com/	1970-01-18 20:24:59	Name: sbjs_session Value: pgs%3D1%7C%7C%7Ccpg%3Dhttps%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC
.cylance.com/	1970-01-19 00:44:09	Name: sbjs_current Value: typ%3Dtypein%7C%7C%7Csrc%3D%28none%29%7C%7C%7Cmdm%3DDirect%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29
.cylance.com/	1970-01-19 00:44:09	Name: sbjs_current_add Value: fd%3D2018-11-15%2015%3A54%3A34%7C%7C%7Cep%3Dhttps%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC%7C%7C%7Crf%3D%28none%29
.cylance.com/	1970-01-19 00:44:09	Name: sbjs_udata Value: vst%3D1%7C%7C%7Cuip%3D%28none%29%7C%7C%7Cuag%3DMozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_13_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F67.0.3396.87%20Safari%2F537.36
.cylance.com/	1970-01-19 00:44:09	Name: sbjs_migrations Value: 1418474375998%3D1
.cylance.com/	1970-01-18 20:24:57	Name: _dc_gtm_UA-33464378-1 Value: 1
.cylance.com/	1970-01-19 13:56:09	Name: _ga Value: GA1.2.1286300084.1542297274
.cylance.com/	1970-01-19 22:41:45	Name: s_lv Value: 1542297273599
.cylance.com/	1970-01-19 05:10:33	Name: s_vnum Value: 1573833273549%26vn%3D1
.cylance.com/	1970-01-19 13:56:09	Name: trwv.uid Value: cylance-1542297273833-b78b411f%3A1
.cylance.com/	1970-01-19 05:10:33	Name: calltrk_landing Value: https%3A//pages.cylance.com/en-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC
.cylance.com/	1970-01-18 21:08:09	Name: sfc Value: 70144000001N29gAAC
.cylance.com/	1970-01-18 20:26:23	Name: lastvisited Value: lastvisited
.cylance.com/	1970-01-18 21:08:09	Name: s_nr Value: 1542297273599-New
.cylance.com/	1970-01-19 05:10:33	Name: calltrk_referrer Value: direct
.cylance.com/	1970-01-18 21:08:09	Name: querystring Value: sfc%3D70144000001N29gAAC
.cylance.com/	1970-01-18 20:24:59	Name: trwsa.sid Value: cylance-1542297273833-2d6387a7%3A1
.cylance.com/	1969-12-31 23:59:59	Name: check Value: true
.cylance.com/	1970-01-19 05:10:33	Name: calltrk_session_id Value: 8a4e0383-2cd9-4d56-88e7-4f63e06bf1a7
.cylance.com/	1970-01-19 00:44:09	Name: sbjs_first_add Value: fd%3D2018-11-15%2015%3A54%3A34%7C%7C%7Cep%3Dhttps%3A%2F%2Fpages.cylance.com%2Fen-us-2018-11-operation-shaheen-threat-research-report-pdf-viewer.html%3Fsfc%3D70144000001N29gAAC%7C%7C%7Crf%3D%28none%29
.cylance.com/	1970-01-18 20:24:59	Name: s_invisit Value: true
.cylance.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.pages.cylance.com/	1970-01-19 05:10:33	Name: __cfduid Value: d57bd61bc5ea90eddcccdf69af307d1431542297272
.cylance.com/	1970-01-19 00:44:09	Name: sbjs_first Value: typ%3Dtypein%7C%7C%7Csrc%3D%28none%29%7C%7C%7Cmdm%3DDirect%7C%7C%7Ccmp%3D%28none%29%7C%7C%7Ccnt%3D%28none%29%7C%7C%7Ctrm%3D%28none%29
.cylance.com/	1970-01-18 20:24:59	Name: s_lv_s Value: First%20Visit
.cylance.com/	1970-01-18 22:34:33	Name: _gcl_au Value: 1.1.57801018.1542297273
.cylance.com/	1970-01-18 20:26:23	Name: _gid Value: GA1.2.1952400569.1542297274
.cylance.com/	1970-01-19 13:56:09	Name: _mkto_trk Value: id:524-DOM-989&token:_mch-cylance.com-1542297273621-88159
pages.cylance.com/	1969-12-31 23:59:59	Name: BIGipServersj16web-nginx-app_https Value: !yqS3m7IOE7+28Bur6jIaQ+dbpC/uGoWdNyLKCzCdHzk1wNS5Vn0ftbUhQFLImOGzbYWRiDl6nnNWWFM=
.cylance.com/	1970-01-20 16:14:23	Name: s_fid Value: 1E7C3279C86FE2F1-384E673DA9C9AE4E
.cylance.com/	1970-01-19 13:59:02	Name: mbox Value: session#9d2d9c84a60842279ea3a8d10fde14df#1542299133\|PC#9d2d9c84a60842279ea3a8d10fde14df.26_31#1605542073

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

524-dom-989.mktoresp.com
ads.avocet.io
ads.yahoo.com
api-iam.intercom.io
api.company-target.com
assets.adobedtm.com
bat.bing.com
cdn.callrail.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
connect.facebook.net
cylance.sc.omtrdc.net
cylance.tt.omtrdc.net
d.adroll.com
d.company-target.com
data.cdnbasket.net
dpx.airpr.com
dsum-sec.casalemedia.com
e.cdnwidget.com
eb2.3lift.com
fonts.googleapis.com
fonts.gstatic.com
formalyzer.com
googleads.g.doubleclick.net
ib.adnxs.com
id.rlcdn.com
ids.cdnwidget.com
idsync.rlcdn.com
js.intercomcdn.com
match.prod.bidr.io
maxcdn.bootstrapcdn.com
munchkin.marketo.net
page.cdnbasket.net
pages.cylance.com
pixel.advertising.com
pixel.cdnwidget.com
pixel.rubiconproject.com
px.ads.linkedin.com
px.airpr.com
rtp-static.marketo.com
s.adroll.com
secure.adnxs.com
secure.leadforensics.com
segments.company-target.com
simage2.pubmatic.com
sjrtp3-cdn.marketo.com
sjrtp3.marketo.com
snap.licdn.com
stats.g.doubleclick.net
sync.outbrain.com
t.sf14g.com
tag.demandbase.com
thecyberwire.us16.list-manage.com
tracking.leadlander.com
trc.taboola.com
us-u.openx.net
view.cdnbasket.net
widget.intercom.io
www.cylance.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
x.bidswitch.net
104.111.239.158
104.111.242.254
104.17.74.206
13.32.223.128
13.32.223.141
13.32.223.164
13.32.223.168
13.32.223.209
13.32.223.210
13.32.223.24
130.211.39.131
130.211.47.17
151.101.2.2
172.217.22.98
172.217.23.162
172.82.228.19
173.241.240.143
18.153.11.1
18.194.70.167
18.196.229.250
18.235.27.179
185.33.223.204
185.33.223.208
185.64.189.110
192.28.146.120
192.28.146.84
2.18.232.23
2.18.233.40
204.79.197.200
209.197.3.15
213.19.162.80
23.0.32.140
23.111.8.24
2606:4700::6813:c597
2620:109:c007:102::5be1:f881
2a00:1288:110:422::3000
2a00:1450:4001:81a::2003
2a00:1450:4001:81a::2004
2a00:1450:4001:81a::2008
2a00:1450:4001:81a::200a
2a00:1450:4001:81a::200e
2a00:1450:4001:81b::2003
2a00:1450:4001:821::2002
2a00:1450:400c:c00::9d
2a02:26f0:6c00:296::25ea
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a05:f500:10:101::b93f:9105
35.190.27.37
35.190.9.26
35.201.94.92
35.227.215.104
51.140.49.131
52.17.170.37
52.20.14.48
52.31.82.142
52.40.44.5
52.57.229.114
54.164.163.128
54.228.180.155
54.228.212.43
54.85.83.177
66.117.29.11
92.122.31.61
00eefad8cfe42f52ba984740be5df503849b4d4603913570d515db8f1bb1fffd
00f7441aeacbb7a7143297332e21710d23a8af54667e50cc42a528804eea1e13
0955faeb6c96d53329334b4ec84d3b7eb03d292b44381ac34998a42956e53fb3
0e61af2bfebca120ae344dc48386bbd2b6d24486524cf98ed55327b084bf1702
0e8d3647d7007583e9190b3fce74c540b9bf0421c2208996a127cc19622b08aa
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1354698c9e5905a5556df6bb11704d96cd71a24c2f940a48e01b5ab985c80363
14899cb1a3ed2f3b8432287548bf0f4f910e728626e7dd4c1c60c902786b7d9d
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
1909d554e59d8a77609b01533be42f6c5525ce74f7bba0902f962f3f5e93b849
1a7d8ac09be6eac4399f0f231cc1994e8ee1c7ecc349b0c8d75b23e4486b51ba
1c3b59ee0ca86eaa084b7d64f600e4106eef5077f038e9f480114dc82887a74e
1d056a8f811e1246b7bebd9d07ff4e86dc63859dd0631efcda0b47170eefb631
1d89abcc73548a00545f33a39c2f5a35bcaa86e50b29218964c5b69edb44d225
2308d970454e801345cc8bae0c64dc8464b287a6de86b020e4c008ffb415f0b8
25b4e974dc91d718d1b66bf120388c20da6dfd3a886ec8401af1c269dd169a44
2c7af620e565e936a3ac5be3eefa68650852484305f680f84034a5d8c46e2791
2f947cd9998872022e43061f807673ba3cfe72c824081c78471fc91084e1c618
2fb574e7bb951deb621f32ec4a6d95faa84d74218fdfaf60f77333c5c106b185
30fbb0384f729d7a0adf08280e3b1810ba0bb73bc639d00a75afa274b2af0ec1
33207c82efa045da3fbae51ad279020135b038e8a581fa89b34dd9faada6fb62
339b2b60e94b6dc169fd9e5b68ac16b1ca08ef6a4968e98a0f43c2add405e79a
351f08d04d55a2bf5ecb38bbe1bf0ba13d8e4635fc75c9ba130d2f548df71559
35f273e01e70db780ae423347dffecfc27cc348ba4abbd6099331559a7c5cd31
3894cfb7e88e4924ad68b26fb1e886a7b6e641a3bd753d56820734d68cfdebac
397d07fbfb19b6ac538d7b8bcdf5ebf7be881c9f9ad3982278d9d4f3a02c160b
3a82897d7d48d2a556034c7975c043c8443a131b9183ece2dadb91dae0775b20
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
40366624a30087f42df986e79b53157a6bf76b1483c05c0890d034b03aae8e96
40c4236be47c1ddd55525935b15f6fd6afa4cc3591f3148e9da57f3045feb1cc
4134094f2e50772bf2e1084a4522aedb49a18ba9afca40a4999e3d9b4e47ae05
4244bc2d0bb4995595a948b723783239fbb0dc0dcb13d7d4777df0f7f022ede6
430f36f9b5f21aae8cc9dca6a81c4d3d84da5175eaedcf2fdc2c226302cb3575
44dd49cb9f668cf70e36e5eef8a78d92d80e45c297cf61c5fdca28c4d470b0a7
4c0910d898a1dc8bd9db07bedbd28dd46b485cd506be2e733a622be4cefb8185
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
529b9c583e6cf8da02c9cadf8c38b5714198f0fde2dcde01da2d5ee681228738
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54ce1cf93caed6200dc035fcf3bb62cfb78615d5356c16c3c128ba1b20fab791
579bfa3e4dcbdfe3a78e5924652da4e49b013e8163d94a3ec561905cc2957a5f
5bca66beac5365d7a5e9a883b7b9d4dd177cb7a780ff90bfeee22a6c9d057cbc
61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
6226202c1ea75ec89c213d14f9d1b6944e6ba6beec3eac721232a8e66e6d3a95
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
76d7d342cd49267d8c624a82b7f8447143c79885c0045452e1c99019a78db7df
7aa9bc4ef18f024cd5094430d69150089b6ef1ff457ab0fd09da977b37cd8e5b
7fb58f6c6c2c3b61909e3b4bb9e199d95d5e2a4e39b58f25d1a9894971ed16b9
81b3511c035def5eb9622b30e2abeb52c5a0e276355cfe7b74c28ee0afbf4472
8290237df3b8108c6fa408c82e41dcc2e4c9613346cbe7b2abe0f52f4a4375b9
82bbf4a0f25757d1c9b9f18672eabf510965e4873e9d989a407823eac0d99259
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83ee853db3f0603ddc6e56e8d56726a9115d99712c9de2c79eb7f156cb537740
867bd168728faba904fe15de941932d1d7537130b0edb918970901435cf39929
86ecafc33ecb5976760d6b5f13a2874525e3f4bfa8b12a0e14d6c98ae9e727cd
9298a280eda6b54290d3c69fda3ae7da0cec1a0169d01d4e5944af63d68939d5
936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a740fc74ea7ed5a36035ebbf640b5677595bfb974cd40c92cfdc5fc57f23a6f4
acbf8994f9c8a59ab79dd564be4a01cdb8f1ebdeec93cee7bd35b52c6fa54ded
ade966c3d2ebbd7ea20bdfebde3f521aa0bbbbd7e042fc69e74a5940a7c0cc66
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3be4bf3061aacb1f84a41c6b202ff7f1c55f12c9aa05a22593e75fb35d07281
b466abb9b00629b453ba2b9d3ceb453c0c6e6db5526be2ff3198e274c13d566f
b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc639d965eb9897e6ca584c0d8abb53d0187122fdc02a922ee793f8f5199a403
c48bc0845a13f41da83ec811f860e6c95d61aec6be1ad55b34c2d51e05a308f4
c8c41639bd3ff6e53a3059638fcdd9ecec86fb44ce02e2558e54f1ce1175c884
cbbd42bb1d88693e6805bd9d676840424af5ecf3e13d874fd06e6b57d53d8d40
ccd7e62517f5e5cd74ab37871fd364a43900a183ab10b0db77e44ab13adb5533
cdb9af36b1c52b91f9477c88cfd39fb8a5a27764cb20f1ac3ca75a3fae0fdc23
ce4f4b70002ff090e1d722734f5a3f0c2c668d66cf5c5bf3b10b493f3aa743ca
d07ffe3b2c9e396509a4b8dc6b6279e8932ad6c4d539b069dec5f1ee08283113
d16b62e9833a9777233cdc8b707d56dc5fe4d50f1999fa677155a6a9ec504b64
dbbec61d403dc9e2f8fa4a849d04b2fa94e1576f3f6c59820846f612cf52aad0
dd86315d28c41239627e235a9cad43e0a2ab155ab6e639c06f5237f166d567f5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef8d6a245a921d64a0d3e9d6f356747b3c7a50c95c6dc2e06cb108d81bfd0a65
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5
f22cf02397a4230a1a2cca5f617580b8770e2838ab1bded1b88e847b5128f607
fbf63674053e3b35a34473fc7568df63730cb5e71f7e81aa8432e75374c758a3
fc924dab0b99a210e7b3b77af1aab3b82f77f2094cf2469730108dee7a8199e7

pages.cylance.com Open in urlscan Pro 104.17.74.206 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

111 Requests

100 %HTTPS

23 %IPv6

49 Domains

68 Subdomains

58 IPs

6 Countries

1675 kBTransfer

5267 kBSize

32 Cookies

13 Outgoing links

Page URL History

Redirected requests

111 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

pages.cylance.com Open in urlscan Pro
104.17.74.206 Public Scan

Screenshot
Live screenshot

Full Image

111
Requests

100 %
HTTPS

23 %
IPv6

49
Domains

68
Subdomains

58
IPs

6
Countries

1675 kB
Transfer

5267 kB
Size

32
Cookies

111 HTTP transactions
0 data transactions