urlscan.io logo urlscan.io
SecurityTrails logo

www.cyclonis.com Open in urlscan Pro
65.9.77.74  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.cyclonis.com/threats/browser-hijacker/
Submission: On June 30 via manual from RU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 25 IPs in 3 countries across 18 domains to perform 63 HTTP transactions. The main IP is 65.9.77.74, located in United States and belongs to AMAZON-02, US. The main domain is www.cyclonis.com.
TLS certificate: Issued by Amazon on September 13th 2020. Valid for: a year.
This is the only time www.cyclonis.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
28 65.9.77.74 16509 (AMAZON-02)
4 151.139.128.11 20446 (HIGHWINDS3)
3 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
1 172.217.16.130 15169 (GOOGLE)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 2600:9000:205... 16509 (AMAZON-02)
1 54.197.98.98 14618 (AMAZON-AES)
2 2 2620:119:50e1... 14413 (LINKEDIN)
1 1 2620:1ec:22::14 8068 (MICROSOFT...)
1 108.174.10.14 14413 (LINKEDIN)
1 2a00:1450:400... 15169 (GOOGLE)
1 54.236.80.213 14618 (AMAZON-AES)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f11... 32934 (FACEBOOK)
1 107.20.147.136 14618 (AMAZON-AES)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:214... 16509 (AMAZON-02)
63 25
28    65.9.77.74 (United States)

ASN16509 (AMAZON-02, US)
www.cyclonis.com
4    151.139.128.11 (United States)

ASN20446 (HIGHWINDS3, US)
cdn.shareaholic.net
m9m6e2w5.stackpathcdn.com
3    2a02:26f0:6c00::210:ba2a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
use.typekit.net
1    2a02:26f0:6c00:28d::19fd (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
p.typekit.net
1    2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net
www.googleadservices.com
3    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
1    2a02:26f0:6c00:29b::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
2    2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    2600:9000:2057:4400:1f:f723:6fc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
sc.lfeeder.com
1    54.197.98.98 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-197-98-98.compute-1.amazonaws.com
www.shareaholic.net
2    2620:119:50e1:101::6cae:b25 (San Jose, United States)

ASN14413 (LINKEDIN, US)
px.ads.linkedin.com
1    2620:1ec:22::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.linkedin.com
1    108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com
px4.ads.linkedin.com
1    2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    54.236.80.213 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-236-80-213.compute-1.amazonaws.com
analytics.shareaholic.com
2    2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
2    2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    107.20.147.136 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-20-147-136.compute-1.amazonaws.com
partner.shareaholic.com
2    2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2a00:1450:400c:c08::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:801::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2600:9000:214f:1600:17:a556:9bc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
myaccount.enigmasoftware.com
Domain Requested by
28 www.cyclonis.com www.cyclonis.com
3 m9m6e2w5.stackpathcdn.com cdn.shareaholic.net
www.cyclonis.com
3 bat.bing.com www.googletagmanager.com
bat.bing.com
www.cyclonis.com
3 www.googletagmanager.com www.cyclonis.com
www.googletagmanager.com
3 use.typekit.net www.cyclonis.com
use.typekit.net
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 www.facebook.com www.cyclonis.com
2 www.google.de www.cyclonis.com
2 www.google.com www.cyclonis.com
2 googleads.g.doubleclick.net www.googleadservices.com
2 px.ads.linkedin.com 2 redirects
2 connect.facebook.net www.cyclonis.com
connect.facebook.net
1 myaccount.enigmasoftware.com www.cyclonis.com
1 stats.g.doubleclick.net www.google-analytics.com
1 partner.shareaholic.com m9m6e2w5.stackpathcdn.com
1 analytics.shareaholic.com m9m6e2w5.stackpathcdn.com
1 px4.ads.linkedin.com www.cyclonis.com
1 www.linkedin.com 1 redirects
1 www.shareaholic.net cdn.shareaholic.net
1 sc.lfeeder.com www.cyclonis.com
1 snap.licdn.com www.cyclonis.com
1 www.googleadservices.com www.googletagmanager.com
1 p.typekit.net use.typekit.net
1 cdn.shareaholic.net www.cyclonis.com
63 24

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.youtube.com
www.linkedin.com
www.instagram.com
Subject Issuer Validity Valid
*.cyclonis.com
Amazon		 2020-09-13 -
2021-10-15		 a year crt.sh
cdn.shareaholic.net
R3		 2021-05-14 -
2021-08-12		 3 months crt.sh
use.typekit.net
DigiCert SHA2 Secure Server CA		 2020-01-28 -
2022-02-01		 2 years crt.sh
*.typekit.net
DigiCert SHA2 Secure Server CA		 2019-12-06 -
2021-12-10		 2 years crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-05-31 -
2021-08-23		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-05-31 -
2021-08-23		 3 months crt.sh
www.bing.com
Microsoft RSA TLS CA 01		 2021-04-12 -
2021-10-12		 6 months crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA		 2021-04-30 -
2022-05-11		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-05-26 -
2021-08-24		 3 months crt.sh
*.stackpathcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2021-05-31 -
2022-05-31		 a year crt.sh
*.lfeeder.com
Amazon		 2020-09-04 -
2021-10-06		 a year crt.sh
*.shareaholic.net
R3		 2021-06-11 -
2021-09-09		 3 months crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA		 2021-04-15 -
2021-10-15		 6 months crt.sh
shareaholic.com
Amazon		 2021-06-05 -
2022-07-04		 a year crt.sh
www.google.com
GTS CA 1C3		 2021-05-31 -
2021-08-23		 3 months crt.sh
www.google.de
GTS CA 1C3		 2021-05-31 -
2021-08-23		 3 months crt.sh
*.shareaholic.com
R3		 2021-06-11 -
2021-09-09		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-05-31 -
2021-08-23		 3 months crt.sh
*.google.de
GTS CA 1C3		 2021-05-31 -
2021-08-23		 3 months crt.sh
enigmasoftware.com
Amazon		 2020-12-20 -
2022-01-18		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.cyclonis.com/threats/browser-hijacker/
Frame ID: B303404AA99211E339E0CEA62EF8A292
Requests: 69 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i
Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i
Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i
Overall confidence: 100%
Detected patterns
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i
Overall confidence: 100%
Detected patterns
  • headers via /\(CloudFront\)$/i
  • headers server /^AmazonS3$/i
Overall confidence: 100%
Detected patterns
  • headers via /\(CloudFront\)$/i
Overall confidence: 100%
Detected patterns
  • headers server /^AmazonS3$/i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<!-- (?:End )?Google Tag Manager -->/i

Page Statistics

63
Requests

100 %
HTTPS

73 %
IPv6

18
Domains

24
Subdomains

25
IPs

3
Countries

1514 kB
Transfer

2837 kB
Size

7
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 38
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=121120&time=1625041726614&url=https%3A%2F%2Fwww.cyclonis.com%2Fthreats%2Fbrowser-hijacker%2F HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D121120%26time%3D1625041726614%26url%3Dhttps%253A%252F%252Fwww.cyclonis.com%252Fthreats%252Fbrowser-hijacker%252F%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=121120&time=1625041726614&url=https%3A%2F%2Fwww.cyclonis.com%2Fthreats%2Fbrowser-hijacker%2F&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=121120&time=1625041726614&url=https%3A%2F%2Fwww.cyclonis.com%2Fthreats%2Fbrowser-hijacker%2F&liSync=true&e_ipv6=AQKv58yU04zzFgAAAXpcCO9X1eWLMEEg6IrNI7MsYaqORwtZzzR9vsTkxZQ9tzZ8uT4g2av0

63 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.cyclonis.com/threats/browser-hijacker/ 		37 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
07aa402303a22b02fa75acb645b1e9441512e55509e70c25ab69029f52c067eb

Request headers

:method
GET
:authority
www.cyclonis.com
:scheme
https
:path
/threats/browser-hijacker/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
text/html
x-amz-id-2
kK3n3qVPz/mP6Uvz9fGw+JGk5DpK1H6lrS733aT5F/s08ilalF45Xop4wxkBQl/ztpW8AvpaQ1A=
x-amz-request-id
JR4VB5CH7RJ8RNVV
date
Wed, 30 Jun 2021 08:27:57 GMT
last-modified
Tue, 29 Jun 2021 14:35:33 GMT
etag
W/"82722d6edd57b2a745742d68fa7958b0"
server
AmazonS3
content-encoding
gzip
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-C1
x-amz-cf-id
dSzTZxmTxOnHkkTzmfDgZuDbm1G6VcnOhR2d9XXRcTJOFFd836Acew==
age
50
shareaholic.js
cdn.shareaholic.net/assets/pub/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shareaholic.net/assets/pub/shareaholic.js
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
c830758010aedcea8ca49c184368268449b4eba73eee6b88c668eeeaa9a85229

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:46 GMT
content-encoding
gzip
last-modified
Mon, 21 Jun 2021 17:14:14 GMT
server
nginx
x-amz-request-id
RK1NJT599KTH4WC7
etag
"13a798bc54cc9f809ed3b284fe9a56a8"
x-hw
1625041726.cds030.sk1.hn,1625041726.cds201.sk1.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=1200, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
3706
x-amz-id-2
LQ0v51ZffduMwCNDEtbVVfM8eJZCFMJq/0bg0joR+PH2fyx66VwhwdU/t527ilzHC0et9nblrtQ=
ddt6yri.css
use.typekit.net/ 		3 KB
952 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/ddt6yri.css
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
acf3841b3f4d41a622507b7b6d2299eda17962e6286448d8e68c8a90c2086ebe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
server
nginx
date
Wed, 30 Jun 2021 08:28:46 GMT
vary
Accept-Encoding
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
721
bundle.css
www.cyclonis.com/wp-content/themes/default/css/ 		437 KB
138 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cyclonis.com/wp-content/themes/default/css/bundle.css?1624887129
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0dd1c75a7c11a1ff208232528bc42ff3a7dba44276badb339cb1d00e2c3a9094

Request headers

:path
/wp-content/themes/default/css/bundle.css?1624887129
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 14:35:54 GMT
content-encoding
gzip
last-modified
Mon, 24 May 2021 16:49:15 GMT
server
AmazonS3
age
64373
etag
W/"265fbbb6a175f619db51c208b635b29a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-C1
x-amz-request-id
9TE2RPYAKM5QTK7A
x-amz-cf-id
T3W5AOvtIEqt_yWZTkh0QPwaotVQsYqRU6B0qQGO3DHRCdE7J1TnAg==
x-amz-id-2
AAMLL0YDGB8C4zQZBOXeS6RqdqbLKa45DvWvUm1rHK6tZ1nIRJ6k94sgqi2XKRcR6TvCJr72NsY=
xeesearch-360x240.jpg
www.cyclonis.com/images/2021/05/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cyclonis.com/images/2021/05/xeesearch-360x240.jpg
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5568f78c341d08c1e82619a18617286ba7ad6a9922f591ddd4ea02e9e1479a1f

Request headers

:path
/images/2021/05/xeesearch-360x240.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 14:40:28 GMT
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
last-modified
Fri, 21 May 2021 15:45:49 GMT
server
AmazonS3
age
64099
etag
"d5a72557381ef89c4cc31fe5815f8a58"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=16070400
content-length
7906
x-amz-cf-pop
AMS1-C1
accept-ranges
bytes
x-amz-request-id
DHP3WA97VA05PC1F
x-amz-id-2
buoW4DmH74JrPRLxcE6+Cdov8xBHcgvOGx5Zvs22TEniUlJ8J5mmuKYK/maLfm1229UFvjxXi/Y=
x-amz-cf-id
QYKVgiaXdnMcI8WR363sk3PSET3_yQrEcvGqtWeOZgO5RJfgjUUYtw==
80-percent-e-commerce-android-apps-leak-personal-data-360x180.jpg
www.cyclonis.com/images/2019/11/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cyclonis.com/images/2019/11/80-percent-e-commerce-android-apps-leak-personal-data-360x180.jpg
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4db5d28df3a2cfa120d4d63bc28cbc6a65676e00963570ead447c99ae9364831

Request headers

:path
/images/2019/11/80-percent-e-commerce-android-apps-leak-personal-data-360x180.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:01 GMT
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
last-modified
Mon, 06 Jan 2020 14:52:29 GMT
server
AmazonS3
age
46
etag
"231e94d0a5c072e1f1b41995534cac5e"
x-cache
Hit from cloudfront
content-type
image/jpeg
content-length
10813
x-amz-cf-pop
AMS1-C1
accept-ranges
bytes
x-amz-request-id
58P3WVR43DXHFDD0
x-amz-id-2
EIp0mMW0S0LHd8CiZG4xSke4xabn96eywuFKvWfVW00t05w3iMCtb+HX8oD9nNurOUbaoU2iylc=
x-amz-cf-id
Psd_BlWksEb1CbYMt85nWy5TJOp9AeWJruJToVtSHQbEsYsa7yI1tA==
microstutter-360x203.jpg
www.cyclonis.com/images/2021/05/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cyclonis.com/images/2021/05/microstutter-360x203.jpg
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7e549d7e70e97fb4f8e075de988c7e7bf0c30669f7d2665bd8d49326be615386

Request headers

:path
/images/2021/05/microstutter-360x203.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:01 GMT
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
last-modified
Thu, 17 Jun 2021 15:33:38 GMT
server
AmazonS3
age
46
etag
"d919c0e0b7018765fa374bc28fe36fc5"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=16070400
content-length
12454
x-amz-cf-pop
AMS1-C1
accept-ranges
bytes
x-amz-request-id
58P8VKBEAC80X7RG
x-amz-id-2
XQNWRB8Gc8/i8tV4APa7RQ1osQXJSvve5fuFHWGoqJqbpptx+NG1oEOIOdpE3mdqCll7vv1+PdM=
x-amz-cf-id
sKxlBxDAV_BgmXId5BXo717TS2iSgLWaNtoPtYrZwTYXOhYqQ5LUDA==
dns-hijacking-360x180.jpg
www.cyclonis.com/images/2019/04/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cyclonis.com/images/2019/04/dns-hijacking-360x180.jpg
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7d7c245937d92d89674960d6df2862388bc64a2675a735055f86dc94b6610f04

Request headers

:path
/images/2019/04/dns-hijacking-360x180.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:01 GMT
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
last-modified
Mon, 06 Jan 2020 14:51:20 GMT
server
AmazonS3
age
46
etag
"2f184ae8444e37f5d04e4ebf4ff7cd7c"
x-cache
Hit from cloudfront
content-type
image/jpeg
content-length
6979
x-amz-cf-pop
AMS1-C1
accept-ranges
bytes
x-amz-request-id
58PAR5HRWAADR9MP
x-amz-id-2
T6KZC8Yetp1rxMrBrDQzbH67l0QH9JZFkMH2tkE0sWffNVRkvmKlESt0Qzl5+ezhqExbazFFQhA=
x-amz-cf-id
12KJMMlqybtUoTUriv8pk8YWk2W2_aBb1AjRmyVR8sgWHseAVwXgtw==
yourappleiphone-360x329.jpg
www.cyclonis.com/images/2021/05/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cyclonis.com/images/2021/05/yourappleiphone-360x329.jpg
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
05bdad4dc7f4c9fcd38c3074cdfaced54049b48c64391e9525d0b818f60bba6c

Request headers

:path
/images/2021/05/yourappleiphone-360x329.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:01 GMT
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
last-modified
Mon, 14 Jun 2021 16:11:45 GMT
server
AmazonS3
age
46
etag
"217639d5250f5bcb98126d791c7fb6c1"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=16070400
content-length
11536
x-amz-cf-pop
AMS1-C1
accept-ranges
bytes
x-amz-request-id
58P73B117VQD2N7Y
x-amz-id-2
ix7MLQ2EyiFm0yrtctC2vZ/lldl8wO4Oh/psbbirxicdXXIg6G+Jr/yZiUvMYxAhXc3UV7eIaTo=
x-amz-cf-id
yj_ip9hjkviEjRDeCqw1os5vQQdaWBqshBnz1R-rL9S3WxkF_8Asbw==
adware-popup-ads-advertisements-360x254.jpg
www.cyclonis.com/images/2021/04/ 		23 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cyclonis.com/images/2021/04/adware-popup-ads-advertisements-360x254.jpg
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
962537bcafabc0cb94b90e16ec3a9a18e90b7264b8ad1b039537c2701118c740

Request headers

:path
/images/2021/04/adware-popup-ads-advertisements-360x254.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:01 GMT
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
last-modified
Tue, 13 Apr 2021 17:43:00 GMT
server
AmazonS3
age
46
etag
"a2ce6d7bd7c2a4d33a3e30c907d9ae49"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=16070400
content-length
24057
x-amz-cf-pop
AMS1-C1
accept-ranges
bytes
x-amz-request-id
58PBXGVEJ2KXFWWA
x-amz-id-2
ew5RnSvlNZSRbq3HyCtsSdXu+Ep/+MW4xa7tGMlCxrh5uQTiU5fes/dS1GNz89n7kmv9q/QiPkI=
x-amz-cf-id
QAwMLPlFeo_DK7uo2s1eD1I64-XIpj4YscqqA4zoZDRioybBi4znng==
defaultsearch-360x360.jpg
www.cyclonis.com/images/2021/05/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cyclonis.com/images/2021/05/defaultsearch-360x360.jpg
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bae519ecb2f7eaed39d9a1028a6a085fa67337d88a71a2e75f89edbba81f4a85

Request headers

:path
/images/2021/05/defaultsearch-360x360.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:08 GMT
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
last-modified
Fri, 04 Jun 2021 15:44:38 GMT
server
AmazonS3
age
39
etag
"925b571159bd477d9913922685058501"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=16070400
content-length
10869
x-amz-cf-pop
AMS1-C1
accept-ranges
bytes
x-amz-request-id
99BPGJP8F11BQA34
x-amz-id-2
TYqVmHOUSmsl0qPkezXQ3cCTnONLiqfIj91RpwFDsC5o7gBwnB+6oIHmyAPeykWNB+iZ3xnIwVw=
x-amz-cf-id
TCS-ZuA_P1SvtnZWcneMY7srSQI-w_eYmWmOV9XB76DkwGgwUEE4_Q==
pop-up-warning-scam-360x206.jpg
www.cyclonis.com/images/2021/05/ 		24 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cyclonis.com/images/2021/05/pop-up-warning-scam-360x206.jpg
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1fd1a77fb0cc80b5b5103d447be21e88451f333c9b48f023506fba30e9a0b42e

Request headers

:path
/images/2021/05/pop-up-warning-scam-360x206.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:08 GMT
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
last-modified
Wed, 05 May 2021 17:13:02 GMT
server
AmazonS3
age
39
etag
"c7c1751ad3059e7d9dbb7e8f0fe38e7b"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=16070400
content-length
24816
x-amz-cf-pop
AMS1-C1
accept-ranges
bytes
x-amz-request-id
99BPA8G4XXJZE0E0
x-amz-id-2
mbO0a0ch2uitb/GRk6bwi7jYbXDvf8ASz/DuGi/Fa4owDctPQVQDXVOeRhNYNQIkz4ckV4pXJ5w=
x-amz-cf-id
k85oOz6OoJzfUEhJ-Vu-HzZiyk8Fk4hIElwqJgV9TJ0xxVP_sNzTvQ==
unpollutemymac-360x240.jpg
www.cyclonis.com/images/2021/05/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cyclonis.com/images/2021/05/unpollutemymac-360x240.jpg
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
225ce0a9567692f950e965103aa0ff13c02e2bf1fea308899701b0754d600e90

Request headers

:path
/images/2021/05/unpollutemymac-360x240.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:08 GMT
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
last-modified
Fri, 04 Jun 2021 15:41:43 GMT
server
AmazonS3
age
39
etag
"a4f16dfef66df5892697dc25209193cd"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=16070400
content-length
13898
x-amz-cf-pop
AMS1-C1
accept-ranges
bytes
x-amz-request-id
99BPE6SXVM5JDRMJ
x-amz-id-2
bZMQbAeYO0MWe0jC3HR9hu3nBuGPjE1vxM+PHu5M+vZ8lrF9E8vONCO96BHKDrLHIFBA6vmyqxk=
x-amz-cf-id
qadO1F_mSp4-zEF9V3J4DcECiS6svbmWpQc7T_wNkRdkbM8yiWMByA==
error-message-360x238.jpg
www.cyclonis.com/images/2021/04/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cyclonis.com/images/2021/04/error-message-360x238.jpg
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4e9898a93d28b72dcdf8dbdc39db3079289504dbc0d4c80f4d8a4e9ef2d9d5f4

Request headers

:path
/images/2021/04/error-message-360x238.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 18:47:17 GMT
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
last-modified
Tue, 06 Apr 2021 16:19:25 GMT
server
AmazonS3
age
49290
etag
"946f5786d8d54a7eaa69bd6d6323af3f"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=16070400
content-length
8088
x-amz-cf-pop
AMS1-C1
accept-ranges
bytes
x-amz-request-id
S4K3VX7ADB0BEPJZ
x-amz-id-2
dmh2TRXPs8Qzq/BqIHtr5uv1gws+DVzMTGQgIlY2IcGTVA7iNXW628Ri4WF85HqlAq1aErOdBiY=
x-amz-cf-id
Xh4nTYxZX8K6n94AzxfX9KIXtThQXSv7IvQLWIbox61wVd8WVuXqGA==
browser_password_safety.png
www.cyclonis.com/images/2020/04/ 		229 KB
230 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cyclonis.com/images/2020/04/browser_password_safety.png
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
edce9f27df5f796db2d86ab09d09f7fc87318eb202702991d9f14373b9f5e3f2

Request headers

:path
/images/2020/04/browser_password_safety.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:08 GMT
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
last-modified
Mon, 20 Apr 2020 13:03:31 GMT
server
AmazonS3
age
39
etag
"8e20069b90e4fb22b846925ef924e975"
x-cache
Hit from cloudfront
content-type
image/png
content-length
234553
x-amz-cf-pop
AMS1-C1
accept-ranges
bytes
x-amz-request-id
99BXQYA57TY7V9D3
x-amz-id-2
mT1Z9+rSheCz2lI8aApB9+sDGII0htmS8SbzB0RMoTYVZPdBuMNKsA6F/Ry3uKXMieIeTauNYCo=
x-amz-cf-id
IAG2B6XWyWsF8eZADIgnWTRB46GogbrII1fYdV2Yl3ryYIoAe7RjQA==
hotelbreach-360x240.jpg
www.cyclonis.com/images/2020/11/ 		36 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cyclonis.com/images/2020/11/hotelbreach-360x240.jpg
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f30eed7fb65cf909ddbf0a77328936ac39ce10b391e2754c538b4b2128f82abf

Request headers

:path
/images/2020/11/hotelbreach-360x240.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:08 GMT
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
last-modified
Thu, 12 Nov 2020 16:19:22 GMT
server
AmazonS3
age
39
etag
"ef0b56ad64ae443e139c84a7e3556d46"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=16070400
content-length
37345
x-amz-cf-pop
AMS1-C1
accept-ranges
bytes
x-amz-request-id
99BPA2NGGXPRHAZQ
x-amz-id-2
V9kB5dlhNJWxNuhRW/KUfnacZfvXhluU1ldT3c7eCznswUrMUliruhI2xjfVg2Zrn0Jxr+bw2dg=
x-amz-cf-id
hMBqMH4hcTttoQIVQvkEj7fatTj6KFSHiYvXSpfNem6Yr8h1mWEIqQ==
webshell-360x240.jpg
www.cyclonis.com/images/2021/02/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cyclonis.com/images/2021/02/webshell-360x240.jpg
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8f0497d1ce7d5af1543f24dd1bfc1e7181460d8b082a581c626432f224ef9763

Request headers

:path
/images/2021/02/webshell-360x240.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:08 GMT
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
last-modified
Mon, 15 Feb 2021 17:20:58 GMT
server
AmazonS3
age
39
etag
"6c996cab4d2453a8177216952a5ea69d"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=16070400
content-length
16742
x-amz-cf-pop
AMS1-C1
accept-ranges
bytes
x-amz-request-id
99BG53HBY8PR4HZ5
x-amz-id-2
BJAGaPD9hAeaYKvCRFs/hYXOVGRVB5weBofD1tuMK/PskKhsxhmVfxQstL4oqzOpke/3Zu9fEl4=
x-amz-cf-id
i34455tQwU5KW7ezIf7igNCDbEsll_Igq6MrkqdWjLDv67nlFk3lZA==
writeerror-360x260.jpg
www.cyclonis.com/images/2021/01/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cyclonis.com/images/2021/01/writeerror-360x260.jpg
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0a1d779d4bad3f1ef7834395cac5a28d1c65c0616756548b6b82002cac1eabbe

Request headers

:path
/images/2021/01/writeerror-360x260.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:08 GMT
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
last-modified
Tue, 05 Jan 2021 17:07:51 GMT
server
AmazonS3
age
39
etag
"fa6b8e9bceda7754fd24b7e6355265ef"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=16070400
content-length
12359
x-amz-cf-pop
AMS1-C1
accept-ranges
bytes
x-amz-request-id
99BQK72Q1DZBSV6Z
x-amz-id-2
1rSYeE9LpISzFdLrz09tCz3DesGRSnoiRFGf6STQvE3juqzbP0K4VDAOd5Wg5YnIQXiXCVSo4GY=
x-amz-cf-id
HnDKAHjIPB4IBdD-IrfwqJf6B5vh7_iBUpjmIg79J5tFixqrMwI39A==
xeroxcolorworkstationemail-360x279.jpg
www.cyclonis.com/images/2021/05/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cyclonis.com/images/2021/05/xeroxcolorworkstationemail-360x279.jpg
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4641f0c77f5bd0581112da073060172a34d4bcaa9c967f4e7a0411c7fc3877df

Request headers

:path
/images/2021/05/xeroxcolorworkstationemail-360x279.jpg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 18:47:17 GMT
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
last-modified
Thu, 20 May 2021 15:53:31 GMT
server
AmazonS3
age
49290
etag
"0a904dc2787cce1cef5a395572bd86d5"
x-cache
Hit from cloudfront
content-type
image/jpeg
cache-control
max-age=16070400
content-length
12116
x-amz-cf-pop
AMS1-C1
accept-ranges
bytes
x-amz-request-id
S4K0PQZCAS1Z8SHC
x-amz-id-2
AOD0SSsQ2O3SwEtQXNYyVYVevIo+24AE2eCsFq69NIR4MTp4QgYmyi+VbTwRBL861OWetcFN1oU=
x-amz-cf-id
_n2yV-uBEqr_oxhexM_yuFg6jgTT4E8-ftK8xfBu6tmVZJLAxqTJCA==
browser_security-360x180.png
www.cyclonis.com/images/2020/12/ 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cyclonis.com/images/2020/12/browser_security-360x180.png
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
510ca457b559ae0a80e4effda7c4d113f55a8f1f0895149f94ec39b7c79c33c6

Request headers

:path
/images/2020/12/browser_security-360x180.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:08 GMT
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
last-modified
Mon, 07 Dec 2020 14:31:47 GMT
server
AmazonS3
age
39
etag
"615a3e59441d56f806bf8a723e9f90bd"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=16070400
content-length
41565
x-amz-cf-pop
AMS1-C1
accept-ranges
bytes
x-amz-request-id
99BGYZENXRB9JT8V
x-amz-id-2
dChxL/kjLzYqP/kOY3JhH3DxcQ9SYK8PT9VIjLsfvom6xWZp4R01sH3CE6EtW/T40HWZXOCBHBM=
x-amz-cf-id
1VNKSMfHs-5Erf-vxnrQZFbpir5zhz7sUjOWinZouJuH6Y4Xct3oOw==
backup.svg
www.cyclonis.com/wp-content/themes/default/images/main/cyclonis-backup/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cyclonis.com/wp-content/themes/default/images/main/cyclonis-backup/backup.svg
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f32dad023faebb62410971305bca111e0e42b8611406e91e82c0369c2ee02967

Request headers

:path
/wp-content/themes/default/images/main/cyclonis-backup/backup.svg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 14:35:41 GMT
content-encoding
gzip
last-modified
Wed, 20 Jan 2021 12:43:24 GMT
server
AmazonS3
age
64386
etag
W/"1c40e1fecc4cd0b8309d3bd306666ed0"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-C1
x-amz-request-id
9E1BXW0Y1FGNB533
x-amz-cf-id
twdienOLqQ2VYWXDIebBsRg6H7C_xC0XXVP8Mw8oeqGLyfUa6_mX7g==
x-amz-id-2
MMDmxfPJbOw0lbqYi6OvpcIrzRHC9BMOGscmqBEVeZZe3Vb5HTq+1n/7XXomsabxnZettAMskPw=
CPM-blue.svg
www.cyclonis.com/wp-content/themes/default/images/main/password-manager/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cyclonis.com/wp-content/themes/default/images/main/password-manager/CPM-blue.svg
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b306b1d77137d5a6808180409ba48e28f61c30f8b6835cbb307e84fbd38cac15

Request headers

:path
/wp-content/themes/default/images/main/password-manager/CPM-blue.svg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 14:35:41 GMT
content-encoding
gzip
last-modified
Wed, 20 Jan 2021 12:43:23 GMT
server
AmazonS3
age
64386
etag
W/"ee808e44ddd19e73dbaebb6206974cad"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-C1
x-amz-request-id
9E1CV46QWTN6VM04
x-amz-cf-id
_SxJ3ghzp1EykNGNCBucr30o_fxyMWZt0B2tDeBD3i2Kd49oxWaEyg==
x-amz-id-2
wB5sEzsr0tArkC0ilrkZInuUbfVinjXw630RixOQaE9W4fhcA2yLOZnkM4FMG8+XpJllvE5NpQQ=
cwt.svg
www.cyclonis.com/wp-content/themes/default/images/main/world-time/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cyclonis.com/wp-content/themes/default/images/main/world-time/cwt.svg
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b864439813f3427a9131a8486a92216da817c0862d31f56e847b06b6d0d5d37e

Request headers

:path
/wp-content/themes/default/images/main/world-time/cwt.svg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 14:35:41 GMT
content-encoding
gzip
last-modified
Wed, 20 Jan 2021 12:43:24 GMT
server
AmazonS3
age
64386
etag
W/"cfc947428c358adf0c481fff1a5fc1b2"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-C1
x-amz-request-id
9E120G9QRMFC5MR3
x-amz-cf-id
5Pf9ozFKemdfvYRfqrCLIohuA9SM96i0d2nGuaU8B0EDPgjHVoaNcg==
x-amz-id-2
IszW2ZIJQmmzTry0F9sbu/qGKcv3uHDw+kw8A1rDV8eJqYXlfCesx9e1wJNnr65m7S+SYkaoSvs=
company-blue.svg
www.cyclonis.com/wp-content/themes/default/images/pages/company/icons/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cyclonis.com/wp-content/themes/default/images/pages/company/icons/company-blue.svg
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7488f2006e17c84efc8087b07436668662b913b11cd0c4f4f79c3e28dd62a3a8

Request headers

:path
/wp-content/themes/default/images/pages/company/icons/company-blue.svg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 14:35:41 GMT
content-encoding
gzip
last-modified
Wed, 20 Jan 2021 12:43:24 GMT
server
AmazonS3
age
64386
etag
W/"6eb5d9ed445371238acedd25ed803c09"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-C1
x-amz-request-id
9E1F6Q62TQE1TNRK
x-amz-cf-id
abcaPFV_DS06fOxFOuQcoFjYQrddxklRToxQwj2uhwrZtKK7JZq-hQ==
x-amz-id-2
kpfrXSNNRk/QTFisX/MfWcnUAUHELQHRAKzpOwjd2tU5k5aY+AYHZXzwcva2izSDw1zgwCV6Bco=
contact-blue.svg
www.cyclonis.com/wp-content/themes/default/images/pages/contact/icons/ 		284 B
714 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cyclonis.com/wp-content/themes/default/images/pages/contact/icons/contact-blue.svg
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
22e02e389c55f576750d892516f77893f50c652572593f1e0d7b421473c12d43

Request headers

:path
/wp-content/themes/default/images/pages/contact/icons/contact-blue.svg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 14:35:41 GMT
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
last-modified
Wed, 20 Jan 2021 12:43:24 GMT
server
AmazonS3
age
64386
etag
"a54ae17f35efb8d3b527c42554b3fd1d"
x-cache
Hit from cloudfront
content-type
image/svg+xml
content-length
284
x-amz-cf-pop
AMS1-C1
accept-ranges
bytes
x-amz-request-id
9E12HGX7HJ65T53F
x-amz-id-2
sC4hwsGBmVuRaQ87mXp0CjX9gsSm6DOE3tuINqEgHhCSI6RQcnPNdG4aXIBtpofsREy2zSa3rVE=
x-amz-cf-id
5hvINbo8ZJ0FhqshSkfWkBPr7y6ZfRZH-yKBcLbJYeZ1of89WqP8Uw==
logo.svg
www.cyclonis.com/wp-content/themes/default/images/main/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cyclonis.com/wp-content/themes/default/images/main/logo.svg
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8cb3690ddeeddcc2a682dc8d29c971d9fc366ce11732cc8d5276c1d7cc28adc2

Request headers

:path
/wp-content/themes/default/images/main/logo.svg
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 14:35:54 GMT
content-encoding
gzip
last-modified
Wed, 20 Jan 2021 12:43:24 GMT
server
AmazonS3
age
64373
etag
W/"0b3b2d8b533ca5a7d553c28c680da2dc"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-C1
x-amz-request-id
9TEEJPS2B729WFNY
x-amz-cf-id
ZwJ8LpPBKibYIlOw0l_P8uzISqLqfxnGYGZaVSCSPBw9wL0rasVKBQ==
x-amz-id-2
5lBMk9/a18dLJeDqn/5K+atzTxMYdN7s5G7K+j5N5ROGsgFLIeeBWxvYksBV30SClX/IRApA/Hs=
ads.js.php
www.cyclonis.com/wp-content/plugins/adrotate/ 		329 KB
330 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cyclonis.com/wp-content/plugins/adrotate/ads.js.php?v1=1624886945&v2=1619413648
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6f70ceab51f45edb346d52a6275f86e3eb148b3502036cdcee3043f818c573a5

Request headers

:path
/wp-content/plugins/adrotate/ads.js.php?v1=1624886945&v2=1619413648
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 14:35:41 GMT
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
last-modified
Mon, 28 Jun 2021 13:35:29 GMT
server
AmazonS3
age
64386
etag
"984aec1977ce65f82afdb8893c1674f6"
x-cache
Hit from cloudfront
content-type
application/octet-stream
content-length
337109
x-amz-cf-pop
AMS1-C1
accept-ranges
bytes
x-amz-request-id
9E1B570JCSC9GE85
x-amz-id-2
zws5/kEUCtRwjTbuuuHc714HNrIy7dOZ0JvQpGWIop7evq/rM9yFCJXlxHC8Z1sn4yXvc+kRThw=
x-amz-cf-id
0WOPpem6YYDzqc9urjPBbUYBLy-JDIECdqV362U8sty8ly3UUuHqRw==
exit-popup.js.php
www.cyclonis.com/wp-content/plugins/exit-popup/js/ 		10 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cyclonis.com/wp-content/plugins/exit-popup/js/exit-popup.js.php?v1=1624886945&v2=1593417117
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a33fff4dda2a53981033e0c0e2a2f8ff51d3a8d1b7d8229707ee58871c9dcd9a

Request headers

:path
/wp-content/plugins/exit-popup/js/exit-popup.js.php?v1=1624886945&v2=1593417117
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 14:35:41 GMT
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
last-modified
Mon, 28 Jun 2021 13:35:30 GMT
server
AmazonS3
age
64386
etag
"8659193933f2f74cdc6f6e1ea49c3fc8"
x-cache
Hit from cloudfront
content-type
application/octet-stream
content-length
10072
x-amz-cf-pop
AMS1-C1
accept-ranges
bytes
x-amz-request-id
9E16YP2TMMRKEXN7
x-amz-id-2
1+5LfreenQhLviIEyRJLkvHlaTxu+VhEPxB2pVrjMCmg1bXssrYqHC5+9+PHGson1N+UCome9uM=
x-amz-cf-id
qABjXxFqREHtF84k2Ojwrh31h2ymGlc2aoAJQnGcA8Rd3Im6-z7bmQ==
bundle.js
www.cyclonis.com/wp-content/themes/default/js/ 		342 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cyclonis.com/wp-content/themes/default/js/bundle.js?1624887131
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ab6f8abb259532862aeca0068cacaebb2355edf04a3645efa80f3ec0ddfed4be

Request headers

:path
/wp-content/themes/default/js/bundle.js?1624887131
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/threats/browser-hijacker/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/threats/browser-hijacker/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 14:35:41 GMT
content-encoding
gzip
last-modified
Mon, 24 May 2021 16:49:15 GMT
server
AmazonS3
age
64386
etag
W/"20bff91c9010104ebb7bca1a621fcdfa"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-C1
x-amz-request-id
9E13TSC402PRA6DV
x-amz-cf-id
5mFobg5VocYOX_TQarsFm6Ul9muNyE8bCwVh9rICMQRYzSwgKj8nSg==
x-amz-id-2
N1KCKDbarKzEg/jcEpC4PK3cHfbdBH9EgRZDTsMKX7bk6gJ6htZkgwLWnkJdXMQFtffeD6Ns+YM=
p.css
p.typekit.net/ 		5 B
162 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p.typekit.net/p.css?s=1&k=ddt6yri&ht=tk&f=139.140.175.176&a=2788627&app=typekit&e=css
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/ddt6yri.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:28d::19fd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Referer
https://use.typekit.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:46 GMT
last-modified
Thu, 05 Nov 2020 13:49:42 GMT
server
nginx
etag
"5fa402f6-5"
content-type
text/css
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
5
gtm.js
www.googletagmanager.com/ 		99 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NBRCHSV
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6cb1ab413dc76e8b4f47c7d068b0a7b64065073d3363ec455735954905251b7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:46 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37942
x-xss-protection
0
last-modified
Wed, 30 Jun 2021 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 30 Jun 2021 08:28:46 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NBRCHSV
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
92bd24374fb205c765a133d522acb2772693d2ccd486b7855e2447918de296a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14011
x-xss-protection
0
server
cafe
etag
1690124483490796579
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 30 Jun 2021 08:28:46 GMT
bat.js
bat.bing.com/ 		30 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NBRCHSV
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
73e2e5173ed0d5a77b02914fa0ef1f67bb53143da75f0348f558f95565220ca1

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:46 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 20:25:24 GMT
x-msedge-ref
Ref A: 23582D82229F4195BE4834260095AEFE Ref B: FRAEDGE1212 Ref C: 2021-06-30T08:28:46Z
etag
"0d2a696ff53d71:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
9008
insight.min.js
snap.licdn.com/li.lms-analytics/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29b::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
6e6e6a03e72a528c28884b50bf296425667f38dd0aaf1dd17ce89199ffc85271

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Wed, 30 Jun 2021 08:28:46 GMT
Content-Encoding
gzip
Last-Modified
Tue, 15 Jun 2021 01:25:13 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=26993
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2079
fbevents.js
connect.facebook.net/en_US/ 		95 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
31a54a93488f9711927aeb875ff1dd63a8c41359847f10f9cea7488dc65179b7
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
24675
x-xss-protection
0
pragma
public
x-fb-debug
mrQNgcHB3KsFbfoKLNm3SathEgttp0vqdnkPL3YHdwyXRjk0EPBySQkQG+xPfeDPbHNhRkv893kNSRzfBOanhg==
x-fb-trip-id
686109401
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 30 Jun 2021 08:28:46 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
main.js
m9m6e2w5.stackpathcdn.com/v2/fda149e8/ 		177 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/fda149e8/main.js
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
1da4ce28881ec4a7b530d4f044cbdf90dfb072237a7b81c16f27a7cfa7c2d603

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:46 GMT
content-encoding
gzip
last-modified
Mon, 21 Jun 2021 17:14:12 GMT
server
nginx
x-amz-request-id
69TVFVB9AY9ZABYA
etag
"52107529ca98cbe1fd746832e2de60cd"
x-hw
1625041726.cds020.sk1.hn,1625041726.cds073.sk1.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
52307
x-amz-id-2
LByhoyFqV5XjCJn0gM2wrx5q1CuALsB5CNhQvetTdxYB+VOO0SW33DLE08hMHIUT/HVL/iQBbOc=
lftracker_v1_YEgkB8lvZRp4ep3Z.js
sc.lfeeder.com/ 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc.lfeeder.com/lftracker_v1_YEgkB8lvZRp4ep3Z.js
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:4400:1f:f723:6fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6b57c0d60c7b16f657bb50ef9259fec08824fa8d75453e4a981dc5f5f0609493

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
V9ANATsisFq5eMZW86w8qjQ_DLQidvf6
content-encoding
gzip
last-modified
Fri, 25 Jun 2021 09:46:46 GMT
server
AmazonS3
age
1141
etag
W/"2ef082dbe00083ce12111705bcd79c56"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 baa5702f7bd64fcbae1e3bd950d9a245.cloudfront.net (CloudFront)
cache-control
max-age=3600
date
Wed, 30 Jun 2021 08:10:19 GMT
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
VgBOjVCyev8ivcQgJVmi8RXukb0u_vkjtHydu0BQvGpwcOqHQmEDBQ==
d82166219a5881e2221bfd56223fd7df.json
www.shareaholic.net/config/ 		6 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.shareaholic.net/config/d82166219a5881e2221bfd56223fd7df.json
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.197.98.98 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-197-98-98.compute-1.amazonaws.com
Software
nginx /
Resource Hash
5e2bdda3db244e9c39cee848907d2462e5b7df6aed408bf904838af0c7ffa136

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-client-geo-country
SE,Sweden
date
Tue, 29 Jun 2021 19:17:14 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
content-length
1529
server
nginx
x-client-geo-region
x-client-geo-metrocode
etag
W/"5e2bdda3db244e9c39cee848907d2462"
access-control-max-age
2000
x-client-geo-city
x-varnish
682400305 669915518
via
1.1 varnish (Varnish/6.0)
access-control-expose-headers
Etag, Access-Control-Allow-Origin, x-client-geo-latlong, x-client-geo-country, x-client-geo-city, x-client-geo-zip, x-client-geo-region, x-client-geo-metrocode
cache-control
max-age=3, public, must-revalidate
x-client-geo-zip
accept-ranges
bytes
content-type
application/json
access-control-allow-headers
*
x-client-geo-latlong
59.324700,18.056000
1559634284327625
connect.facebook.net/signals/config/ 		260 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1559634284327625?v=2.9.42&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
11b12b7531b1983eb8239b58ff5360065b083c916cfaaf3629e2345b80447267
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
RwPssyly3SR8V9lW8ZDiAwOhUKcvEi/RFnZrm2OSuECBG7H5EhvwSg0pEwO9Xkwi0KMPlbS/5kn9vRroOCbQqA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coop_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 30 Jun 2021 08:28:46 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=121120&time=1625041726614&url=https%3A%2F%2Fwww.cyclonis.com%2Fthreats%2Fbrowser-hijacker%2F
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D121120%26time%3D1625041726614%26url%3Dhttps%253A%252F%252Fwww.cyclonis.com%252Fth...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=121120&time=1625041726614&url=https%3A%2F%2Fwww.cyclonis.com%2Fthreats%2Fbrowser-hijacker%2F&liSync=true
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=121120&time=1625041726614&url=https%3A%2F%2Fwww.cyclonis.com%2Fthreats%2Fbrowser-hijacker%2F&liSync=true&e_ipv6=AQKv58yU04zzFgAAAXpcCO9X1eWLMEEg6...
0
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=121120&time=1625041726614&url=https%3A%2F%2Fwww.cyclonis.com%2Fthreats%2Fbrowser-hijacker%2F&liSync=true&e_ipv6=AQKv58yU04zzFgAAAXpcCO9X1eWLMEEg6IrNI7MsYaqORwtZzzR9vsTkxZQ9tzZ8uT4g2av0
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
108-174-10-14.fwd.linkedin.com
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:47 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lor1
x-li-proto
http/2
x-li-pop
prod-edc2
content-type
application/javascript
content-length
0
x-li-uuid
XHYYX9dOjRYgZIlldCsAAA==

Redirect headers

date
Wed, 30 Jun 2021 08:28:47 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=121120&time=1625041726614&url=https%3A%2F%2Fwww.cyclonis.com%2Fthreats%2Fbrowser-hijacker%2F&liSync=true&e_ipv6=AQKv58yU04zzFgAAAXpcCO9X1eWLMEEg6IrNI7MsYaqORwtZzzR9vsTkxZQ9tzZ8uT4g2av0
x-li-proto
http/2
x-li-pop
prod-esv5
content-length
0
x-li-uuid
V4uzVNdOjRZgzim7sCoAAA==
25014077.js
bat.bing.com/p/action/ 		0
126 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/25014077.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ARR/3.0
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 30 Jun 2021 08:28:46 GMT
cache-control
private,max-age=86400
x-msedge-ref
Ref A: 70EA92AAAD2046348600E3A12E0F5389 Ref B: FRAEDGE1212 Ref C: 2021-06-30T08:28:46Z
x-powered-by
ARR/3.0
x-cache
CONFIG_NOCACHE
truncated
/ 		655 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8487075861356f3db8b150048001f1f9f98d9f1b69de3a184bf6e4a68c5386cf

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		714 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0bdf9fe04d456ca137c1650a9ed4e54ea9f5cf4716afdfed97c95192f15539a1

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		600 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
de09822fbabc8d70afe9ce25da49c7a8106a07728138135c4f0de12aec7dc4f2

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
youtube.svg
www.cyclonis.com/wp-content/themes/default/images/main/icons/social/ 		555 B
987 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cyclonis.com/wp-content/themes/default/images/main/icons/social/youtube.svg?v2
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/wp-content/themes/default/css/bundle.css?1624887129
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.77.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
768bdb94ed0ba82fc0ea22254fb006719c2003f2f6fba62b237b2f6f379309c4

Request headers

:path
/wp-content/themes/default/images/main/icons/social/youtube.svg?v2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.cyclonis.com
referer
https://www.cyclonis.com/wp-content/themes/default/css/bundle.css?1624887129
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.cyclonis.com/wp-content/themes/default/css/bundle.css?1624887129
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 14:35:41 GMT
via
1.1 d91961fd00a0c4f7aae668984dcb62a8.cloudfront.net (CloudFront)
last-modified
Wed, 20 Jan 2021 12:43:24 GMT
server
AmazonS3
age
64386
etag
"73eca9782804d3759aea347a2f70314f"
x-cache
Hit from cloudfront
content-type
image/svg+xml
content-length
555
x-amz-cf-pop
AMS1-C1
accept-ranges
bytes
x-amz-request-id
9E1CEEJ67X8EFY9Z
x-amz-id-2
xUV1JpQlM1qCm+U+e0V5UWB4TPmjH1tr5g4TpR4lKuvPa0SQND9YhvQZg6H4JqNrMU5CHRO6p2Q=
x-amz-cf-id
0Yvw_l-w9YZ0PN6DCUvu6ONvFQLr6REIxflAjTMbvftliHrrII39xA==
truncated
/ 		418 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
58ab5ed053cac32b1aeb1457dee8db3e89334e7aa4c7a00d2b313741de838898

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		326 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2ebd66102d1cabeac3c438da71fca40956b9ecbaa04c758212cfce63b13eb36c

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		244 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c1026fb09e2a8621b0fa5ccd4f3c8249456767a5ea3fdc5ae8f341cd74a0c7fb

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml
l
use.typekit.net/af/4838bd/00000000000000003b9b0934/27/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/4838bd/00000000000000003b9b0934/27/l?primer=faa6313b65fcf8f6d6b3c9326732dd497228b2fb1a4ea6ec96bebbefec93e89c&fvd=n4&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/ddt6yri.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
7f5dbd7c4a499d3cdb82a7fbb9c04a3105e5e4948fdf1bc3e9583411270bf8fd

Request headers

Origin
https://www.cyclonis.com
Referer
https://use.typekit.net/ddt6yri.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:46 GMT
server
nginx
etag
"4bb88608ef3bf293048c5f7084b3109d5b749aea"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
31760
l
use.typekit.net/af/71f83c/00000000000000003b9b093b/27/ 		32 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/71f83c/00000000000000003b9b093b/27/l?primer=faa6313b65fcf8f6d6b3c9326732dd497228b2fb1a4ea6ec96bebbefec93e89c&fvd=n7&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/ddt6yri.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
5d020f0816f095ec95ce34142cfe30d72d2785ae356a00dc3ff6fb5f0b78570b

Request headers

Origin
https://www.cyclonis.com
Referer
https://use.typekit.net/ddt6yri.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:46 GMT
server
nginx
etag
"e49dfdd3c83277c3a9625f26c0d4dcbc3f0cbf66"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
32756
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/824702751/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/824702751/?random=1625041726751&cv=9&fst=1625041726751&num=1&label=iMP4CNOjlXoQn-6fiQM&guid=ON&resp=GooglemKTybQhCsO&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg6n0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cyclonis.com%2Fthreats%2Fbrowser-hijacker%2F&tiba=Browser%20Hijacker%20Archives%20-%20Cyclonis&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
410d3c35312febd6631957a4217eda1a7fc2cfc8370c8a5ea04dc920f9cbec2b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 30 Jun 2021 08:28:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1074
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
e
analytics.shareaholic.com/ 		43 B
381 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.shareaholic.com/e
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/fda149e8/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.236.80.213 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-236-80-213.compute-1.amazonaws.com
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Content-Security-Policy referrer always

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Wed, 30 Jun 2021 08:28:47 GMT
vary
Origin
p3p
CP="OTI DSP COR DEVo ADMa OUR CONo IND COM INT ONL PUR STA OTC"
access-control-allow-origin
https://www.cyclonis.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
referer-policy
unsafe-url
content-security-policy
referrer always
content-type
image/gif
content-length
43
expires
Thu, 01 Jan 1970 00:00:00 GMT
0
bat.bing.com/action/ 		0
148 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=25014077&tm=gtm001&Ver=2&mid=fc49dc2b-2e00-42ce-98ba-b39405b7c126&sid=30437ce0d97d11eb9e0b85044423ef30&vid=3043b140d97d11eba607a1f425c09aca&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Browser%20Hijacker%20Archives%20-%20Cyclonis&kw=cyclonis&p=https%3A%2F%2Fwww.cyclonis.com%2Fthreats%2Fbrowser-hijacker%2F&r=&lt=585&evt=pageLoad&msclkid=N&sv=1&rn=283009
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Wed, 30 Jun 2021 08:28:46 GMT
cache-control
no-cache, must-revalidate
x-msedge-ref
Ref A: EB235169D3E143E5B85C02111131E24A Ref B: FRAEDGE1212 Ref C: 2021-06-30T08:28:46Z
x-cache
CONFIG_NOCACHE
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		90 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-97860296-3
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NBRCHSV
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
cd4345a4050e2839204365a896b32b6fbddac6874c6433917c35c47c9b9b685e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:46 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36364
x-xss-protection
0
last-modified
Wed, 30 Jun 2021 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 30 Jun 2021 08:28:46 GMT
/
www.google.com/pagead/1p-user-list/824702751/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/824702751/?random=1625041726751&cv=9&fst=1625040000000&num=1&label=iMP4CNOjlXoQn-6fiQM&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg6n0&sendb=1&frm=0&url=https%3A%2F%2Fwww.cyclonis.com%2Fthreats%2Fbrowser-hijacker%2F&tiba=Browser%20Hijacker%20Archives%20-%20Cyclonis&async=1&fmt=3&is_vtc=1&random=2464907813&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 30 Jun 2021 08:28:46 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/824702751/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/824702751/?random=1625041726751&cv=9&fst=1625040000000&num=1&label=iMP4CNOjlXoQn-6fiQM&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg6n0&sendb=1&frm=0&url=https%3A%2F%2Fwww.cyclonis.com%2Fthreats%2Fbrowser-hijacker%2F&tiba=Browser%20Hijacker%20Archives%20-%20Cyclonis&async=1&fmt=3&is_vtc=1&random=2464907813&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 30 Jun 2021 08:28:46 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
147 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1559634284327625&ev=PageView&dl=https%3A%2F%2Fwww.cyclonis.com%2Fthreats%2Fbrowser-hijacker%2F&rl=&if=false&ts=1625041726956&sw=1600&sh=1200&v=2.9.42&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1625041726955.897004261&it=1625041726612&coo=false&rqm=GET
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:46 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Wed, 30 Jun 2021 08:28:46 GMT
sharebuttons.js
m9m6e2w5.stackpathcdn.com/v2/fda149e8/ 		138 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/fda149e8/sharebuttons.js
Requested by
Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
2d7f69569a48ee858f5c13abb9a549b189cf265f51c1bd7a831a348f8a578d20

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:46 GMT
content-encoding
gzip
last-modified
Mon, 21 Jun 2021 17:14:13 GMT
server
nginx
x-amz-request-id
RK1TXTDNXM6APVKJ
etag
"3cbd31336004f77a1c3890ac72027085"
x-hw
1625041726.cds020.sk1.hn,1625041726.cds205.sk1.c
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000, public
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges
bytes
content-length
29967
x-amz-id-2
QV1SvA1DTRtpZOvAtz42qiEWS/34FprgKXaNIcoVJ01Ef24KfHQkX5/6PX4akctnSBUuzNxdJN0=
partners.js
partner.shareaholic.com/ 		0
265 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.shareaholic.com/partners.js?location=https%3A%2F%2Fwww.cyclonis.com%2Fthreats%2Fbrowser-hijacker%2F&canonical=https%3A%2F%2Fcyclonis.com%2Fthreats%2Fbrowser-hijacker%2F&cl=en-US&id_sync=f4ada272-019e-4403-9ac9-409be83da1ae&minify=1&site=d82166219a5881e2221bfd56223fd7df
Requested by
Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/fda149e8/main.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.20.147.136 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-20-147-136.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 30 Jun 2021 08:28:47 GMT
vary
Accept-Encoding, User-Agent
p3p
CP='OTI DSP COR DEVo ADMa OUR CONo IND COM INT ONL PUR STA OTC'
cache-control
no-cache, no-store, must-revalidate
content-type
application/javascript;charset=utf-8
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
analytics.js
www.google-analytics.com/ 		48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-97860296-3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 09 Jun 2021 17:36:57 GMT
server
Golfe2
age
3422
date
Wed, 30 Jun 2021 07:31:45 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19661
expires
Wed, 30 Jun 2021 09:31:45 GMT
js
www.googletagmanager.com/gtag/ 		87 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-824702751&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-97860296-3
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
86e20d8db6c8be022127febe23e7e9806f52b840dacfb31d57eac7784a554f3d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:47 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35077
x-xss-protection
0
last-modified
Wed, 30 Jun 2021 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 30 Jun 2021 08:28:47 GMT
shareaholic-icons.woff
m9m6e2w5.stackpathcdn.com/v2/fonts_0ecbeeff/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://m9m6e2w5.stackpathcdn.com/v2/fonts_0ecbeeff/shareaholic-icons.woff
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
21e444926ee2b1297a9888fe081f196a640763626243aa07b80ff171049e7a8c

Request headers

Origin
https://www.cyclonis.com
Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:47 GMT
content-encoding
gzip
x-amz-request-id
69TP23MABYQHX1Y5
access-control-allow-methods
GET, HEAD, PUT, POST, DELETE
x-hello-human
Join the fun! Apply at www.shareaholic.com/jobs
content-length
20572
x-amz-id-2
9ZH/eHlLCZzUV4JWpnX4G9oq47peLAEGIH7xWCdGQolptSd/dTojXYNYTCFgNmIU3kTyzpGvAxA=
last-modified
Mon, 17 May 2021 22:31:36 GMT
server
nginx
etag
"0e26e8e2b7a79ff2a9e9fe9ef5382e6d"
access-control-max-age
2000
x-hw
1625041727.cds068.sk1.hn,1625041727.cds071.sk1.c
content-type
font/woff
access-control-allow-origin
*
access-control-expose-headers
ETag, Access-Control-Allow-Origin
cache-control
max-age=31536000, public
accept-ranges
bytes
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j91&a=1874228942&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cyclonis.com%2Fthreats%2Fbrowser-hijacker%2F&ul=en-us&de=UTF-8&dt=Browser%20Hijacker%20Archives%20-%20Cyclonis&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=81001836&gjid=394291962&cid=1541896147.1625041727&tid=UA-97860296-3&_gid=1394329518.1625041727&_r=1&gtm=2ou6n0&z=1729222627
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 30 Jun 2021 08:28:47 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.cyclonis.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/824702751/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/824702751/?random=1625041727239&cv=9&fst=1625041727239&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa6n0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.cyclonis.com%2Fthreats%2Fbrowser-hijacker%2F&tiba=Browser%20Hijacker%20Archives%20-%20Cyclonis&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
430d0754212e839c40bf98b6176ebe2c1d0aff96b0cc067035ce5a459cdb643b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 30 Jun 2021 08:28:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1054
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		1 B
88 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j91&tid=UA-97860296-3&cid=1541896147.1625041727&jid=81001836&gjid=394291962&_gid=1394329518.1625041727&_u=YEBAAUAAAAAAAC~&z=146113592
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c08::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Wed, 30 Jun 2021 08:28:47 GMT
content-type
text/plain
access-control-allow-origin
https://www.cyclonis.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/824702751/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/824702751/?random=1625041727239&cv=9&fst=1625040000000&num=1&bg=ffffff&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa6n0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.cyclonis.com%2Fthreats%2Fbrowser-hijacker%2F&tiba=Browser%20Hijacker%20Archives%20-%20Cyclonis&async=1&fmt=3&is_vtc=1&random=935013980&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 30 Jun 2021 08:28:47 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/824702751/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/824702751/?random=1625041727239&cv=9&fst=1625040000000&num=1&bg=ffffff&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa6n0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.cyclonis.com%2Fthreats%2Fbrowser-hijacker%2F&tiba=Browser%20Hijacker%20Archives%20-%20Cyclonis&async=1&fmt=3&is_vtc=1&random=935013980&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 30 Jun 2021 08:28:47 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1559634284327625&ev=Microdata&dl=https%3A%2F%2Fwww.cyclonis.com%2Fthreats%2Fbrowser-hijacker%2F&rl=&if=false&ts=1625041727459&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Browser%20Hijacker%20Archives%20-%20Cyclonis%22%2C%22meta%3Adescription%22%3A%22One%20of%20the%20most%20common%20issues%20that%20Windows%20users%20experience%20is%20random%20redirects%20to%20unknown%20websites.%20This%20issue%20might%20sound%20like%20a%20serious%20malware...%22%2C%22meta%3Akeywords%22%3A%22cyclonis%22%7D&cd[OpenGraph]=%7B%22og%3Alocale%22%3A%22en_US%22%2C%22og%3Atype%22%3A%22article%22%2C%22og%3Atitle%22%3A%22Browser%20Hijacker%20Archives%20-%20Cyclonis%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fcyclonis.com%2Fthreats%2Fbrowser-hijacker%2F%22%2C%22og%3Asite_name%22%3A%22Cyclonis%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.cyclonis.com%2Fimages%2F2020%2F01%2Flogo-icon-big.png%22%2C%22og%3Aimage%3Awidth%22%3A%22200%22%2C%22og%3Aimage%3Aheight%22%3A%22200%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.42&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1625041726955.897004261&it=1625041726612&coo=false&es=automatic&tm=3&rqm=GET
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/threats/browser-hijacker/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:47 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority
u=3,i
expires
Wed, 30 Jun 2021 08:28:47 GMT
get.php
myaccount.enigmasoftware.com/tools/ip2country/ 		84 B
508 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://myaccount.enigmasoftware.com/tools/ip2country/get.php
Requested by
Host: www.cyclonis.com
URL: https://www.cyclonis.com/wp-content/themes/default/js/bundle.js?1624887131
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:1600:17:a556:9bc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.46 (Amazon) /
Resource Hash
189ad6279468d91ed0701bb537ad62d926b48f7a1319dc26601a86d6c554e482

Request headers

Referer
https://www.cyclonis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 08:28:47 GMT
via
1.1 85dc19f43b2a0bd8840fdf8baf07d762.cloudfront.net (CloudFront)
last-modified
Mon, 16 Nov 2020 11:21:45 GMT
server
Apache/2.4.46 (Amazon)
x-amz-cf-pop
FRA53-C1
access-control-allow-methods
GET, POST
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=86400
x-cache
Miss from cloudfront
access-control-allow-headers
X-Requested-With
content-length
84
x-amz-cf-id
oxajgW60CHhq0c-rGTe5BWrP8UXa5i0rKlfFSye_3AgNntEd0S2Jnw==
expires
Thu, 01 Jul 2021 08:28:47 GMT

Verdicts & Comments Add Verdict or Comment

187 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| _SHR_SETTINGS string| adrotate_config object| dataLayer object| google_tag_manager object| google_tag_data object| uetq string| _linkedin_data_partner_id function| fbq function| _fbq object| ldfdr object| shrJsonp function| Shareaholic function| lintrk boolean| _already_called_lintrk boolean| __discoverInitialized function| UET function| UET_init function| UET_push function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO string| banners_config object| adrotate_banners function| Adrotate_banners_class string| price_config string| exit_popup_config function| Ep_class_logic function| etranslate_onload_event function| etranslate_hover function| et_auto_reload_page object| e object| observer function| init_eproducts function| eproducts_click_listener function| ep_download_action function| ep_redirect_action function| ep_switcher function| ep_on_method_change object| CURRENCY2 function| dp_onload_event function| currency_class_v2 function| user_info_class object| cw_class function| AcceptCookieMessage function| CloseCookieMessage function| cookie_warning_logic object| OS_DETECT object| TIMER object| PRERENDER object| MANSONARY object| wistia_full_screen object| cb_buy_togle_class function| onload_event function| init_colorbox function| externalLinks function| init_menu_position function| menu_events function| disable_iframe_scroll function| redirect function| toggleMenu function| PRERENDER_CLASS function| switcher function| os_detect_class function| switch_browsers function| timer_class function| toggle boolean| toggled_all function| toggle_all function| search_faq function| init_scroll_top function| init_scroll_down function| toggle_faq_img function| comment_reply function| reset_comment_reply function| update_button_text function| masonry_grid function| email_subscriptions_handler function| detect_browser function| wistia_full_screen_class function| faq_maybe_open function| general_redirects function| check_form_errors function| load_exit_popup function| load_random_elements object| $win object| $doc number| docHeight number| winHeight function| onload_animate_core function| on_resize_animation_core function| on_scroll_animation_core function| animate_paralax function| animate_reveals function| animate_slideRight function| animate_slideLeft function| animate_bounce function| onload_animate function| animate_all function| animate_cpm_how_download function| animate_cpm_how_vaults function| animate_cpm_how_train function| animate_cpm_how_mastercard function| animate_cpm_how_cards function| animate_cpm_how_fill function| animate_cpm_overview_enterPassword function| animate_cpm_overview_generatePassword function| animate_cpm_overview_login object| _gsScope undefined| $ function| jQuery object| wp object| bioEp object| GreenSockGlobals object| com function| _gsDefine function| Ease function| Power4 function| Strong function| Quint function| Power3 function| Quart function| Power2 function| Cubic function| Power1 function| Quad function| Power0 function| Linear function| TweenLite function| TweenPlugin object| _gsQueue function| BackOut function| BackIn function| BackInOut object| Back function| SlowMo function| SteppedEase function| RoughEase function| BounceOut function| BounceIn function| BounceInOut object| Bounce function| CircOut function| CircIn function| CircInOut object| Circ function| ElasticOut function| ElasticIn function| ElasticInOut object| Elastic function| ExpoOut function| ExpoIn function| ExpoInOut object| Expo function| SineOut function| SineIn function| SineInOut object| Sine object| EaseLookup function| CSSPlugin function| TimelineLite object| WebComponents function| JsMutationObserver object| HTMLImports object| CustomElements function| unwrap function| wrap boolean| publisherConfigLoaded function| gtag string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData number| begin object| elements

7 Cookies

Domain/Path Name / Value
.cyclonis.com/ Name: _gid
Value: GA1.2.1394329518.1625041727
.cyclonis.com/ Name: _ga
Value: GA1.2.1541896147.1625041727
.cyclonis.com/ Name: _gcl_au
Value: 1.1.1114107932.1625041727
.cyclonis.com/ Name: _gat_gtag_UA_97860296_3
Value: 1
.cyclonis.com/ Name: _fbp
Value: fb.1.1625041726955.897004261
.cyclonis.com/ Name: _uetvid
Value: 3043b140d97d11eba607a1f425c09aca
.cyclonis.com/ Name: _uetsid
Value: 30437ce0d97d11eb9e0b85044423ef30

1 Console Messages

Source Level URL
Text
console-api log URL: https://www.cyclonis.com/wp-content/themes/default/js/bundle.js?1624887131(Line 671)
Message:
JQMIGRATE: Migrate is installed, version 3.3.2

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.shareaholic.com
bat.bing.com
cdn.shareaholic.net
connect.facebook.net
googleads.g.doubleclick.net
m9m6e2w5.stackpathcdn.com
myaccount.enigmasoftware.com
p.typekit.net
partner.shareaholic.com
px.ads.linkedin.com
px4.ads.linkedin.com
sc.lfeeder.com
snap.licdn.com
stats.g.doubleclick.net
use.typekit.net
www.cyclonis.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.shareaholic.net
107.20.147.136
108.174.10.14
151.139.128.11
172.217.16.130
2600:9000:2057:4400:1f:f723:6fc0:93a1
2600:9000:214f:1600:17:a556:9bc0:93a1
2620:119:50e1:101::6cae:b25
2620:1ec:22::14
2620:1ec:c11::200
2a00:1450:4001:801::2004
2a00:1450:4001:808::2002
2a00:1450:4001:810::2004
2a00:1450:4001:810::200e
2a00:1450:4001:813::2008
2a00:1450:4001:829::2002
2a00:1450:4001:82f::2008
2a00:1450:4001:830::2003
2a00:1450:400c:c08::9c
2a02:26f0:6c00:28d::19fd
2a02:26f0:6c00:29b::25ea
2a02:26f0:6c00::210:ba2a
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
54.197.98.98
54.236.80.213
65.9.77.74
05bdad4dc7f4c9fcd38c3074cdfaced54049b48c64391e9525d0b818f60bba6c
07aa402303a22b02fa75acb645b1e9441512e55509e70c25ab69029f52c067eb
0a1d779d4bad3f1ef7834395cac5a28d1c65c0616756548b6b82002cac1eabbe
0bdf9fe04d456ca137c1650a9ed4e54ea9f5cf4716afdfed97c95192f15539a1
0dd1c75a7c11a1ff208232528bc42ff3a7dba44276badb339cb1d00e2c3a9094
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11b12b7531b1983eb8239b58ff5360065b083c916cfaaf3629e2345b80447267
189ad6279468d91ed0701bb537ad62d926b48f7a1319dc26601a86d6c554e482
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1da4ce28881ec4a7b530d4f044cbdf90dfb072237a7b81c16f27a7cfa7c2d603
1fd1a77fb0cc80b5b5103d447be21e88451f333c9b48f023506fba30e9a0b42e
21e444926ee2b1297a9888fe081f196a640763626243aa07b80ff171049e7a8c
225ce0a9567692f950e965103aa0ff13c02e2bf1fea308899701b0754d600e90
22e02e389c55f576750d892516f77893f50c652572593f1e0d7b421473c12d43
2d7f69569a48ee858f5c13abb9a549b189cf265f51c1bd7a831a348f8a578d20
2ebd66102d1cabeac3c438da71fca40956b9ecbaa04c758212cfce63b13eb36c
31a54a93488f9711927aeb875ff1dd63a8c41359847f10f9cea7488dc65179b7
410d3c35312febd6631957a4217eda1a7fc2cfc8370c8a5ea04dc920f9cbec2b
430d0754212e839c40bf98b6176ebe2c1d0aff96b0cc067035ce5a459cdb643b
4641f0c77f5bd0581112da073060172a34d4bcaa9c967f4e7a0411c7fc3877df
4db5d28df3a2cfa120d4d63bc28cbc6a65676e00963570ead447c99ae9364831
4e9898a93d28b72dcdf8dbdc39db3079289504dbc0d4c80f4d8a4e9ef2d9d5f4
510ca457b559ae0a80e4effda7c4d113f55a8f1f0895149f94ec39b7c79c33c6
5568f78c341d08c1e82619a18617286ba7ad6a9922f591ddd4ea02e9e1479a1f
58ab5ed053cac32b1aeb1457dee8db3e89334e7aa4c7a00d2b313741de838898
5d020f0816f095ec95ce34142cfe30d72d2785ae356a00dc3ff6fb5f0b78570b
5e2bdda3db244e9c39cee848907d2462e5b7df6aed408bf904838af0c7ffa136
6b57c0d60c7b16f657bb50ef9259fec08824fa8d75453e4a981dc5f5f0609493
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6cb1ab413dc76e8b4f47c7d068b0a7b64065073d3363ec455735954905251b7e
6e6e6a03e72a528c28884b50bf296425667f38dd0aaf1dd17ce89199ffc85271
6f70ceab51f45edb346d52a6275f86e3eb148b3502036cdcee3043f818c573a5
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
73e2e5173ed0d5a77b02914fa0ef1f67bb53143da75f0348f558f95565220ca1
7488f2006e17c84efc8087b07436668662b913b11cd0c4f4f79c3e28dd62a3a8
768bdb94ed0ba82fc0ea22254fb006719c2003f2f6fba62b237b2f6f379309c4
7d7c245937d92d89674960d6df2862388bc64a2675a735055f86dc94b6610f04
7e549d7e70e97fb4f8e075de988c7e7bf0c30669f7d2665bd8d49326be615386
7f5dbd7c4a499d3cdb82a7fbb9c04a3105e5e4948fdf1bc3e9583411270bf8fd
8487075861356f3db8b150048001f1f9f98d9f1b69de3a184bf6e4a68c5386cf
86e20d8db6c8be022127febe23e7e9806f52b840dacfb31d57eac7784a554f3d
8cb3690ddeeddcc2a682dc8d29c971d9fc366ce11732cc8d5276c1d7cc28adc2
8f0497d1ce7d5af1543f24dd1bfc1e7181460d8b082a581c626432f224ef9763
92bd24374fb205c765a133d522acb2772693d2ccd486b7855e2447918de296a1
962537bcafabc0cb94b90e16ec3a9a18e90b7264b8ad1b039537c2701118c740
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a33fff4dda2a53981033e0c0e2a2f8ff51d3a8d1b7d8229707ee58871c9dcd9a
ab6f8abb259532862aeca0068cacaebb2355edf04a3645efa80f3ec0ddfed4be
acf3841b3f4d41a622507b7b6d2299eda17962e6286448d8e68c8a90c2086ebe
b306b1d77137d5a6808180409ba48e28f61c30f8b6835cbb307e84fbd38cac15
b864439813f3427a9131a8486a92216da817c0862d31f56e847b06b6d0d5d37e
bae519ecb2f7eaed39d9a1028a6a085fa67337d88a71a2e75f89edbba81f4a85
c1026fb09e2a8621b0fa5ccd4f3c8249456767a5ea3fdc5ae8f341cd74a0c7fb
c830758010aedcea8ca49c184368268449b4eba73eee6b88c668eeeaa9a85229
cd4345a4050e2839204365a896b32b6fbddac6874c6433917c35c47c9b9b685e
de09822fbabc8d70afe9ce25da49c7a8106a07728138135c4f0de12aec7dc4f2
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
edce9f27df5f796db2d86ab09d09f7fc87318eb202702991d9f14373b9f5e3f2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f30eed7fb65cf909ddbf0a77328936ac39ce10b391e2754c538b4b2128f82abf
f32dad023faebb62410971305bca111e0e42b8611406e91e82c0369c2ee02967