www.mcafee.com Open in urlscan Pro
104.111.238.175 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
Submission: On May 26 via api (May 26th 2021, 8:55:17 pm UTC) from US

Summary HTTP 210 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 50 IPs in 7 countries across 43 domains to perform 210 HTTP transactions. The main IP is 104.111.238.175, located in Frankfurt am Main, Germany and belongs to AKAMAI-AS, US. The main domain is www.mcafee.com.
TLS certificate: Issued by McAfee OV SSL CA 2 on May 21st 2020. Valid for: 2 years.

This is the only time www.mcafee.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
80	104.111.238.175 104.111.238.175	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1 1	161.69.25.99 161.69.25.99	7754 (MCAFEE) (MCAFEE)
1	2a04:4e42:3::621 2a04:4e42:3::621	54113 (FASTLY) (FASTLY)
7	2a02:26f0:6c0... 2a02:26f0:6c00:28a::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700:10:... 2606:4700:10::6816:46c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a02:26f0:6c0... 2a02:26f0:6c00:2b9::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	104.109.77.38 104.109.77.38	16625 (AKAMAI-AS) (AKAMAI-AS)
6	2a03:2880:f03... 2a03:2880:f030:13:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a02:26f0:6c0... 2a02:26f0:6c00:2b0::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
2	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
2 2	2620:119:50e4... 2620:119:50e4:101::6cae:b55	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 2	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
1	104.18.102.194 104.18.102.194	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:6c0... 2a02:26f0:6c00:1bb::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
3	34.242.112.45 34.242.112.45	16509 (AMAZON-02) (AMAZON-02)
1 2	52.45.16.186 52.45.16.186	14618 (AMAZON-AES) (AMAZON-AES)
1	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
1	13.32.21.107 13.32.21.107	16509 (AMAZON-02) (AMAZON-02)
13	2a03:2880:f13... 2a03:2880:f130:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
3	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
2	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
1	52.17.73.77 52.17.73.77	16509 (AMAZON-02) (AMAZON-02)
3	15.236.176.210 15.236.176.210	16509 (AMAZON-02) (AMAZON-02)
1 1	34.255.166.243 34.255.166.243	16509 (AMAZON-02) (AMAZON-02)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
7	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
2	104.208.16.0 104.208.16.0	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	52.202.228.151 52.202.228.151	14618 (AMAZON-AES) (AMAZON-AES)
2	2620:116:800d... 2620:116:800d:21:5a23:9c4e:e774:96c1	16509 (AMAZON-02) (AMAZON-02)
8 10	3.248.28.111 3.248.28.111	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c04::9c	15169 (GOOGLE) (GOOGLE)
2 2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	2600:9000:218... 2600:9000:2182:9800:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	18.197.99.6 18.197.99.6	16509 (AMAZON-02) (AMAZON-02)
1 2	104.108.145.8 104.108.145.8	16625 (AKAMAI-AS) (AKAMAI-AS)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1	70.42.32.63 70.42.32.63	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1 2	3.121.70.57 3.121.70.57	16509 (AMAZON-02) (AMAZON-02)
1 1	2.16.107.152 2.16.107.152	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2.16.107.194 2.16.107.194	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba19	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
210	50

80 104.111.238.175 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-238-175.deploy.static.akamaitechnologies.com

www.mcafee.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 161.69.25.99 (Gilroy, United States) 1 redirects

ASN7754 (MCAFEE, US)

securingtomorrow.mcafee.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:3::621 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:26f0:6c00:28a::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:46c5 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:6c00:2b9::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
686eb51b.akstat.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 104.109.77.38 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-109-77-38.deploy.static.akamaitechnologies.com

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f030:13:face:b00c:0:3 (France)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:2b0::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e4:101::6cae:b55 (United States) 2 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.174.10.14 (United States) 2 redirects

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.102.194 (United States)

ASN13335 (CLOUDFLARENET, US)

p.adsymptotic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:1bb::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.242.112.45 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-242-112-45.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.45.16.186 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-16-186.compute-1.amazonaws.com

api2932.d41.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)

so.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.21.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-21-107.fra56.r.cloudfront.net

cdn-0.d41.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a03:2880:f130:83:face:b00c:0:25de (France)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:6c00::210:ba80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.17.73.77 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

mcafeeinc.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 15.236.176.210 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

smetrics.mcafee.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.255.166.243 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-166-243.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.208.16.0 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

cu1pehnsweb01.servicebus.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.202.228.151 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:5a23:9c4e:e774:96c1 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 3.248.28.111 (Dublin, Ireland) 8 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-28-111.eu-west-1.compute.amazonaws.com

d.adroll.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2182:9800:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.197.99.6 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.108.145.8 (Berlin, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-145-8.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 70.42.32.63 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.121.70.57 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-70-57.eu-central-1.compute.amazonaws.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.107.152 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-107-152.deploy.static.akamaitechnologies.com

trial-eum-clientnsv4-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.107.194 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-107-194.deploy.static.akamaitechnologies.com

t4ydobyccbvzqyfowwsa-ppkgf6-6a7234850-clientnsv4-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00::210:ba19 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

trial-eum-clienttons-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fiaqj6abeejrukqce3ygyaaaabqk5nne-ppkgf6-a5687b110-clienttons-s.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
84	mcafee.com 1 redirects www.mcafee.com securingtomorrow.mcafee.com smetrics.mcafee.com	1 MB
13	facebook.com www.facebook.com	1 KB
12	adroll.com 7 redirects s.adroll.com d.adroll.com	25 KB
12	tiqcdn.com tags.tiqcdn.com	131 KB
8	google.de www.google.de	555 B
8	google.com www.google.com	636 B
8	doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net	8 KB
7	googletagmanager.com www.googletagmanager.com	236 KB
7	adobedtm.com assets.adobedtm.com	125 KB
6	facebook.net connect.facebook.net	387 KB
5	linkedin.com 5 redirects px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	3 KB
4	akamaihd.net 2 redirects trial-eum-clientnsv4-s.akamaihd.net t4ydobyccbvzqyfowwsa-ppkgf6-6a7234850-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net fiaqj6abeejrukqce3ygyaaaabqk5nne-ppkgf6-a5687b110-clienttons-s.akamaihd.net	1 KB
4	stackadapt.com tags.srv.stackadapt.com	6 KB
4	demdex.net dpm.demdex.net mcafeeinc.demdex.net	7 KB
3	akstat.io 686eb51b.akstat.io	603 B
3	bing.com bat.bing.com	9 KB
3	rlcdn.com 2 redirects so.rlcdn.com idsync.rlcdn.com	804 B
3	d41.co 1 redirects api2932.d41.co cdn-0.d41.co	5 KB
3	googleapis.com fonts.googleapis.com	2 KB
2	3lift.com 1 redirects eb2.3lift.com	739 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com	2 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	quantserve.com secure.quantserve.com pixel.quantserve.com	9 KB
2	windows.net cu1pehnsweb01.servicebus.windows.net	309 B
2	twitter.com analytics.twitter.com	938 B
2	t.co t.co	573 B
2	googleadservices.com www.googleadservices.com	30 KB
2	gstatic.com fonts.gstatic.com	22 KB
2	go-mpulse.net s.go-mpulse.net c.go-mpulse.net	51 KB
2	bootstrapcdn.com stackpath.bootstrapcdn.com	83 KB
1	taboola.com sync.taboola.com	218 B
1	pubmatic.com simage2.pubmatic.com	550 B
1	outbrain.com sync.outbrain.com	477 B
1	rubiconproject.com pixel.rubiconproject.com	239 B
1	advertising.com pixel.advertising.com	125 B
1	quantcount.com rules.quantcount.com	1 KB
1	consensu.org 1 redirects d.adroll.mgr.consensu.org	138 B
1	everesttech.net 1 redirects cm.everesttech.net	517 B
1	adsymptotic.com p.adsymptotic.com	294 B
1	ads-twitter.com static.ads-twitter.com	2 KB
1	licdn.com snap.licdn.com	2 KB
1	addtoany.com static.addtoany.com	26 KB
1	jsdelivr.net cdn.jsdelivr.net	10 KB
210	43

	Domain	Requested by
80	www.mcafee.com	www.mcafee.com s.go-mpulse.net
13	www.facebook.com	www.mcafee.com connect.facebook.net
12	tags.tiqcdn.com	www.mcafee.com tags.tiqcdn.com
9	d.adroll.com	7 redirects www.mcafee.com s.go-mpulse.net
8	www.google.de	www.mcafee.com
8	www.google.com	www.mcafee.com
7	www.googletagmanager.com	assets.adobedtm.com www.googletagmanager.com tags.tiqcdn.com
7	googleads.g.doubleclick.net	www.googleadservices.com
7	assets.adobedtm.com	www.mcafee.com assets.adobedtm.com
6	connect.facebook.net	www.mcafee.com connect.facebook.net
4	tags.srv.stackadapt.com	tags.tiqcdn.com tags.srv.stackadapt.com s.go-mpulse.net
3	686eb51b.akstat.io	s.go-mpulse.net
3	bat.bing.com	www.mcafee.com bat.bing.com
3	smetrics.mcafee.com	s.go-mpulse.net www.mcafee.com assets.adobedtm.com
3	s.adroll.com	www.mcafee.com s.adroll.com
3	dpm.demdex.net	s.go-mpulse.net www.mcafee.com
3	fonts.googleapis.com	www.mcafee.com
2	eb2.3lift.com	1 redirects www.mcafee.com
2	dsum-sec.casalemedia.com	1 redirects www.mcafee.com
2	idsync.rlcdn.com	2 redirects
2	www.google-analytics.com	www.googletagmanager.com s.go-mpulse.net
2	cu1pehnsweb01.servicebus.windows.net	s.go-mpulse.net
2	analytics.twitter.com	static.ads-twitter.com
2	api2932.d41.co	1 redirects s.go-mpulse.net
2	t.co	www.mcafee.com
2	px4.ads.linkedin.com	2 redirects
2	px.ads.linkedin.com	2 redirects
2	www.googleadservices.com	www.mcafee.com www.googletagmanager.com
2	fonts.gstatic.com	fonts.googleapis.com
2	stackpath.bootstrapcdn.com	www.mcafee.com stackpath.bootstrapcdn.com
1	fiaqj6abeejrukqce3ygyaaaabqk5nne-ppkgf6-a5687b110-clienttons-s.akamaihd.net
1	trial-eum-clienttons-s.akamaihd.net	1 redirects
1	t4ydobyccbvzqyfowwsa-ppkgf6-6a7234850-clientnsv4-s.akamaihd.net
1	trial-eum-clientnsv4-s.akamaihd.net	1 redirects
1	sync.taboola.com	www.mcafee.com
1	simage2.pubmatic.com	www.mcafee.com
1	sync.outbrain.com	www.mcafee.com
1	pixel.rubiconproject.com	www.mcafee.com
1	pixel.advertising.com	www.mcafee.com
1	pixel.quantserve.com	www.mcafee.com
1	rules.quantcount.com	secure.quantserve.com
1	stats.g.doubleclick.net	s.go-mpulse.net
1	d.adroll.mgr.consensu.org	1 redirects
1	secure.quantserve.com	tags.tiqcdn.com
1	cm.everesttech.net	1 redirects
1	mcafeeinc.demdex.net	assets.adobedtm.com
1	cdn-0.d41.co	assets.adobedtm.com
1	so.rlcdn.com	www.mcafee.com
1	c.go-mpulse.net	s.go-mpulse.net
1	p.adsymptotic.com	www.mcafee.com
1	www.linkedin.com	1 redirects
1	static.ads-twitter.com	www.mcafee.com
1	snap.licdn.com	www.mcafee.com
1	s.go-mpulse.net	www.mcafee.com
1	static.addtoany.com	www.mcafee.com
1	cdn.jsdelivr.net	www.mcafee.com
1	securingtomorrow.mcafee.com	1 redirects
210	57

This site contains links to these domains. Also see Links.

Domain
github.com
twitter.com
www.linkedin.com
www.facebook.com
www.youtube.com
www.scanalert.com

Subject Issuer	Validity	Valid
www.mcafee.com McAfee OV SSL CA 2	`2020-05-21` - `2022-05-21`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-01` - `2022-02-28`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-03` - `2021-07-26`	3 months	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2021-05-18` - `2022-03-26`	10 months	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-08` - `2021-09-30`	9 months	crt.sh
akstat.io DigiCert Secure Site ECC CA-1	`2020-05-06` - `2021-08-05`	a year	crt.sh
*.google.com GTS CA 1O1	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.tiqcdn.com DigiCert SHA2 Secure Server CA	`2021-04-19` - `2022-04-27`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-04-06` - `2021-07-03`	3 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-04-30` - `2022-05-11`	a year	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2020-12-02` - `2022-01-02`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.d41.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-18` - `2022-03-21`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
adroll.com R3	`2021-03-30` - `2021-06-28`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
smetrics.mcafee.com DigiCert TLS RSA SHA256 2020 CA1	`2020-12-14` - `2022-01-14`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2021-04-12` - `2021-10-12`	6 months	crt.sh
servicebus.windows.net Microsoft Azure TLS Issuing CA 02	`2021-04-13` - `2022-04-08`	a year	crt.sh
*.srv.stackadapt.com Amazon	`2020-12-09` - `2022-01-07`	a year	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
adroll.mgr.consensu.org Amazon	`2020-10-08` - `2021-11-07`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
pixel.advertising.com DigiCert SHA2 High Assurance Server CA	`2021-03-01` - `2021-08-24`	6 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2020-12-18` - `2022-01-18`	a year	crt.sh
*.outbrain.com Thawte RSA CA 2018	`2019-10-29` - `2021-11-23`	2 years	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2020-12-07` - `2021-12-14`	a year	crt.sh
*.taboola.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
*.3lift.com Amazon	`2020-07-04` - `2021-08-05`	a year	crt.sh
a248.e.akamai.net DigiCert Secure Site ECC CA-1	`2020-07-15` - `2021-09-13`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
Frame ID: 901CD1CEBF66F856B5D38AF6C201C54C
Requests: 203 HTTP requests in this frame

Frame: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
Frame ID: 7BE2AD7B1B9A70D29A58D15EBB5BDF2F
Requests: 4 HTTP requests in this frame

Frame: https://mcafeeinc.demdex.net/dest5.html?d_nsid=0
Frame ID: A95C81EFAC058DB283AB7D9FC073EC40
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

210
Requests

100 %
HTTPS

49 %
IPv6

43
Domains

57
Subdomains

50
IPs

7
Countries

2303 kB
Transfer

5156 kB
Size

3
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://github.com/advanced-threat-research/Yara-Rules/blob/master/ransomware/RANSOM_Buran.yar
Title: is available in our GitHub repository

Search URL Search Domain Scan URL

URL: https://twitter.com/ValthekOn
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/alexandre-mundo-alguacil-38a98011a/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/mcafee
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.facebook.com/mcafee
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/2336?trk=prof-exp-company-name
Title: LinkedIn

Search URL Search Domain Scan URL

URL: http://www.youtube.com/mcafee
Title: YouTube

Search URL Search Domain Scan URL

URL: https://www.scanalert.com/RatingVerify?ref=www.mcafee.com

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 52

https://securingtomorrow.mcafee.com/wp-content/uploads/2019/11/23.png HTTP 301
https://www.mcafee.com/blogs/wp-content/uploads/2019/11/23.png

Request Chain 92

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1622062496395&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D68395%26time%3D1622062496395%26url%3Dhttps%253A%252F%252Fwww.mcafee.com%252Fblogs%252Fother-blogs%252Fmcafee-labs%252Fburan-ransomware-the-evolution-of-vegalocker%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1622062496395&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1622062496395&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&liSync=true&e_ipv6=AQKGuPCbJ8ojfwAAAXmqdXwEoQu1_1wsrvcWGtDNmIab5r-FPsPW5Sj0oAa6nVDBmp9YCMUn HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1622062496395&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&liSync=true&e_ipv6=AQKGuPCbJ8ojfwAAAXmqdXwEoQu1_1wsrvcWGtDNmIab5r-FPsPW5Sj0oAa6nVDBmp9YCMUn&cookiesTest=true HTTP 302
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=4728f73b-99ff-4ed2-81d2-90608b66ae88

Request Chain 101

https://api2932.d41.co/sync/ HTTP 302
https://so.rlcdn.com/400906.gif?cparams=cparams%3D3f2dfb951f764e5ebbdfefb0b13d5dc4-35dc4ec16c4a4c688666f32e19f910e5-1-191

Request Chain 127

https://cm.everesttech.net/cm/dd?d_uuid=18372740443827920210694679194462571264 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YK61oQAAALMcrQLs

Request Chain 152

https://d.adroll.mgr.consensu.org/consent/iabcheck/BSO3ZR5BDRHVJEQK4OCMRI?_s=ef140165734d9a7810d9c5fcdf37e5ea&_b=2 HTTP 302
https://d.adroll.com/consent/check/BSO3ZR5BDRHVJEQK4OCMRI/?_s=ef140165734d9a7810d9c5fcdf37e5ea&_b=2

Request Chain 165

https://idsync.rlcdn.com/365868.gif?partner_uid=18372740443827920210694679194462571264 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CKyqFhIxCi0IARCYEhomMTgzNzI3NDA0NDM4Mjc5MjAyMTA2OTQ2NzkxOTQ0NjI1NzEyNjQQABoNCKHruoUGEgUI6AcQAEIASgA HTTP 307
https://dpm.demdex.net/ibs:dpid=477&dpuuid=1d4767e3bb3bb73288911ec4c2d04da7c5c5f40e5dcc4ddfc8c782ff085de502b0da87c991749652

Request Chain 187

https://d.adroll.com/cm/aol/out?adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275&arrfrr=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&xid_ch=f&advertisable=BSO3ZR5BDRHVJEQK4OCMRI HTTP 302
https://pixel.advertising.com/ups/55980/sync?uid=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 188

https://d.adroll.com/cm/index/out?adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275&arrfrr=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&xid_ch=f&advertisable=BSO3ZR5BDRHVJEQK4OCMRI HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU&expiration=1653598497 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU&expiration=1653598497&C=1

Request Chain 189

https://d.adroll.com/cm/n/out?adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275&arrfrr=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&xid_ch=f&advertisable=BSO3ZR5BDRHVJEQK4OCMRI HTTP 302
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU&expires=365

Request Chain 190

https://d.adroll.com/cm/outbrain/out?adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275&arrfrr=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&xid_ch=f&advertisable=BSO3ZR5BDRHVJEQK4OCMRI HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU

Request Chain 191

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275&arrfrr=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&xid_ch=f&advertisable=BSO3ZR5BDRHVJEQK4OCMRI HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA

Request Chain 192

https://d.adroll.com/cm/taboola/out?adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275&arrfrr=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&xid_ch=f&advertisable=BSO3ZR5BDRHVJEQK4OCMRI HTTP 302
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU

Request Chain 193

https://d.adroll.com/cm/triplelift/out?adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275&arrfrr=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&xid_ch=f&advertisable=BSO3ZR5BDRHVJEQK4OCMRI HTTP 302
https://eb2.3lift.com/xuid?mid=4714&xuid=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU&dongle=c85e HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=

Request Chain 207

https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=ppkgf6z6j HTTP 302
https://t4ydobyccbvzqyfowwsa-ppkgf6-6a7234850-clientnsv4-s.akamaihd.net/eum/results.txt

Request Chain 208

https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=ppkgf6z6j HTTP 302
https://fiaqj6abeejrukqce3ygyaaaabqk5nne-ppkgf6-a5687b110-clienttons-s.akamaihd.net/eum/results.txt

210 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/ 78 KB
23 KB 1170ms
1093ms Document
text/html 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e37a355d1824d5c94680a67e3e0f4670e3fad0eec80799d86c778391d25ccfb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.mcafee.com
:scheme: https
:path: /blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
server: Apache
x-frame-options: SAMEORIGIN
last-modified: Wed, 26 May 2021 19:58:07 GMT
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-akamai-transformed: 9 - 0 pmb=mTOE,2mRUM,2
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=0
expires: Wed, 26 May 2021 20:54:55 GMT
date: Wed, 26 May 2021 20:54:55 GMT
content-length: 22259
server-timing: cdn-cache; desc=REVALIDATE edge; dur=151 origin; dur=733
strict-transport-security: max-age=31536000
set-cookie: bm_sz=002DF1B055598189835F07F34F5748D6~YAAQbrsQAocM6p15AQAAmXh1qguzYGIOBVHUJUWOdVGTrbwrZK18N7VDULZ2hoT+9ipmHbJxHm+xtQaX7Be4VVLvRaniMlavQO3pGTl0IKsyz0IEhH7EI/i3KrjKAQwaud//hmGFoeMu5+fd6x4YAiEM+Wn/bA2TL1yiCCAZyWHJ8TMMaBs9m33qoPZETwP7; Domain=.mcafee.com; Path=/; Expires=Thu, 27 May 2021 00:54:54 GMT; Max-Age=14399; HttpOnly _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAogM6p15AQAAmXh1qgVsoIDiaaYGHh/rQWG1zQ+AKAPiBcZy9rBAEesAI8KY6FpslZwe/9kdGIkuORGxkC4yuK7exqRpkF9rBntMRdmmBNO2cYflLr293caFN5HPu+81+a8OtdvCqodWXmgpaxAF5gDllxiAI+DuWltdFw9/sgQCTU0N4lgexpX1mMiSkbl+oOlqzuuKYPj31M/3xEjLbwnRZ6SRVGlMPwArZYfSMrs3Rq2AUH/EBb2apls2kKwOZy9Di55zTUwSfm9IQCnbftxWN8nTpqCP4PnpF8+p00h3/AnsPSRCvRtwZBu+ffPL0M40QnAOeJYYAsKYHsDCfkPa26Q/QffG9XQkWN6b8eTk9cInLW0=~-1~-1~-1; Domain=.mcafee.com; Path=/; Expires=Thu, 26 May 2022 20:54:55 GMT; Max-Age=31536000; Secure

GET
H2 200 main.min.css
www.mcafee.com/enterprise/www/css/ 79 KB
15 KB 37ms
31ms Stylesheet
text/css 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/enterprise/www/css/main.min.css

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c58844aa5f6782b1853208cbbf20eb05ca95f8407763c41c9de73bc84a846885

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /enterprise/www/css/main.min.css
pragma: no-cache
cookie: bm_sz=002DF1B055598189835F07F34F5748D6~YAAQbrsQAocM6p15AQAAmXh1qguzYGIOBVHUJUWOdVGTrbwrZK18N7VDULZ2hoT+9ipmHbJxHm+xtQaX7Be4VVLvRaniMlavQO3pGTl0IKsyz0IEhH7EI/i3KrjKAQwaud//hmGFoeMu5+fd6x4YAiEM+Wn/bA2TL1yiCCAZyWHJ8TMMaBs9m33qoPZETwP7; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAogM6p15AQAAmXh1qgVsoIDiaaYGHh/rQWG1zQ+AKAPiBcZy9rBAEesAI8KY6FpslZwe/9kdGIkuORGxkC4yuK7exqRpkF9rBntMRdmmBNO2cYflLr293caFN5HPu+81+a8OtdvCqodWXmgpaxAF5gDllxiAI+DuWltdFw9/sgQCTU0N4lgexpX1mMiSkbl+oOlqzuuKYPj31M/3xEjLbwnRZ6SRVGlMPwArZYfSMrs3Rq2AUH/EBb2apls2kKwOZy9Di55zTUwSfm9IQCnbftxWN8nTpqCP4PnpF8+p00h3/AnsPSRCvRtwZBu+ffPL0M40QnAOeJYYAsKYHsDCfkPa26Q/QffG9XQkWN6b8eTk9cInLW0=~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT edge; dur=1
content-length: 14855
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 02 Mar 2021 20:55:21 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "13bd9-5bc93f3db4040-gzip"
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css
cache-control: public, max-age=6307
accept-ranges: bytes
expires: Wed, 26 May 2021 22:40:02 GMT

GET
H2 200 style.min.css
www.mcafee.com/wp-includes/css/dist/block-library/ 52 KB
8 KB 59ms
52ms Stylesheet
text/css 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-includes/css/dist/block-library/style.min.css?ver=5.4.2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

bca7af0b45b6fc6a2064e8e7a34f2041f3e77261e63f0257209bcde6bc40545d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-includes/css/dist/block-library/style.min.css?ver=5.4.2
pragma: no-cache
cookie: bm_sz=002DF1B055598189835F07F34F5748D6~YAAQbrsQAocM6p15AQAAmXh1qguzYGIOBVHUJUWOdVGTrbwrZK18N7VDULZ2hoT+9ipmHbJxHm+xtQaX7Be4VVLvRaniMlavQO3pGTl0IKsyz0IEhH7EI/i3KrjKAQwaud//hmGFoeMu5+fd6x4YAiEM+Wn/bA2TL1yiCCAZyWHJ8TMMaBs9m33qoPZETwP7; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAogM6p15AQAAmXh1qgVsoIDiaaYGHh/rQWG1zQ+AKAPiBcZy9rBAEesAI8KY6FpslZwe/9kdGIkuORGxkC4yuK7exqRpkF9rBntMRdmmBNO2cYflLr293caFN5HPu+81+a8OtdvCqodWXmgpaxAF5gDllxiAI+DuWltdFw9/sgQCTU0N4lgexpX1mMiSkbl+oOlqzuuKYPj31M/3xEjLbwnRZ6SRVGlMPwArZYfSMrs3Rq2AUH/EBb2apls2kKwOZy9Di55zTUwSfm9IQCnbftxWN8nTpqCP4PnpF8+p00h3/AnsPSRCvRtwZBu+ffPL0M40QnAOeJYYAsKYHsDCfkPa26Q/QffG9XQkWN6b8eTk9cInLW0=~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT edge; dur=1
vary: Accept-Encoding
content-length: 7643
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 30 Apr 2020 16:07:23 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: public, max-age=5105
accept-ranges: bytes
expires: Wed, 26 May 2021 22:20:00 GMT

GET
H2 200 blocks.style.build.css
www.mcafee.com/wp-content/plugins/social-polls-by-opinionstage/gutenberg/poll/dist/ 141 B
496 B 60ms
53ms Stylesheet
text/css 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/plugins/social-polls-by-opinionstage/gutenberg/poll/dist/blocks.style.build.css?ver=5.4.2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

346aae6f2e04a045081edf8a6b0e9d9ccaedb005b95fa1d6521db1e5724325ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/social-polls-by-opinionstage/gutenberg/poll/dist/blocks.style.build.css?ver=5.4.2
pragma: no-cache
cookie: bm_sz=002DF1B055598189835F07F34F5748D6~YAAQbrsQAocM6p15AQAAmXh1qguzYGIOBVHUJUWOdVGTrbwrZK18N7VDULZ2hoT+9ipmHbJxHm+xtQaX7Be4VVLvRaniMlavQO3pGTl0IKsyz0IEhH7EI/i3KrjKAQwaud//hmGFoeMu5+fd6x4YAiEM+Wn/bA2TL1yiCCAZyWHJ8TMMaBs9m33qoPZETwP7; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAogM6p15AQAAmXh1qgVsoIDiaaYGHh/rQWG1zQ+AKAPiBcZy9rBAEesAI8KY6FpslZwe/9kdGIkuORGxkC4yuK7exqRpkF9rBntMRdmmBNO2cYflLr293caFN5HPu+81+a8OtdvCqodWXmgpaxAF5gDllxiAI+DuWltdFw9/sgQCTU0N4lgexpX1mMiSkbl+oOlqzuuKYPj31M/3xEjLbwnRZ6SRVGlMPwArZYfSMrs3Rq2AUH/EBb2apls2kKwOZy9Di55zTUwSfm9IQCnbftxWN8nTpqCP4PnpF8+p00h3/AnsPSRCvRtwZBu+ffPL0M40QnAOeJYYAsKYHsDCfkPa26Q/QffG9XQkWN6b8eTk9cInLW0=~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT edge; dur=1
content-length: 134
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 01 Nov 2019 14:46:29 GMT
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: public, max-age=5534
accept-ranges: bytes
expires: Wed, 26 May 2021 22:27:09 GMT

GET
H2 200 blocks.style.build.css
www.mcafee.com/wp-content/plugins/social-polls-by-opinionstage/gutenberg/trivia/dist/ 141 B
489 B 65ms
58ms Stylesheet
text/css 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/plugins/social-polls-by-opinionstage/gutenberg/trivia/dist/blocks.style.build.css?ver=5.4.2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

346aae6f2e04a045081edf8a6b0e9d9ccaedb005b95fa1d6521db1e5724325ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/social-polls-by-opinionstage/gutenberg/trivia/dist/blocks.style.build.css?ver=5.4.2
pragma: no-cache
cookie: bm_sz=002DF1B055598189835F07F34F5748D6~YAAQbrsQAocM6p15AQAAmXh1qguzYGIOBVHUJUWOdVGTrbwrZK18N7VDULZ2hoT+9ipmHbJxHm+xtQaX7Be4VVLvRaniMlavQO3pGTl0IKsyz0IEhH7EI/i3KrjKAQwaud//hmGFoeMu5+fd6x4YAiEM+Wn/bA2TL1yiCCAZyWHJ8TMMaBs9m33qoPZETwP7; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAogM6p15AQAAmXh1qgVsoIDiaaYGHh/rQWG1zQ+AKAPiBcZy9rBAEesAI8KY6FpslZwe/9kdGIkuORGxkC4yuK7exqRpkF9rBntMRdmmBNO2cYflLr293caFN5HPu+81+a8OtdvCqodWXmgpaxAF5gDllxiAI+DuWltdFw9/sgQCTU0N4lgexpX1mMiSkbl+oOlqzuuKYPj31M/3xEjLbwnRZ6SRVGlMPwArZYfSMrs3Rq2AUH/EBb2apls2kKwOZy9Di55zTUwSfm9IQCnbftxWN8nTpqCP4PnpF8+p00h3/AnsPSRCvRtwZBu+ffPL0M40QnAOeJYYAsKYHsDCfkPa26Q/QffG9XQkWN6b8eTk9cInLW0=~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT edge; dur=1
vary: Accept-Encoding
content-length: 134
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 01 Nov 2019 14:46:29 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: public, max-age=10046
accept-ranges: bytes
expires: Wed, 26 May 2021 23:42:21 GMT

GET
H2 200 blocks.style.build.css
www.mcafee.com/wp-content/plugins/social-polls-by-opinionstage/gutenberg/personality/dist/ 141 B
497 B 70ms
63ms Stylesheet
text/css 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/plugins/social-polls-by-opinionstage/gutenberg/personality/dist/blocks.style.build.css?ver=5.4.2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

346aae6f2e04a045081edf8a6b0e9d9ccaedb005b95fa1d6521db1e5724325ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/social-polls-by-opinionstage/gutenberg/personality/dist/blocks.style.build.css?ver=5.4.2
pragma: no-cache
cookie: bm_sz=002DF1B055598189835F07F34F5748D6~YAAQbrsQAocM6p15AQAAmXh1qguzYGIOBVHUJUWOdVGTrbwrZK18N7VDULZ2hoT+9ipmHbJxHm+xtQaX7Be4VVLvRaniMlavQO3pGTl0IKsyz0IEhH7EI/i3KrjKAQwaud//hmGFoeMu5+fd6x4YAiEM+Wn/bA2TL1yiCCAZyWHJ8TMMaBs9m33qoPZETwP7; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAogM6p15AQAAmXh1qgVsoIDiaaYGHh/rQWG1zQ+AKAPiBcZy9rBAEesAI8KY6FpslZwe/9kdGIkuORGxkC4yuK7exqRpkF9rBntMRdmmBNO2cYflLr293caFN5HPu+81+a8OtdvCqodWXmgpaxAF5gDllxiAI+DuWltdFw9/sgQCTU0N4lgexpX1mMiSkbl+oOlqzuuKYPj31M/3xEjLbwnRZ6SRVGlMPwArZYfSMrs3Rq2AUH/EBb2apls2kKwOZy9Di55zTUwSfm9IQCnbftxWN8nTpqCP4PnpF8+p00h3/AnsPSRCvRtwZBu+ffPL0M40QnAOeJYYAsKYHsDCfkPa26Q/QffG9XQkWN6b8eTk9cInLW0=~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT edge; dur=1
content-length: 134
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 01 Nov 2019 14:46:29 GMT
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: public, max-age=14015
accept-ranges: bytes
expires: Thu, 27 May 2021 00:48:30 GMT

GET
H2 200 blocks.style.build.css
www.mcafee.com/wp-content/plugins/social-polls-by-opinionstage/gutenberg/survey/dist/ 141 B
489 B 77ms
71ms Stylesheet
text/css 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/plugins/social-polls-by-opinionstage/gutenberg/survey/dist/blocks.style.build.css?ver=5.4.2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

346aae6f2e04a045081edf8a6b0e9d9ccaedb005b95fa1d6521db1e5724325ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/social-polls-by-opinionstage/gutenberg/survey/dist/blocks.style.build.css?ver=5.4.2
pragma: no-cache
cookie: bm_sz=002DF1B055598189835F07F34F5748D6~YAAQbrsQAocM6p15AQAAmXh1qguzYGIOBVHUJUWOdVGTrbwrZK18N7VDULZ2hoT+9ipmHbJxHm+xtQaX7Be4VVLvRaniMlavQO3pGTl0IKsyz0IEhH7EI/i3KrjKAQwaud//hmGFoeMu5+fd6x4YAiEM+Wn/bA2TL1yiCCAZyWHJ8TMMaBs9m33qoPZETwP7; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAogM6p15AQAAmXh1qgVsoIDiaaYGHh/rQWG1zQ+AKAPiBcZy9rBAEesAI8KY6FpslZwe/9kdGIkuORGxkC4yuK7exqRpkF9rBntMRdmmBNO2cYflLr293caFN5HPu+81+a8OtdvCqodWXmgpaxAF5gDllxiAI+DuWltdFw9/sgQCTU0N4lgexpX1mMiSkbl+oOlqzuuKYPj31M/3xEjLbwnRZ6SRVGlMPwArZYfSMrs3Rq2AUH/EBb2apls2kKwOZy9Di55zTUwSfm9IQCnbftxWN8nTpqCP4PnpF8+p00h3/AnsPSRCvRtwZBu+ffPL0M40QnAOeJYYAsKYHsDCfkPa26Q/QffG9XQkWN6b8eTk9cInLW0=~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT edge; dur=1
vary: Accept-Encoding
content-length: 134
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 01 Nov 2019 14:46:29 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: public, max-age=13194
accept-ranges: bytes
expires: Thu, 27 May 2021 00:34:49 GMT

GET
H2 200 blocks.style.build.css
www.mcafee.com/wp-content/plugins/social-polls-by-opinionstage/gutenberg/slideshow/dist/ 141 B
497 B 84ms
78ms Stylesheet
text/css 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/plugins/social-polls-by-opinionstage/gutenberg/slideshow/dist/blocks.style.build.css?ver=5.4.2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

346aae6f2e04a045081edf8a6b0e9d9ccaedb005b95fa1d6521db1e5724325ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/social-polls-by-opinionstage/gutenberg/slideshow/dist/blocks.style.build.css?ver=5.4.2
pragma: no-cache
cookie: bm_sz=002DF1B055598189835F07F34F5748D6~YAAQbrsQAocM6p15AQAAmXh1qguzYGIOBVHUJUWOdVGTrbwrZK18N7VDULZ2hoT+9ipmHbJxHm+xtQaX7Be4VVLvRaniMlavQO3pGTl0IKsyz0IEhH7EI/i3KrjKAQwaud//hmGFoeMu5+fd6x4YAiEM+Wn/bA2TL1yiCCAZyWHJ8TMMaBs9m33qoPZETwP7; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAogM6p15AQAAmXh1qgVsoIDiaaYGHh/rQWG1zQ+AKAPiBcZy9rBAEesAI8KY6FpslZwe/9kdGIkuORGxkC4yuK7exqRpkF9rBntMRdmmBNO2cYflLr293caFN5HPu+81+a8OtdvCqodWXmgpaxAF5gDllxiAI+DuWltdFw9/sgQCTU0N4lgexpX1mMiSkbl+oOlqzuuKYPj31M/3xEjLbwnRZ6SRVGlMPwArZYfSMrs3Rq2AUH/EBb2apls2kKwOZy9Di55zTUwSfm9IQCnbftxWN8nTpqCP4PnpF8+p00h3/AnsPSRCvRtwZBu+ffPL0M40QnAOeJYYAsKYHsDCfkPa26Q/QffG9XQkWN6b8eTk9cInLW0=~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT edge; dur=1
content-length: 134
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 01 Nov 2019 14:46:29 GMT
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: public, max-age=13154
accept-ranges: bytes
expires: Thu, 27 May 2021 00:34:09 GMT

GET
H2 200 blocks.style.build.css
www.mcafee.com/wp-content/plugins/social-polls-by-opinionstage/gutenberg/form/dist/ 141 B
488 B 91ms
85ms Stylesheet
text/css 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/plugins/social-polls-by-opinionstage/gutenberg/form/dist/blocks.style.build.css?ver=5.4.2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

346aae6f2e04a045081edf8a6b0e9d9ccaedb005b95fa1d6521db1e5724325ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/social-polls-by-opinionstage/gutenberg/form/dist/blocks.style.build.css?ver=5.4.2
pragma: no-cache
cookie: bm_sz=002DF1B055598189835F07F34F5748D6~YAAQbrsQAocM6p15AQAAmXh1qguzYGIOBVHUJUWOdVGTrbwrZK18N7VDULZ2hoT+9ipmHbJxHm+xtQaX7Be4VVLvRaniMlavQO3pGTl0IKsyz0IEhH7EI/i3KrjKAQwaud//hmGFoeMu5+fd6x4YAiEM+Wn/bA2TL1yiCCAZyWHJ8TMMaBs9m33qoPZETwP7; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAogM6p15AQAAmXh1qgVsoIDiaaYGHh/rQWG1zQ+AKAPiBcZy9rBAEesAI8KY6FpslZwe/9kdGIkuORGxkC4yuK7exqRpkF9rBntMRdmmBNO2cYflLr293caFN5HPu+81+a8OtdvCqodWXmgpaxAF5gDllxiAI+DuWltdFw9/sgQCTU0N4lgexpX1mMiSkbl+oOlqzuuKYPj31M/3xEjLbwnRZ6SRVGlMPwArZYfSMrs3Rq2AUH/EBb2apls2kKwOZy9Di55zTUwSfm9IQCnbftxWN8nTpqCP4PnpF8+p00h3/AnsPSRCvRtwZBu+ffPL0M40QnAOeJYYAsKYHsDCfkPa26Q/QffG9XQkWN6b8eTk9cInLW0=~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT edge; dur=1
vary: Accept-Encoding
content-length: 134
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 01 Nov 2019 14:46:29 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: public, max-age=4462
accept-ranges: bytes
expires: Wed, 26 May 2021 22:09:17 GMT

GET
H2 200 blocks.style.build.css
www.mcafee.com/wp-content/plugins/metronet-profile-picture/dist/ 27 KB
4 KB 99ms
93ms Stylesheet
text/css 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.3.8

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

57cd1d26474ce5b3da3a5167accb4460197ae0e15a10d99dabb3e0ac35510bfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.3.8
pragma: no-cache
cookie: bm_sz=002DF1B055598189835F07F34F5748D6~YAAQbrsQAocM6p15AQAAmXh1qguzYGIOBVHUJUWOdVGTrbwrZK18N7VDULZ2hoT+9ipmHbJxHm+xtQaX7Be4VVLvRaniMlavQO3pGTl0IKsyz0IEhH7EI/i3KrjKAQwaud//hmGFoeMu5+fd6x4YAiEM+Wn/bA2TL1yiCCAZyWHJ8TMMaBs9m33qoPZETwP7; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAogM6p15AQAAmXh1qgVsoIDiaaYGHh/rQWG1zQ+AKAPiBcZy9rBAEesAI8KY6FpslZwe/9kdGIkuORGxkC4yuK7exqRpkF9rBntMRdmmBNO2cYflLr293caFN5HPu+81+a8OtdvCqodWXmgpaxAF5gDllxiAI+DuWltdFw9/sgQCTU0N4lgexpX1mMiSkbl+oOlqzuuKYPj31M/3xEjLbwnRZ6SRVGlMPwArZYfSMrs3Rq2AUH/EBb2apls2kKwOZy9Di55zTUwSfm9IQCnbftxWN8nTpqCP4PnpF8+p00h3/AnsPSRCvRtwZBu+ffPL0M40QnAOeJYYAsKYHsDCfkPa26Q/QffG9XQkWN6b8eTk9cInLW0=~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT edge; dur=1
vary: Accept-Encoding
content-length: 3222
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 01 Nov 2019 14:46:34 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: public, max-age=13115
accept-ranges: bytes
expires: Thu, 27 May 2021 00:33:31 GMT

GET
H2 200 dashicons.min.css
www.mcafee.com/wp-includes/css/ 46 KB
28 KB 107ms
101ms Stylesheet
text/css 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-includes/css/dashicons.min.css?ver=5.4.2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

18aa66c192cbef43a61b1398c292ae5c6c1d40d679428ee998b1c6bfaf61d75a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-includes/css/dashicons.min.css?ver=5.4.2
pragma: no-cache
cookie: bm_sz=002DF1B055598189835F07F34F5748D6~YAAQbrsQAocM6p15AQAAmXh1qguzYGIOBVHUJUWOdVGTrbwrZK18N7VDULZ2hoT+9ipmHbJxHm+xtQaX7Be4VVLvRaniMlavQO3pGTl0IKsyz0IEhH7EI/i3KrjKAQwaud//hmGFoeMu5+fd6x4YAiEM+Wn/bA2TL1yiCCAZyWHJ8TMMaBs9m33qoPZETwP7; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAogM6p15AQAAmXh1qgVsoIDiaaYGHh/rQWG1zQ+AKAPiBcZy9rBAEesAI8KY6FpslZwe/9kdGIkuORGxkC4yuK7exqRpkF9rBntMRdmmBNO2cYflLr293caFN5HPu+81+a8OtdvCqodWXmgpaxAF5gDllxiAI+DuWltdFw9/sgQCTU0N4lgexpX1mMiSkbl+oOlqzuuKYPj31M/3xEjLbwnRZ6SRVGlMPwArZYfSMrs3Rq2AUH/EBb2apls2kKwOZy9Di55zTUwSfm9IQCnbftxWN8nTpqCP4PnpF8+p00h3/AnsPSRCvRtwZBu+ffPL0M40QnAOeJYYAsKYHsDCfkPa26Q/QffG9XQkWN6b8eTk9cInLW0=~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT edge; dur=1
vary: Accept-Encoding
content-length: 28500
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 18 Nov 2019 20:40:58 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: public, max-age=3343
accept-ranges: bytes
expires: Wed, 26 May 2021 21:50:39 GMT

GET
H2 200 wpmm.css
www.mcafee.com/wp-content/plugins/wp-megamenu/assets/css/ 44 KB
6 KB 116ms
110ms Stylesheet
text/css 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/plugins/wp-megamenu/assets/css/wpmm.css?ver=1.3.1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

ff12873304e673cedcf68826bd298522ec9366a2e50b0ce4061c28012c631828

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/wp-megamenu/assets/css/wpmm.css?ver=1.3.1
pragma: no-cache
cookie: bm_sz=002DF1B055598189835F07F34F5748D6~YAAQbrsQAocM6p15AQAAmXh1qguzYGIOBVHUJUWOdVGTrbwrZK18N7VDULZ2hoT+9ipmHbJxHm+xtQaX7Be4VVLvRaniMlavQO3pGTl0IKsyz0IEhH7EI/i3KrjKAQwaud//hmGFoeMu5+fd6x4YAiEM+Wn/bA2TL1yiCCAZyWHJ8TMMaBs9m33qoPZETwP7; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAogM6p15AQAAmXh1qgVsoIDiaaYGHh/rQWG1zQ+AKAPiBcZy9rBAEesAI8KY6FpslZwe/9kdGIkuORGxkC4yuK7exqRpkF9rBntMRdmmBNO2cYflLr293caFN5HPu+81+a8OtdvCqodWXmgpaxAF5gDllxiAI+DuWltdFw9/sgQCTU0N4lgexpX1mMiSkbl+oOlqzuuKYPj31M/3xEjLbwnRZ6SRVGlMPwArZYfSMrs3Rq2AUH/EBb2apls2kKwOZy9Di55zTUwSfm9IQCnbftxWN8nTpqCP4PnpF8+p00h3/AnsPSRCvRtwZBu+ffPL0M40QnAOeJYYAsKYHsDCfkPa26Q/QffG9XQkWN6b8eTk9cInLW0=~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT edge; dur=1
vary: Accept-Encoding
content-length: 5566
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 15 Nov 2019 07:51:07 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
access-control-allow-methods: *
content-type: text/css; charset=utf-8
cache-control: public, max-age=5282
accept-ranges: bytes
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
expires: Wed, 26 May 2021 22:22:58 GMT

GET
H2 200 wp-megamenu.css
www.mcafee.com/wp-content/uploads/wp-megamenu/ 18 KB
2 KB 129ms
124ms Stylesheet
text/css 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/uploads/wp-megamenu/wp-megamenu.css?ver=1.3.1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c28b11b88f25260096e090cba278a677c0c4f0d1f36570e6c173865d7c261ba6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/uploads/wp-megamenu/wp-megamenu.css?ver=1.3.1
pragma: no-cache
cookie: bm_sz=002DF1B055598189835F07F34F5748D6~YAAQbrsQAocM6p15AQAAmXh1qguzYGIOBVHUJUWOdVGTrbwrZK18N7VDULZ2hoT+9ipmHbJxHm+xtQaX7Be4VVLvRaniMlavQO3pGTl0IKsyz0IEhH7EI/i3KrjKAQwaud//hmGFoeMu5+fd6x4YAiEM+Wn/bA2TL1yiCCAZyWHJ8TMMaBs9m33qoPZETwP7; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAogM6p15AQAAmXh1qgVsoIDiaaYGHh/rQWG1zQ+AKAPiBcZy9rBAEesAI8KY6FpslZwe/9kdGIkuORGxkC4yuK7exqRpkF9rBntMRdmmBNO2cYflLr293caFN5HPu+81+a8OtdvCqodWXmgpaxAF5gDllxiAI+DuWltdFw9/sgQCTU0N4lgexpX1mMiSkbl+oOlqzuuKYPj31M/3xEjLbwnRZ6SRVGlMPwArZYfSMrs3Rq2AUH/EBb2apls2kKwOZy9Di55zTUwSfm9IQCnbftxWN8nTpqCP4PnpF8+p00h3/AnsPSRCvRtwZBu+ffPL0M40QnAOeJYYAsKYHsDCfkPa26Q/QffG9XQkWN6b8eTk9cInLW0=~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT edge; dur=1
vary: Accept-Encoding
content-length: 1625
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 20 May 2020 03:32:13 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: public, max-age=13273
accept-ranges: bytes
expires: Thu, 27 May 2021 00:36:09 GMT

GET
H2 200 wpmm-featuresbox.css
www.mcafee.com/wp-content/plugins/wp-megamenu/addons/wpmm-featuresbox/ 868 B
684 B 136ms
130ms Stylesheet
text/css 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/plugins/wp-megamenu/addons/wpmm-featuresbox/wpmm-featuresbox.css?ver=1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c7243883df019158d584ad142b9b69ab0ff43312e939b1cd9b44b14c1a1d44f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/wp-megamenu/addons/wpmm-featuresbox/wpmm-featuresbox.css?ver=1
pragma: no-cache
cookie: bm_sz=002DF1B055598189835F07F34F5748D6~YAAQbrsQAocM6p15AQAAmXh1qguzYGIOBVHUJUWOdVGTrbwrZK18N7VDULZ2hoT+9ipmHbJxHm+xtQaX7Be4VVLvRaniMlavQO3pGTl0IKsyz0IEhH7EI/i3KrjKAQwaud//hmGFoeMu5+fd6x4YAiEM+Wn/bA2TL1yiCCAZyWHJ8TMMaBs9m33qoPZETwP7; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAogM6p15AQAAmXh1qgVsoIDiaaYGHh/rQWG1zQ+AKAPiBcZy9rBAEesAI8KY6FpslZwe/9kdGIkuORGxkC4yuK7exqRpkF9rBntMRdmmBNO2cYflLr293caFN5HPu+81+a8OtdvCqodWXmgpaxAF5gDllxiAI+DuWltdFw9/sgQCTU0N4lgexpX1mMiSkbl+oOlqzuuKYPj31M/3xEjLbwnRZ6SRVGlMPwArZYfSMrs3Rq2AUH/EBb2apls2kKwOZy9Di55zTUwSfm9IQCnbftxWN8nTpqCP4PnpF8+p00h3/AnsPSRCvRtwZBu+ffPL0M40QnAOeJYYAsKYHsDCfkPa26Q/QffG9XQkWN6b8eTk9cInLW0=~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT edge; dur=1
content-length: 322
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 15 Nov 2019 04:18:17 GMT
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: public, max-age=13984
accept-ranges: bytes
expires: Thu, 27 May 2021 00:48:00 GMT

GET
H2 200 wpmm-gridpost.css
www.mcafee.com/wp-content/plugins/wp-megamenu/addons/wpmm-gridpost/ 6 KB
2 KB 144ms
138ms Stylesheet
text/css 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/plugins/wp-megamenu/addons/wpmm-gridpost/wpmm-gridpost.css?ver=1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

5fef6314aa3fafeb4b0bc082cb5214b85d89edddb817095796d77875073c2f76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/wp-megamenu/addons/wpmm-gridpost/wpmm-gridpost.css?ver=1
pragma: no-cache
cookie: bm_sz=002DF1B055598189835F07F34F5748D6~YAAQbrsQAocM6p15AQAAmXh1qguzYGIOBVHUJUWOdVGTrbwrZK18N7VDULZ2hoT+9ipmHbJxHm+xtQaX7Be4VVLvRaniMlavQO3pGTl0IKsyz0IEhH7EI/i3KrjKAQwaud//hmGFoeMu5+fd6x4YAiEM+Wn/bA2TL1yiCCAZyWHJ8TMMaBs9m33qoPZETwP7; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAogM6p15AQAAmXh1qgVsoIDiaaYGHh/rQWG1zQ+AKAPiBcZy9rBAEesAI8KY6FpslZwe/9kdGIkuORGxkC4yuK7exqRpkF9rBntMRdmmBNO2cYflLr293caFN5HPu+81+a8OtdvCqodWXmgpaxAF5gDllxiAI+DuWltdFw9/sgQCTU0N4lgexpX1mMiSkbl+oOlqzuuKYPj31M/3xEjLbwnRZ6SRVGlMPwArZYfSMrs3Rq2AUH/EBb2apls2kKwOZy9Di55zTUwSfm9IQCnbftxWN8nTpqCP4PnpF8+p00h3/AnsPSRCvRtwZBu+ffPL0M40QnAOeJYYAsKYHsDCfkPa26Q/QffG9XQkWN6b8eTk9cInLW0=~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT edge; dur=1
content-length: 1484
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 15 Nov 2019 04:18:18 GMT
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: public, max-age=3898
accept-ranges: bytes
expires: Wed, 26 May 2021 21:59:54 GMT

GET
H2 200 font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
7 KB 26ms
21ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css?ver=5.4.2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 723, 617
age: 2907762
cdn-cachedat: 2021-04-23 07:08:31
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a4c0e90ba0000dfcbc5934000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 348c076542f09579a60d7934349c12c1
cf-ray: 6559e6c79dcbdfcb-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H2 200 css
fonts.googleapis.com/ 4 KB
719 B 20ms
15ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans%3A300%2C400&ver=5.4.2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

db0ac1fb3211317ba0cb57d7e4c44c14cfe507beeeac8d8b9c234a23202eb851

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 26 May 2021 19:30:42 GMT
server: ESF
date: Wed, 26 May 2021 20:54:55 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 26 May 2021 20:54:55 GMT

GET
H2 200 style.css
www.mcafee.com/wp-content/themes/securingtomorrow/ 28 KB
6 KB 150ms
145ms Stylesheet
text/css 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/themes/securingtomorrow/style.css?ver=5.4.2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0b6c65a5fd1492c1595779918197dfd0facb389988a6a4aa651fbe2bfebe2165

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/themes/securingtomorrow/style.css?ver=5.4.2
pragma: no-cache
cookie: bm_sz=002DF1B055598189835F07F34F5748D6~YAAQbrsQAocM6p15AQAAmXh1qguzYGIOBVHUJUWOdVGTrbwrZK18N7VDULZ2hoT+9ipmHbJxHm+xtQaX7Be4VVLvRaniMlavQO3pGTl0IKsyz0IEhH7EI/i3KrjKAQwaud//hmGFoeMu5+fd6x4YAiEM+Wn/bA2TL1yiCCAZyWHJ8TMMaBs9m33qoPZETwP7; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAogM6p15AQAAmXh1qgVsoIDiaaYGHh/rQWG1zQ+AKAPiBcZy9rBAEesAI8KY6FpslZwe/9kdGIkuORGxkC4yuK7exqRpkF9rBntMRdmmBNO2cYflLr293caFN5HPu+81+a8OtdvCqodWXmgpaxAF5gDllxiAI+DuWltdFw9/sgQCTU0N4lgexpX1mMiSkbl+oOlqzuuKYPj31M/3xEjLbwnRZ6SRVGlMPwArZYfSMrs3Rq2AUH/EBb2apls2kKwOZy9Di55zTUwSfm9IQCnbftxWN8nTpqCP4PnpF8+p00h3/AnsPSRCvRtwZBu+ffPL0M40QnAOeJYYAsKYHsDCfkPa26Q/QffG9XQkWN6b8eTk9cInLW0=~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT edge; dur=1
vary: Accept-Encoding
content-length: 5816
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 06 Dec 2019 03:36:07 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: public, max-age=14068
accept-ranges: bytes
expires: Thu, 27 May 2021 00:49:24 GMT

GET
H2 200 front.css
www.mcafee.com/wp-content/plugins/super-socializer/css/ 53 KB
15 KB 158ms
153ms Stylesheet
text/css 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/plugins/super-socializer/css/front.css?ver=7.12.37

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

ca9c79b0dc7041ecfd9690d4856309d5b863c3c09964ae023e46407e872160f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/super-socializer/css/front.css?ver=7.12.37
pragma: no-cache
cookie: bm_sz=002DF1B055598189835F07F34F5748D6~YAAQbrsQAocM6p15AQAAmXh1qguzYGIOBVHUJUWOdVGTrbwrZK18N7VDULZ2hoT+9ipmHbJxHm+xtQaX7Be4VVLvRaniMlavQO3pGTl0IKsyz0IEhH7EI/i3KrjKAQwaud//hmGFoeMu5+fd6x4YAiEM+Wn/bA2TL1yiCCAZyWHJ8TMMaBs9m33qoPZETwP7; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAogM6p15AQAAmXh1qgVsoIDiaaYGHh/rQWG1zQ+AKAPiBcZy9rBAEesAI8KY6FpslZwe/9kdGIkuORGxkC4yuK7exqRpkF9rBntMRdmmBNO2cYflLr293caFN5HPu+81+a8OtdvCqodWXmgpaxAF5gDllxiAI+DuWltdFw9/sgQCTU0N4lgexpX1mMiSkbl+oOlqzuuKYPj31M/3xEjLbwnRZ6SRVGlMPwArZYfSMrs3Rq2AUH/EBb2apls2kKwOZy9Di55zTUwSfm9IQCnbftxWN8nTpqCP4PnpF8+p00h3/AnsPSRCvRtwZBu+ffPL0M40QnAOeJYYAsKYHsDCfkPa26Q/QffG9XQkWN6b8eTk9cInLW0=~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT edge; dur=1
content-length: 14531
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 01 Nov 2019 14:46:32 GMT
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: public, max-age=3373
accept-ranges: bytes
expires: Wed, 26 May 2021 21:51:09 GMT

GET
H2 200 addtoany.min.css
www.mcafee.com/wp-content/plugins/add-to-any/ 1 KB
825 B 161ms
158ms Stylesheet
text/css 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.15

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

a94558535ca72995a47883885d6fdfdee113dcbb8e937e88196f25cb181c72b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/add-to-any/addtoany.min.css?ver=1.15
pragma: no-cache
cookie: bm_sz=002DF1B055598189835F07F34F5748D6~YAAQbrsQAocM6p15AQAAmXh1qguzYGIOBVHUJUWOdVGTrbwrZK18N7VDULZ2hoT+9ipmHbJxHm+xtQaX7Be4VVLvRaniMlavQO3pGTl0IKsyz0IEhH7EI/i3KrjKAQwaud//hmGFoeMu5+fd6x4YAiEM+Wn/bA2TL1yiCCAZyWHJ8TMMaBs9m33qoPZETwP7; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAogM6p15AQAAmXh1qgVsoIDiaaYGHh/rQWG1zQ+AKAPiBcZy9rBAEesAI8KY6FpslZwe/9kdGIkuORGxkC4yuK7exqRpkF9rBntMRdmmBNO2cYflLr293caFN5HPu+81+a8OtdvCqodWXmgpaxAF5gDllxiAI+DuWltdFw9/sgQCTU0N4lgexpX1mMiSkbl+oOlqzuuKYPj31M/3xEjLbwnRZ6SRVGlMPwArZYfSMrs3Rq2AUH/EBb2apls2kKwOZy9Di55zTUwSfm9IQCnbftxWN8nTpqCP4PnpF8+p00h3/AnsPSRCvRtwZBu+ffPL0M40QnAOeJYYAsKYHsDCfkPa26Q/QffG9XQkWN6b8eTk9cInLW0=~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT edge; dur=1
content-length: 462
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 01 Nov 2019 14:46:24 GMT
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css; charset=utf-8
cache-control: public, max-age=12148
accept-ranges: bytes
expires: Thu, 27 May 2021 00:17:24 GMT

GET
H2 200 css
fonts.googleapis.com/ 18 KB
985 B 18ms
15ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&ver=1.3.1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0e3c3790d3ef5f000a5eb4242e477574ee5f23298bca99dc2c81fd007afd45b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 26 May 2021 20:26:07 GMT
server: ESF
date: Wed, 26 May 2021 20:54:55 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 26 May 2021 20:54:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 9 KB
732 B 19ms
16ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald%3A200%2C300%2Cregular%2C500%2C600%2C700&ver=1.3.1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

eb54321d72896f9db33897fd543c09aec72ea0f39258abfebb3dbf6947288961

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 26 May 2021 20:28:06 GMT
server: ESF
date: Wed, 26 May 2021 20:54:55 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 26 May 2021 20:54:55 GMT

GET
H2 200 jquery-3.4.1.min.js Show response
www.mcafee.com/wp-content/plugins/jquery-updater/js/ 86 KB
87 KB 190ms
187ms Script
application/javascript 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/plugins/jquery-updater/js/jquery-3.4.1.min.js?ver=3.4.1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/jquery-updater/js/jquery-3.4.1.min.js?ver=3.4.1
pragma: no-cache
cookie: bm_sz=002DF1B055598189835F07F34F5748D6~YAAQbrsQAocM6p15AQAAmXh1qguzYGIOBVHUJUWOdVGTrbwrZK18N7VDULZ2hoT+9ipmHbJxHm+xtQaX7Be4VVLvRaniMlavQO3pGTl0IKsyz0IEhH7EI/i3KrjKAQwaud//hmGFoeMu5+fd6x4YAiEM+Wn/bA2TL1yiCCAZyWHJ8TMMaBs9m33qoPZETwP7; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAogM6p15AQAAmXh1qgVsoIDiaaYGHh/rQWG1zQ+AKAPiBcZy9rBAEesAI8KY6FpslZwe/9kdGIkuORGxkC4yuK7exqRpkF9rBntMRdmmBNO2cYflLr293caFN5HPu+81+a8OtdvCqodWXmgpaxAF5gDllxiAI+DuWltdFw9/sgQCTU0N4lgexpX1mMiSkbl+oOlqzuuKYPj31M/3xEjLbwnRZ6SRVGlMPwArZYfSMrs3Rq2AUH/EBb2apls2kKwOZy9Di55zTUwSfm9IQCnbftxWN8nTpqCP4PnpF8+p00h3/AnsPSRCvRtwZBu+ffPL0M40QnAOeJYYAsKYHsDCfkPa26Q/QffG9XQkWN6b8eTk9cInLW0=~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 01 Nov 2019 14:46:27 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: public, max-age=11937
content-disposition: inline
server-timing: cdn-cache; desc=HIT edge; dur=1
accept-ranges: bytes
content-length: 88145
x-content-type-options: nosniff
expires: Thu, 27 May 2021 00:13:53 GMT

GET
H2 200 addtoany.min.js Show response
www.mcafee.com/wp-content/plugins/add-to-any/ 129 B
479 B 208ms
204ms Script
application/javascript 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1
pragma: no-cache
cookie: bm_sz=002DF1B055598189835F07F34F5748D6~YAAQbrsQAocM6p15AQAAmXh1qguzYGIOBVHUJUWOdVGTrbwrZK18N7VDULZ2hoT+9ipmHbJxHm+xtQaX7Be4VVLvRaniMlavQO3pGTl0IKsyz0IEhH7EI/i3KrjKAQwaud//hmGFoeMu5+fd6x4YAiEM+Wn/bA2TL1yiCCAZyWHJ8TMMaBs9m33qoPZETwP7; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAogM6p15AQAAmXh1qgVsoIDiaaYGHh/rQWG1zQ+AKAPiBcZy9rBAEesAI8KY6FpslZwe/9kdGIkuORGxkC4yuK7exqRpkF9rBntMRdmmBNO2cYflLr293caFN5HPu+81+a8OtdvCqodWXmgpaxAF5gDllxiAI+DuWltdFw9/sgQCTU0N4lgexpX1mMiSkbl+oOlqzuuKYPj31M/3xEjLbwnRZ6SRVGlMPwArZYfSMrs3Rq2AUH/EBb2apls2kKwOZy9Di55zTUwSfm9IQCnbftxWN8nTpqCP4PnpF8+p00h3/AnsPSRCvRtwZBu+ffPL0M40QnAOeJYYAsKYHsDCfkPa26Q/QffG9XQkWN6b8eTk9cInLW0=~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 01 Nov 2019 14:46:24 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: public, max-age=3934
content-disposition: inline
server-timing: cdn-cache; desc=HIT edge; dur=1
accept-ranges: bytes
content-length: 129
x-content-type-options: nosniff
expires: Wed, 26 May 2021 22:00:30 GMT

GET
H2 200 wpmm-featuresbox.js Show response
www.mcafee.com/wp-content/plugins/wp-megamenu/addons/wpmm-featuresbox/ 488 B
840 B 208ms
205ms Script
application/javascript 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/plugins/wp-megamenu/addons/wpmm-featuresbox/wpmm-featuresbox.js?ver=1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

eff0e1854fa55be60eda0bdadc46196855405268c7dd0bfa17bbc659f04c1ae6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/wp-megamenu/addons/wpmm-featuresbox/wpmm-featuresbox.js?ver=1
pragma: no-cache
cookie: bm_sz=002DF1B055598189835F07F34F5748D6~YAAQbrsQAocM6p15AQAAmXh1qguzYGIOBVHUJUWOdVGTrbwrZK18N7VDULZ2hoT+9ipmHbJxHm+xtQaX7Be4VVLvRaniMlavQO3pGTl0IKsyz0IEhH7EI/i3KrjKAQwaud//hmGFoeMu5+fd6x4YAiEM+Wn/bA2TL1yiCCAZyWHJ8TMMaBs9m33qoPZETwP7; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAogM6p15AQAAmXh1qgVsoIDiaaYGHh/rQWG1zQ+AKAPiBcZy9rBAEesAI8KY6FpslZwe/9kdGIkuORGxkC4yuK7exqRpkF9rBntMRdmmBNO2cYflLr293caFN5HPu+81+a8OtdvCqodWXmgpaxAF5gDllxiAI+DuWltdFw9/sgQCTU0N4lgexpX1mMiSkbl+oOlqzuuKYPj31M/3xEjLbwnRZ6SRVGlMPwArZYfSMrs3Rq2AUH/EBb2apls2kKwOZy9Di55zTUwSfm9IQCnbftxWN8nTpqCP4PnpF8+p00h3/AnsPSRCvRtwZBu+ffPL0M40QnAOeJYYAsKYHsDCfkPa26Q/QffG9XQkWN6b8eTk9cInLW0=~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 15 Nov 2019 04:18:17 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: public, max-age=12436
content-disposition: inline
server-timing: cdn-cache; desc=HIT edge; dur=1
accept-ranges: bytes
content-length: 488
x-content-type-options: nosniff
expires: Thu, 27 May 2021 00:22:12 GMT

GET
H2 200 wpmm-gridpost.js Show response
www.mcafee.com/wp-content/plugins/wp-megamenu/addons/wpmm-gridpost/ 2 KB
3 KB 209ms
206ms Script
application/javascript 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/plugins/wp-megamenu/addons/wpmm-gridpost/wpmm-gridpost.js?ver=1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

2e770bd9e02e484d6aacb06aa5a10129a2a21082b03e3dadeb283c045f61b33e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/wp-megamenu/addons/wpmm-gridpost/wpmm-gridpost.js?ver=1
pragma: no-cache
cookie: bm_sz=002DF1B055598189835F07F34F5748D6~YAAQbrsQAocM6p15AQAAmXh1qguzYGIOBVHUJUWOdVGTrbwrZK18N7VDULZ2hoT+9ipmHbJxHm+xtQaX7Be4VVLvRaniMlavQO3pGTl0IKsyz0IEhH7EI/i3KrjKAQwaud//hmGFoeMu5+fd6x4YAiEM+Wn/bA2TL1yiCCAZyWHJ8TMMaBs9m33qoPZETwP7; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAogM6p15AQAAmXh1qgVsoIDiaaYGHh/rQWG1zQ+AKAPiBcZy9rBAEesAI8KY6FpslZwe/9kdGIkuORGxkC4yuK7exqRpkF9rBntMRdmmBNO2cYflLr293caFN5HPu+81+a8OtdvCqodWXmgpaxAF5gDllxiAI+DuWltdFw9/sgQCTU0N4lgexpX1mMiSkbl+oOlqzuuKYPj31M/3xEjLbwnRZ6SRVGlMPwArZYfSMrs3Rq2AUH/EBb2apls2kKwOZy9Di55zTUwSfm9IQCnbftxWN8nTpqCP4PnpF8+p00h3/AnsPSRCvRtwZBu+ffPL0M40QnAOeJYYAsKYHsDCfkPa26Q/QffG9XQkWN6b8eTk9cInLW0=~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 15 Nov 2019 04:18:18 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: public, max-age=5105
content-disposition: inline
server-timing: cdn-cache; desc=HIT edge; dur=1
accept-ranges: bytes
content-length: 2493
x-content-type-options: nosniff
expires: Wed, 26 May 2021 22:20:01 GMT

GET
H2 200 blog.css
www.mcafee.com/enterprise/www/css/ 21 KB
5 KB 181ms
178ms Stylesheet
text/css 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/enterprise/www/css/blog.css

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

96468d2b9a65383028178f08195544fc5a43bb4772196daade5b4fcb9b0b2ecb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /enterprise/www/css/blog.css
pragma: no-cache
cookie: bm_sz=002DF1B055598189835F07F34F5748D6~YAAQbrsQAocM6p15AQAAmXh1qguzYGIOBVHUJUWOdVGTrbwrZK18N7VDULZ2hoT+9ipmHbJxHm+xtQaX7Be4VVLvRaniMlavQO3pGTl0IKsyz0IEhH7EI/i3KrjKAQwaud//hmGFoeMu5+fd6x4YAiEM+Wn/bA2TL1yiCCAZyWHJ8TMMaBs9m33qoPZETwP7; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAogM6p15AQAAmXh1qgVsoIDiaaYGHh/rQWG1zQ+AKAPiBcZy9rBAEesAI8KY6FpslZwe/9kdGIkuORGxkC4yuK7exqRpkF9rBntMRdmmBNO2cYflLr293caFN5HPu+81+a8OtdvCqodWXmgpaxAF5gDllxiAI+DuWltdFw9/sgQCTU0N4lgexpX1mMiSkbl+oOlqzuuKYPj31M/3xEjLbwnRZ6SRVGlMPwArZYfSMrs3Rq2AUH/EBb2apls2kKwOZy9Di55zTUwSfm9IQCnbftxWN8nTpqCP4PnpF8+p00h3/AnsPSRCvRtwZBu+ffPL0M40QnAOeJYYAsKYHsDCfkPa26Q/QffG9XQkWN6b8eTk9cInLW0=~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT edge; dur=1
content-length: 5090
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 21 Apr 2021 15:55:46 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "55e6-5c07d98874480-gzip"
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css
cache-control: public, max-age=13148
accept-ranges: bytes
expires: Thu, 27 May 2021 00:34:04 GMT

GET
H2 200 header_enterprise.js Show response
www.mcafee.com/wp-content/themes/securingtomorrow/js/ 1 KB
2 KB 214ms
211ms Script
application/javascript 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/themes/securingtomorrow/js/header_enterprise.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

a26221987e4db0e8684c0afc2a25466f48654ad64755ef58e9facb874beaaec3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/themes/securingtomorrow/js/header_enterprise.js
pragma: no-cache
cookie: bm_sz=002DF1B055598189835F07F34F5748D6~YAAQbrsQAocM6p15AQAAmXh1qguzYGIOBVHUJUWOdVGTrbwrZK18N7VDULZ2hoT+9ipmHbJxHm+xtQaX7Be4VVLvRaniMlavQO3pGTl0IKsyz0IEhH7EI/i3KrjKAQwaud//hmGFoeMu5+fd6x4YAiEM+Wn/bA2TL1yiCCAZyWHJ8TMMaBs9m33qoPZETwP7; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAogM6p15AQAAmXh1qgVsoIDiaaYGHh/rQWG1zQ+AKAPiBcZy9rBAEesAI8KY6FpslZwe/9kdGIkuORGxkC4yuK7exqRpkF9rBntMRdmmBNO2cYflLr293caFN5HPu+81+a8OtdvCqodWXmgpaxAF5gDllxiAI+DuWltdFw9/sgQCTU0N4lgexpX1mMiSkbl+oOlqzuuKYPj31M/3xEjLbwnRZ6SRVGlMPwArZYfSMrs3Rq2AUH/EBb2apls2kKwOZy9Di55zTUwSfm9IQCnbftxWN8nTpqCP4PnpF8+p00h3/AnsPSRCvRtwZBu+ffPL0M40QnAOeJYYAsKYHsDCfkPa26Q/QffG9XQkWN6b8eTk9cInLW0=~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 15 Nov 2019 04:15:06 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: public, max-age=1899
content-disposition: inline
server-timing: cdn-cache; desc=HIT edge; dur=1
accept-ranges: bytes
content-length: 1408
x-content-type-options: nosniff
expires: Wed, 26 May 2021 21:26:35 GMT

GET
H2 200 logo-white.svg
www.mcafee.com/enterprise/en-us/img/icons/ 1 KB
2 KB 40ms
40ms Image
image/svg+xml 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/enterprise/en-us/img/icons/logo-white.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e4aef0aba15680c1b745414a7c7bc39cdbeda17f1de0c7bf57bf90378b6a5d26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /enterprise/en-us/img/icons/logo-white.svg
pragma: no-cache
cookie: _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAokM6p15AQAAnnl1qgXFt9FAqI8wC40oyRoCCestQBVlWmDUFnxFXZQ82xpFI8cjP5sAp0XaF829PnS7blfrTFMJi7GCsMj2y4eEGpUl2PVkMjGG4suHaK9FIukF+SxaPYhCrCn4Yh0wrhHauF6xOrxvB8zLiGIqCLxgRBg2nBTQYgzQn0biFVva+IcIRrGUW56kc1ETi+qYod7nQNfE2GAx4u+FUPbzGLdABD2LJlCWwJoGWxXhDgmdXZAWc3CAEaQXMlBJj1Z5vFBizGkUCw/XiYcWd2EUlrqVrEWqedcaoE+NQ4Z9xk3xFURiujRKMbUj1b+Nh8Bo+9UCmT9S2lbUZ9e+ycmmEnMGpHmrO9qhqX8MbX0QqxN03WocdU0eCmOPOQ==~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-disposition: attachment; filename="logo-white.svg"
server-timing: cdn-cache; desc=HIT edge; dur=1
content-length: 1296
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 04 Oct 2019 23:37:56 GMT
server: Apache
etag: "510-5941e31069d00"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: max-age=0
accept-ranges: bytes
expires: Wed, 26 May 2021 20:54:56 GMT

GET
H2 200 light-shield-pattern.png
www.mcafee.com/wp-content/themes/securingtomorrow/img/ 12 KB
13 KB 37ms
36ms Image
image/webp 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/themes/securingtomorrow/img/light-shield-pattern.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

32076e265e72764cd8497cc0d0678dae2bbe6cdf9d8c53ef1b91f9899e994e6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/securingtomorrow/img/light-shield-pattern.png
pragma: no-cache
cookie: _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAokM6p15AQAAnnl1qgXFt9FAqI8wC40oyRoCCestQBVlWmDUFnxFXZQ82xpFI8cjP5sAp0XaF829PnS7blfrTFMJi7GCsMj2y4eEGpUl2PVkMjGG4suHaK9FIukF+SxaPYhCrCn4Yh0wrhHauF6xOrxvB8zLiGIqCLxgRBg2nBTQYgzQn0biFVva+IcIRrGUW56kc1ETi+qYod7nQNfE2GAx4u+FUPbzGLdABD2LJlCWwJoGWxXhDgmdXZAWc3CAEaQXMlBJj1Z5vFBizGkUCw/XiYcWd2EUlrqVrEWqedcaoE+NQ4Z9xk3xFURiujRKMbUj1b+Nh8Bo+9UCmT9S2lbUZ9e+ycmmEnMGpHmrO9qhqX8MbX0QqxN03WocdU0eCmOPOQ==~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
last-modified: Fri, 12 Jun 2020 16:28:15 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: no-transform, max-age=502509
server-timing: cdn-cache; desc=HIT edge; dur=1
content-length: 12662
expires: Tue, 01 Jun 2021 16:30:05 GMT

GET
H2 200 alex-300x230.png
www.mcafee.com/wp-content/uploads/2018/07/ 23 KB
23 KB 39ms
38ms Image
image/webp 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2018/07/alex-300x230.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

58487229acbf98441ad9647e373151ce4c0e6bfb7400b6e6723d4dd027f7f20f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2018/07/alex-300x230.png
pragma: no-cache
cookie: _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAokM6p15AQAAnnl1qgXFt9FAqI8wC40oyRoCCestQBVlWmDUFnxFXZQ82xpFI8cjP5sAp0XaF829PnS7blfrTFMJi7GCsMj2y4eEGpUl2PVkMjGG4suHaK9FIukF+SxaPYhCrCn4Yh0wrhHauF6xOrxvB8zLiGIqCLxgRBg2nBTQYgzQn0biFVva+IcIRrGUW56kc1ETi+qYod7nQNfE2GAx4u+FUPbzGLdABD2LJlCWwJoGWxXhDgmdXZAWc3CAEaQXMlBJj1Z5vFBizGkUCw/XiYcWd2EUlrqVrEWqedcaoE+NQ4Z9xk3xFURiujRKMbUj1b+Nh8Bo+9UCmT9S2lbUZ9e+ycmmEnMGpHmrO9qhqX8MbX0QqxN03WocdU0eCmOPOQ==~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
last-modified: Thu, 03 Sep 2020 00:07:08 GMT
x-serial: 1479
strict-transport-security: max-age=31536000
content-type: image/webp
x-check-cacheable: YES
cache-control: no-transform, max-age=631508
server-timing: cdn-cache; desc=HIT edge; dur=1
content-length: 23362
server: Akamai Image Manager
expires: Thu, 03 Jun 2021 04:20:04 GMT

GET
H2 200 Hashes-1.png
www.mcafee.com/wp-content/uploads/2019/11/ 4 KB
4 KB 32ms
32ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/Hashes-1.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

f021b093792378520f10a14c5af1ead78ef59cf13eacd26c7c6c1b2c8dfd2555

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/Hashes-1.png
pragma: no-cache
cookie: _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAokM6p15AQAAnnl1qgXFt9FAqI8wC40oyRoCCestQBVlWmDUFnxFXZQ82xpFI8cjP5sAp0XaF829PnS7blfrTFMJi7GCsMj2y4eEGpUl2PVkMjGG4suHaK9FIukF+SxaPYhCrCn4Yh0wrhHauF6xOrxvB8zLiGIqCLxgRBg2nBTQYgzQn0biFVva+IcIRrGUW56kc1ETi+qYod7nQNfE2GAx4u+FUPbzGLdABD2LJlCWwJoGWxXhDgmdXZAWc3CAEaQXMlBJj1Z5vFBizGkUCw/XiYcWd2EUlrqVrEWqedcaoE+NQ4Z9xk3xFURiujRKMbUj1b+Nh8Bo+9UCmT9S2lbUZ9e+ycmmEnMGpHmrO9qhqX8MbX0QqxN03WocdU0eCmOPOQ==~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
last-modified: Thu, 24 Sep 2020 03:59:40 GMT
x-serial: 528
strict-transport-security: max-age=31536000
content-type: image/png
x-check-cacheable: YES
cache-control: no-transform, max-age=762671
server-timing: cdn-cache; desc=HIT edge; dur=1
content-length: 3657
server: Akamai Image Manager
expires: Fri, 04 Jun 2021 16:46:07 GMT

GET
H2 200 2.png
www.mcafee.com/wp-content/uploads/2019/11/ 34 KB
34 KB 655ms
654ms Image
image/webp 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/2.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

a1c28adb89058602ad520c2ba6d59564c91fe64597379a0144df77d23ed8fc8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/2.png
pragma: no-cache
cookie: _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAokM6p15AQAAnnl1qgXFt9FAqI8wC40oyRoCCestQBVlWmDUFnxFXZQ82xpFI8cjP5sAp0XaF829PnS7blfrTFMJi7GCsMj2y4eEGpUl2PVkMjGG4suHaK9FIukF+SxaPYhCrCn4Yh0wrhHauF6xOrxvB8zLiGIqCLxgRBg2nBTQYgzQn0biFVva+IcIRrGUW56kc1ETi+qYod7nQNfE2GAx4u+FUPbzGLdABD2LJlCWwJoGWxXhDgmdXZAWc3CAEaQXMlBJj1Z5vFBizGkUCw/XiYcWd2EUlrqVrEWqedcaoE+NQ4Z9xk3xFURiujRKMbUj1b+Nh8Bo+9UCmT9S2lbUZ9e+ycmmEnMGpHmrO9qhqX8MbX0QqxN03WocdU0eCmOPOQ==~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
last-modified: Sat, 13 Feb 2021 09:08:05 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: no-transform, max-age=810195
server-timing: cdn-cache; desc=HIT edge; dur=619
content-length: 34784
expires: Sat, 05 Jun 2021 05:58:11 GMT

GET
H2 200 3.png
www.mcafee.com/wp-content/uploads/2019/11/ 35 KB
35 KB 739ms
738ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/3.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

b5fc0b1307395cb8aab403b9447971f9ad14713146384776b2122b3df014a24a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/3.png
pragma: no-cache
cookie: _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAokM6p15AQAAnnl1qgXFt9FAqI8wC40oyRoCCestQBVlWmDUFnxFXZQ82xpFI8cjP5sAp0XaF829PnS7blfrTFMJi7GCsMj2y4eEGpUl2PVkMjGG4suHaK9FIukF+SxaPYhCrCn4Yh0wrhHauF6xOrxvB8zLiGIqCLxgRBg2nBTQYgzQn0biFVva+IcIRrGUW56kc1ETi+qYod7nQNfE2GAx4u+FUPbzGLdABD2LJlCWwJoGWxXhDgmdXZAWc3CAEaQXMlBJj1Z5vFBizGkUCw/XiYcWd2EUlrqVrEWqedcaoE+NQ4Z9xk3xFURiujRKMbUj1b+Nh8Bo+9UCmT9S2lbUZ9e+ycmmEnMGpHmrO9qhqX8MbX0QqxN03WocdU0eCmOPOQ==~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
last-modified: Mon, 08 Mar 2021 08:27:40 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=521473
server-timing: cdn-cache; desc=HIT edge; dur=695
content-length: 35945
expires: Tue, 01 Jun 2021 21:46:09 GMT

GET
H2 200 4.png
www.mcafee.com/wp-content/uploads/2019/11/ 43 KB
43 KB 1163ms
1163ms Image
image/webp 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/4.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

dfb119d2a4d88b2844f62b2aee6b369989685b7b1ac0411c42310f52e3f0ed5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/4.png
pragma: no-cache
cookie: _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAokM6p15AQAAnnl1qgXFt9FAqI8wC40oyRoCCestQBVlWmDUFnxFXZQ82xpFI8cjP5sAp0XaF829PnS7blfrTFMJi7GCsMj2y4eEGpUl2PVkMjGG4suHaK9FIukF+SxaPYhCrCn4Yh0wrhHauF6xOrxvB8zLiGIqCLxgRBg2nBTQYgzQn0biFVva+IcIRrGUW56kc1ETi+qYod7nQNfE2GAx4u+FUPbzGLdABD2LJlCWwJoGWxXhDgmdXZAWc3CAEaQXMlBJj1Z5vFBizGkUCw/XiYcWd2EUlrqVrEWqedcaoE+NQ4Z9xk3xFURiujRKMbUj1b+Nh8Bo+9UCmT9S2lbUZ9e+ycmmEnMGpHmrO9qhqX8MbX0QqxN03WocdU0eCmOPOQ==~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:57 GMT
last-modified: Sun, 24 Jan 2021 12:00:28 GMT
x-serial: 1871
strict-transport-security: max-age=31536000
content-type: image/webp
x-check-cacheable: YES
cache-control: no-transform, max-age=1775212
server-timing: cdn-cache; desc=MISS edge; dur=789 origin; dur=325
content-length: 43950
server: Akamai Image Manager
expires: Wed, 16 Jun 2021 10:01:49 GMT

GET
H2 200 5.png
www.mcafee.com/wp-content/uploads/2019/11/ 4 KB
4 KB 514ms
514ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/5.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

5045ff36c57d31ba784e8a9854d16e1addcbbf7e3da88a4a1af483a62d62d172

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/5.png
pragma: no-cache
cookie: _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAokM6p15AQAAnnl1qgXFt9FAqI8wC40oyRoCCestQBVlWmDUFnxFXZQ82xpFI8cjP5sAp0XaF829PnS7blfrTFMJi7GCsMj2y4eEGpUl2PVkMjGG4suHaK9FIukF+SxaPYhCrCn4Yh0wrhHauF6xOrxvB8zLiGIqCLxgRBg2nBTQYgzQn0biFVva+IcIRrGUW56kc1ETi+qYod7nQNfE2GAx4u+FUPbzGLdABD2LJlCWwJoGWxXhDgmdXZAWc3CAEaQXMlBJj1Z5vFBizGkUCw/XiYcWd2EUlrqVrEWqedcaoE+NQ4Z9xk3xFURiujRKMbUj1b+Nh8Bo+9UCmT9S2lbUZ9e+ycmmEnMGpHmrO9qhqX8MbX0QqxN03WocdU0eCmOPOQ==~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
last-modified: Tue, 11 May 2021 04:33:37 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=1237159
server-timing: cdn-cache; desc=HIT edge; dur=460
content-length: 3908
expires: Thu, 10 Jun 2021 04:34:15 GMT

GET
H2 200 6.png
www.mcafee.com/wp-content/uploads/2019/11/ 7 KB
7 KB 2322ms
2321ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/6.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

0bd3cd573f1d8fa35bcee9b239ad6543b11c59f0bcc178b035b0b6d79b1b1aec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/6.png
pragma: no-cache
cookie: _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAokM6p15AQAAnnl1qgXFt9FAqI8wC40oyRoCCestQBVlWmDUFnxFXZQ82xpFI8cjP5sAp0XaF829PnS7blfrTFMJi7GCsMj2y4eEGpUl2PVkMjGG4suHaK9FIukF+SxaPYhCrCn4Yh0wrhHauF6xOrxvB8zLiGIqCLxgRBg2nBTQYgzQn0biFVva+IcIRrGUW56kc1ETi+qYod7nQNfE2GAx4u+FUPbzGLdABD2LJlCWwJoGWxXhDgmdXZAWc3CAEaQXMlBJj1Z5vFBizGkUCw/XiYcWd2EUlrqVrEWqedcaoE+NQ4Z9xk3xFURiujRKMbUj1b+Nh8Bo+9UCmT9S2lbUZ9e+ycmmEnMGpHmrO9qhqX8MbX0QqxN03WocdU0eCmOPOQ==~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:58 GMT
last-modified: Mon, 15 Feb 2021 07:02:25 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=1347621
server-timing: cdn-cache; desc=REVALIDATE edge; dur=1892 origin; dur=375
content-length: 6936
expires: Fri, 11 Jun 2021 11:15:19 GMT

GET
H2 200 7.png
www.mcafee.com/wp-content/uploads/2019/11/ 9 KB
9 KB 647ms
646ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/7.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

9e5852cf776d9607919391e12192ad3fb80e1a81d32cd01d8180b99352d1d660

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/7.png
pragma: no-cache
cookie: _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAokM6p15AQAAnnl1qgXFt9FAqI8wC40oyRoCCestQBVlWmDUFnxFXZQ82xpFI8cjP5sAp0XaF829PnS7blfrTFMJi7GCsMj2y4eEGpUl2PVkMjGG4suHaK9FIukF+SxaPYhCrCn4Yh0wrhHauF6xOrxvB8zLiGIqCLxgRBg2nBTQYgzQn0biFVva+IcIRrGUW56kc1ETi+qYod7nQNfE2GAx4u+FUPbzGLdABD2LJlCWwJoGWxXhDgmdXZAWc3CAEaQXMlBJj1Z5vFBizGkUCw/XiYcWd2EUlrqVrEWqedcaoE+NQ4Z9xk3xFURiujRKMbUj1b+Nh8Bo+9UCmT9S2lbUZ9e+ycmmEnMGpHmrO9qhqX8MbX0QqxN03WocdU0eCmOPOQ==~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
last-modified: Sun, 09 May 2021 21:24:46 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=1125012
server-timing: cdn-cache; desc=HIT edge; dur=596
content-length: 8952
expires: Tue, 08 Jun 2021 21:25:08 GMT

GET
H2 200 8.png
www.mcafee.com/wp-content/uploads/2019/11/ 4 KB
4 KB 487ms
485ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/8.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

1b35f88d28f2f2d3c6f0c27cb98c2defca1d1b6f9c85ff293d7aaad30a46aaec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/8.png
pragma: no-cache
cookie: bm_sz=3943293BC7E816B6C516DD97221A3B2C~YAAQbrsQAo0M6p15AQAAa3p1qgtfBJSSiRYVhard7ySKDNJ94kxj8muCEdvK8H2x5iOvVucaGfMD7XReHLRe6U4QkRBCeQ+V3lBlDQ1Jos5eLhVBZuiCT+atZuBwA/1uARN8mDZG2DX5zzdAMcymnEWxArsSvshsfVnjkeLZFHK49KClBdHHKG4j8T7Lk7wl; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAo4M6p15AQAAa3p1qgUESSM9rXm/qC5pgFUhUbu/3Waq8Oomrn/Zy/2bv5bncf/kbcFSOQj/6r1XjF8CGIeQ1+ptc8XuNeCRQSuOGQNjBwQ60JEHcsQjcK5o3ykcnY3zQHQNieh1t7ljAKrPC8S3NI9aqDBR1sGC9RR67kWmyF9FPu2ZmR82NJu48RghRZokUeyLNxnh5HfOqxnItozNsPSp2JbBndRaipNlCNM539cjCZcaWrnmBviyYVu6I1FBZpHZZnNE1UGy+/i6VaXUvwAUbSTPdt07H/HNllLtMP28/SMbaPhCbXL2u/9xGVzomh8hRkG28YB7pV4dAGt0nORF44TkwQY1Br59kb34ZalyKzqCbB188m3ndSBar7MQi/K87g==~-1~-1~-1; RT="z=1&dm=mcafee.com&si=ca9f7b13-2a01-4aa7-9a01-e323be6c3ad3&ss=kp5y4n4n&sl=0&tt=0&bcn=%2F%2F686eb51b.akstat.io%2F"; _fbp=fb.1.1622062496567.2061090722; AMCVS_A729776A5245B1590A490D44%40AdobeOrg=1; AMCV_A729776A5245B1590A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C18774%7CMCMID%7C13158920519591245840188672693979582525%7CMCAAMLH-1622667296%7C6%7CMCAAMB-1622667296%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1622069696s%7CNONE%7CvVersion%7C4.6.0; run_fs_for_user=false; utag_main=v_id:0179aa757b43000a50b18c08f5a100072006206a00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1622064296579$ses_id:1622062496579%3Bexp-session$vapi_domain:mcafee.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:57 GMT
last-modified: Thu, 15 Apr 2021 11:10:53 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=1354819
server-timing: cdn-cache; desc=HIT edge; dur=452
content-length: 3944
expires: Fri, 11 Jun 2021 13:15:16 GMT

GET
H2 200 9.png
www.mcafee.com/wp-content/uploads/2019/11/ 4 KB
4 KB 420ms
420ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/9.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

20d3a05e484016c8a90008fd9ebc82e0244b3ffb24015917b4a4a4db824db156

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/9.png
pragma: no-cache
cookie: bm_sz=3943293BC7E816B6C516DD97221A3B2C~YAAQbrsQAo0M6p15AQAAa3p1qgtfBJSSiRYVhard7ySKDNJ94kxj8muCEdvK8H2x5iOvVucaGfMD7XReHLRe6U4QkRBCeQ+V3lBlDQ1Jos5eLhVBZuiCT+atZuBwA/1uARN8mDZG2DX5zzdAMcymnEWxArsSvshsfVnjkeLZFHK49KClBdHHKG4j8T7Lk7wl; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAo4M6p15AQAAa3p1qgUESSM9rXm/qC5pgFUhUbu/3Waq8Oomrn/Zy/2bv5bncf/kbcFSOQj/6r1XjF8CGIeQ1+ptc8XuNeCRQSuOGQNjBwQ60JEHcsQjcK5o3ykcnY3zQHQNieh1t7ljAKrPC8S3NI9aqDBR1sGC9RR67kWmyF9FPu2ZmR82NJu48RghRZokUeyLNxnh5HfOqxnItozNsPSp2JbBndRaipNlCNM539cjCZcaWrnmBviyYVu6I1FBZpHZZnNE1UGy+/i6VaXUvwAUbSTPdt07H/HNllLtMP28/SMbaPhCbXL2u/9xGVzomh8hRkG28YB7pV4dAGt0nORF44TkwQY1Br59kb34ZalyKzqCbB188m3ndSBar7MQi/K87g==~-1~-1~-1; RT="z=1&dm=mcafee.com&si=ca9f7b13-2a01-4aa7-9a01-e323be6c3ad3&ss=kp5y4n4n&sl=0&tt=0&bcn=%2F%2F686eb51b.akstat.io%2F"; _fbp=fb.1.1622062496567.2061090722; AMCVS_A729776A5245B1590A490D44%40AdobeOrg=1; run_fs_for_user=false; utag_main=v_id:0179aa757b43000a50b18c08f5a100072006206a00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1622064296579$ses_id:1622062496579%3Bexp-session$vapi_domain:mcafee.com; s_ecid=MCMID%7C13158920519591245840188672693979582525; AMCV_A729776A5245B1590A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C18774%7CMCMID%7C13158920519591245840188672693979582525%7CMCAAMLH-1622667296%7C6%7CMCAAMB-1622667296%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1622069696s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C4.6.0; s_nr=1622062496820-New; s_gpv=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cburan-ransomware-the-evolution-of-vegalocker; s_cc=true; _gcl_au=1.1.2132358590.1622062497; _ga=GA1.2.1270127944.1622062497; _gid=GA1.2.1219848794.1622062497; _gat_gtag_UA_35949610_14=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:57 GMT
last-modified: Tue, 06 Apr 2021 06:03:13 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=631580
server-timing: cdn-cache; desc=HIT edge; dur=387
content-length: 3659
expires: Thu, 03 Jun 2021 04:21:17 GMT

GET
H2 200 10.png
www.mcafee.com/wp-content/uploads/2019/11/ 17 KB
17 KB 701ms
701ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/10.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

edc71eb4258cbacd60278d3bf5fac4e772d6b7e6f5c43b8696f527c1e680e40c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/10.png
pragma: no-cache
cookie: bm_sz=3943293BC7E816B6C516DD97221A3B2C~YAAQbrsQAo0M6p15AQAAa3p1qgtfBJSSiRYVhard7ySKDNJ94kxj8muCEdvK8H2x5iOvVucaGfMD7XReHLRe6U4QkRBCeQ+V3lBlDQ1Jos5eLhVBZuiCT+atZuBwA/1uARN8mDZG2DX5zzdAMcymnEWxArsSvshsfVnjkeLZFHK49KClBdHHKG4j8T7Lk7wl; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAo4M6p15AQAAa3p1qgUESSM9rXm/qC5pgFUhUbu/3Waq8Oomrn/Zy/2bv5bncf/kbcFSOQj/6r1XjF8CGIeQ1+ptc8XuNeCRQSuOGQNjBwQ60JEHcsQjcK5o3ykcnY3zQHQNieh1t7ljAKrPC8S3NI9aqDBR1sGC9RR67kWmyF9FPu2ZmR82NJu48RghRZokUeyLNxnh5HfOqxnItozNsPSp2JbBndRaipNlCNM539cjCZcaWrnmBviyYVu6I1FBZpHZZnNE1UGy+/i6VaXUvwAUbSTPdt07H/HNllLtMP28/SMbaPhCbXL2u/9xGVzomh8hRkG28YB7pV4dAGt0nORF44TkwQY1Br59kb34ZalyKzqCbB188m3ndSBar7MQi/K87g==~-1~-1~-1; RT="z=1&dm=mcafee.com&si=ca9f7b13-2a01-4aa7-9a01-e323be6c3ad3&ss=kp5y4n4n&sl=0&tt=0&bcn=%2F%2F686eb51b.akstat.io%2F"; _fbp=fb.1.1622062496567.2061090722; AMCVS_A729776A5245B1590A490D44%40AdobeOrg=1; run_fs_for_user=false; utag_main=v_id:0179aa757b43000a50b18c08f5a100072006206a00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1622064296579$ses_id:1622062496579%3Bexp-session$vapi_domain:mcafee.com; s_ecid=MCMID%7C13158920519591245840188672693979582525; AMCV_A729776A5245B1590A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C18774%7CMCMID%7C13158920519591245840188672693979582525%7CMCAAMLH-1622667296%7C6%7CMCAAMB-1622667296%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1622069696s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C4.6.0; s_nr=1622062496820-New; s_gpv=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cburan-ransomware-the-evolution-of-vegalocker; s_cc=true; _gcl_au=1.1.2132358590.1622062497; _ga=GA1.2.1270127944.1622062497; _gid=GA1.2.1219848794.1622062497; _gat_gtag_UA_35949610_14=1; _uetsid=a0e33600be6411ebaa75a7cc295eba60; _uetvid=a0e36160be6411ebb7153db265205953
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:57 GMT
last-modified: Tue, 24 Nov 2020 16:36:02 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=1107395
server-timing: cdn-cache; desc=HIT edge; dur=668
content-length: 17572
expires: Tue, 08 Jun 2021 16:31:32 GMT

GET
H2 200 11.png
www.mcafee.com/wp-content/uploads/2019/11/ 42 KB
43 KB 686ms
686ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/11.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

cfcefccb259075f21d178ee29f4bfd1c7ee14b5276e49b1faa9714fea3335e8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/11.png
pragma: no-cache
cookie: bm_sz=3943293BC7E816B6C516DD97221A3B2C~YAAQbrsQAo0M6p15AQAAa3p1qgtfBJSSiRYVhard7ySKDNJ94kxj8muCEdvK8H2x5iOvVucaGfMD7XReHLRe6U4QkRBCeQ+V3lBlDQ1Jos5eLhVBZuiCT+atZuBwA/1uARN8mDZG2DX5zzdAMcymnEWxArsSvshsfVnjkeLZFHK49KClBdHHKG4j8T7Lk7wl; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAo4M6p15AQAAa3p1qgUESSM9rXm/qC5pgFUhUbu/3Waq8Oomrn/Zy/2bv5bncf/kbcFSOQj/6r1XjF8CGIeQ1+ptc8XuNeCRQSuOGQNjBwQ60JEHcsQjcK5o3ykcnY3zQHQNieh1t7ljAKrPC8S3NI9aqDBR1sGC9RR67kWmyF9FPu2ZmR82NJu48RghRZokUeyLNxnh5HfOqxnItozNsPSp2JbBndRaipNlCNM539cjCZcaWrnmBviyYVu6I1FBZpHZZnNE1UGy+/i6VaXUvwAUbSTPdt07H/HNllLtMP28/SMbaPhCbXL2u/9xGVzomh8hRkG28YB7pV4dAGt0nORF44TkwQY1Br59kb34ZalyKzqCbB188m3ndSBar7MQi/K87g==~-1~-1~-1; RT="z=1&dm=mcafee.com&si=ca9f7b13-2a01-4aa7-9a01-e323be6c3ad3&ss=kp5y4n4n&sl=0&tt=0&bcn=%2F%2F686eb51b.akstat.io%2F"; _fbp=fb.1.1622062496567.2061090722; AMCVS_A729776A5245B1590A490D44%40AdobeOrg=1; run_fs_for_user=false; utag_main=v_id:0179aa757b43000a50b18c08f5a100072006206a00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1622064296579$ses_id:1622062496579%3Bexp-session$vapi_domain:mcafee.com; s_ecid=MCMID%7C13158920519591245840188672693979582525; s_gpv=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cburan-ransomware-the-evolution-of-vegalocker; s_cc=true; _gcl_au=1.1.2132358590.1622062497; _ga=GA1.2.1270127944.1622062497; _gid=GA1.2.1219848794.1622062497; _gat_gtag_UA_35949610_14=1; _uetsid=a0e33600be6411ebaa75a7cc295eba60; _uetvid=a0e36160be6411ebb7153db265205953; AMCV_A729776A5245B1590A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C18774%7CMCMID%7C13158920519591245840188672693979582525%7CMCAAMLH-1622667296%7C6%7CMCAAMB-1622667296%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1622069696s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18781%7CvVersion%7C4.6.0; s_nr=1622062497265-New; gpv=other-blogs%3Amcafee-labs%3Aburan-ransomware-the-evolution-of-vegalocker; tp=11733; s_ppv=other-blogs%253Amcafee-labs%253Aburan-ransomware-the-evolution-of-vegalocker%2C10%2C10%2C1200; __adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:57 GMT
last-modified: Sat, 12 Sep 2020 21:25:48 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=1696643
server-timing: cdn-cache; desc=HIT edge; dur=651
content-length: 43488
expires: Tue, 15 Jun 2021 12:12:20 GMT

GET
H2 200 12.png
www.mcafee.com/wp-content/uploads/2019/11/ 57 KB
58 KB 770ms
769ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/12.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

9d02130354c54670b25a58272f8b765b34fb714010bff5b43dff7f6b1e06a908

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/12.png
pragma: no-cache
cookie: bm_sz=3943293BC7E816B6C516DD97221A3B2C~YAAQbrsQAo0M6p15AQAAa3p1qgtfBJSSiRYVhard7ySKDNJ94kxj8muCEdvK8H2x5iOvVucaGfMD7XReHLRe6U4QkRBCeQ+V3lBlDQ1Jos5eLhVBZuiCT+atZuBwA/1uARN8mDZG2DX5zzdAMcymnEWxArsSvshsfVnjkeLZFHK49KClBdHHKG4j8T7Lk7wl; RT="z=1&dm=mcafee.com&si=ca9f7b13-2a01-4aa7-9a01-e323be6c3ad3&ss=kp5y4n4n&sl=0&tt=0&bcn=%2F%2F686eb51b.akstat.io%2F"; _fbp=fb.1.1622062496567.2061090722; AMCVS_A729776A5245B1590A490D44%40AdobeOrg=1; run_fs_for_user=false; utag_main=v_id:0179aa757b43000a50b18c08f5a100072006206a00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1622064296579$ses_id:1622062496579%3Bexp-session$vapi_domain:mcafee.com; s_ecid=MCMID%7C13158920519591245840188672693979582525; s_gpv=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cburan-ransomware-the-evolution-of-vegalocker; s_cc=true; _gcl_au=1.1.2132358590.1622062497; _ga=GA1.2.1270127944.1622062497; _gid=GA1.2.1219848794.1622062497; _gat_gtag_UA_35949610_14=1; _uetsid=a0e33600be6411ebaa75a7cc295eba60; _uetvid=a0e36160be6411ebb7153db265205953; AMCV_A729776A5245B1590A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C18774%7CMCMID%7C13158920519591245840188672693979582525%7CMCAAMLH-1622667296%7C6%7CMCAAMB-1622667296%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1622069696s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18781%7CvVersion%7C4.6.0; s_nr=1622062497265-New; gpv=other-blogs%3Amcafee-labs%3Aburan-ransomware-the-evolution-of-vegalocker; tp=11733; s_ppv=other-blogs%253Amcafee-labs%253Aburan-ransomware-the-evolution-of-vegalocker%2C10%2C10%2C1200; __adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275; __ar_v4=%7CBSO3ZR5BDRHVJEQK4OCMRI%3A20210525%3A1%7CXMT6NB3COJHGRLXR3MMYZ4%3A20210525%3A1; __qca=P0-166225625-1622062497126; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQApwM6p15AQAAIn51qgXLJNw9q7a5s9jLuJwfioJEPwO+b3RzwO5LKwRBWEzcEnmifBqBRRQfyZ9MkNB4gej9TfKBSG8nxFs1nUUNgJ7N6uSNpn7wQX1lC4JhMeAOnELj7mgzCTm06/nea+spDUG+unOd6loHAO14jRRWtpgfE5lwGKl2sDjSS2MdbRjI1HszBMeb9w9Bjdqa7xmtZCK5aBF0kMMGc+Kg7WAfpRbUduTLkgMtepJq64bqbiZFthYkHPTdHRRNfohBhPxd3E3lqTk+xbHzpQ3Yau2yL2TEj7gUmhXQCVIhLoRqWbi2MSEbG+LVsdg7iErgMWCHOQanulLXc/mEFNXRMCb8CWtTD/XGvCq6q7iF5dE8lIgo0WR349+Xig==~-1~||1-twPajWasvJ-1-10-1000-2||~-1; Target_Test=seg%3D13216020%2C13216019%2C13216018%2C13216017%2C13306012%2C13306015%2C13306029%2C13306030%2C13306033%2C13306034%2C13306035%2C13306037%2C13306040; aam_uuid=18372740443827920210694679194462571264
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:58 GMT
last-modified: Mon, 21 Dec 2020 07:15:30 GMT
x-serial: 1369
strict-transport-security: max-age=31536000
content-type: image/png
x-check-cacheable: YES
cache-control: no-transform, max-age=1107453
server-timing: cdn-cache; desc=MISS edge; dur=506 origin; dur=229
content-length: 58664
server: Akamai Image Manager
expires: Tue, 08 Jun 2021 16:32:31 GMT

GET
H2 200 13.png
www.mcafee.com/wp-content/uploads/2019/11/ 58 KB
59 KB 864ms
864ms Image
image/webp 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/13.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

f8ccb4c83640db84fca4261e48d1bff8719ec8be545425d1a27177c39b2f4b20

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/13.png
pragma: no-cache
cookie: bm_sz=3943293BC7E816B6C516DD97221A3B2C~YAAQbrsQAo0M6p15AQAAa3p1qgtfBJSSiRYVhard7ySKDNJ94kxj8muCEdvK8H2x5iOvVucaGfMD7XReHLRe6U4QkRBCeQ+V3lBlDQ1Jos5eLhVBZuiCT+atZuBwA/1uARN8mDZG2DX5zzdAMcymnEWxArsSvshsfVnjkeLZFHK49KClBdHHKG4j8T7Lk7wl; RT="z=1&dm=mcafee.com&si=ca9f7b13-2a01-4aa7-9a01-e323be6c3ad3&ss=kp5y4n4n&sl=0&tt=0&bcn=%2F%2F686eb51b.akstat.io%2F"; _fbp=fb.1.1622062496567.2061090722; AMCVS_A729776A5245B1590A490D44%40AdobeOrg=1; run_fs_for_user=false; utag_main=v_id:0179aa757b43000a50b18c08f5a100072006206a00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1622064296579$ses_id:1622062496579%3Bexp-session$vapi_domain:mcafee.com; s_ecid=MCMID%7C13158920519591245840188672693979582525; s_gpv=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cburan-ransomware-the-evolution-of-vegalocker; s_cc=true; _gcl_au=1.1.2132358590.1622062497; _ga=GA1.2.1270127944.1622062497; _gid=GA1.2.1219848794.1622062497; _gat_gtag_UA_35949610_14=1; _uetsid=a0e33600be6411ebaa75a7cc295eba60; _uetvid=a0e36160be6411ebb7153db265205953; AMCV_A729776A5245B1590A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C18774%7CMCMID%7C13158920519591245840188672693979582525%7CMCAAMLH-1622667296%7C6%7CMCAAMB-1622667296%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1622069696s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18781%7CvVersion%7C4.6.0; s_nr=1622062497265-New; gpv=other-blogs%3Amcafee-labs%3Aburan-ransomware-the-evolution-of-vegalocker; tp=11733; s_ppv=other-blogs%253Amcafee-labs%253Aburan-ransomware-the-evolution-of-vegalocker%2C10%2C10%2C1200; __adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275; __ar_v4=%7CBSO3ZR5BDRHVJEQK4OCMRI%3A20210525%3A1%7CXMT6NB3COJHGRLXR3MMYZ4%3A20210525%3A1; __qca=P0-166225625-1622062497126; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQApwM6p15AQAAIn51qgXLJNw9q7a5s9jLuJwfioJEPwO+b3RzwO5LKwRBWEzcEnmifBqBRRQfyZ9MkNB4gej9TfKBSG8nxFs1nUUNgJ7N6uSNpn7wQX1lC4JhMeAOnELj7mgzCTm06/nea+spDUG+unOd6loHAO14jRRWtpgfE5lwGKl2sDjSS2MdbRjI1HszBMeb9w9Bjdqa7xmtZCK5aBF0kMMGc+Kg7WAfpRbUduTLkgMtepJq64bqbiZFthYkHPTdHRRNfohBhPxd3E3lqTk+xbHzpQ3Yau2yL2TEj7gUmhXQCVIhLoRqWbi2MSEbG+LVsdg7iErgMWCHOQanulLXc/mEFNXRMCb8CWtTD/XGvCq6q7iF5dE8lIgo0WR349+Xig==~-1~||1-twPajWasvJ-1-10-1000-2||~-1; Target_Test=seg%3D13216020%2C13216019%2C13216018%2C13216017%2C13306012%2C13306015%2C13306029%2C13306030%2C13306033%2C13306034%2C13306035%2C13306037%2C13306040; aam_uuid=18372740443827920210694679194462571264
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:58 GMT
last-modified: Sat, 13 Feb 2021 18:26:27 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: no-transform, max-age=1107436
server-timing: cdn-cache; desc=HIT edge; dur=830
content-length: 59584
expires: Tue, 08 Jun 2021 16:32:14 GMT

GET
H2 200 14.png
www.mcafee.com/wp-content/uploads/2019/11/ 12 KB
13 KB 857ms
856ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/14.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

a8f64bbcd91eff200a2cdea47e6a4e6b8dc2b2efcb6013ac1d5f6623ca0091d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/14.png
pragma: no-cache
cookie: bm_sz=3943293BC7E816B6C516DD97221A3B2C~YAAQbrsQAo0M6p15AQAAa3p1qgtfBJSSiRYVhard7ySKDNJ94kxj8muCEdvK8H2x5iOvVucaGfMD7XReHLRe6U4QkRBCeQ+V3lBlDQ1Jos5eLhVBZuiCT+atZuBwA/1uARN8mDZG2DX5zzdAMcymnEWxArsSvshsfVnjkeLZFHK49KClBdHHKG4j8T7Lk7wl; RT="z=1&dm=mcafee.com&si=ca9f7b13-2a01-4aa7-9a01-e323be6c3ad3&ss=kp5y4n4n&sl=0&tt=0&bcn=%2F%2F686eb51b.akstat.io%2F"; _fbp=fb.1.1622062496567.2061090722; AMCVS_A729776A5245B1590A490D44%40AdobeOrg=1; run_fs_for_user=false; utag_main=v_id:0179aa757b43000a50b18c08f5a100072006206a00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1622064296579$ses_id:1622062496579%3Bexp-session$vapi_domain:mcafee.com; s_ecid=MCMID%7C13158920519591245840188672693979582525; s_gpv=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cburan-ransomware-the-evolution-of-vegalocker; s_cc=true; _gcl_au=1.1.2132358590.1622062497; _ga=GA1.2.1270127944.1622062497; _gid=GA1.2.1219848794.1622062497; _gat_gtag_UA_35949610_14=1; _uetsid=a0e33600be6411ebaa75a7cc295eba60; _uetvid=a0e36160be6411ebb7153db265205953; AMCV_A729776A5245B1590A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C18774%7CMCMID%7C13158920519591245840188672693979582525%7CMCAAMLH-1622667296%7C6%7CMCAAMB-1622667296%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1622069696s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18781%7CvVersion%7C4.6.0; s_nr=1622062497265-New; gpv=other-blogs%3Amcafee-labs%3Aburan-ransomware-the-evolution-of-vegalocker; tp=11733; s_ppv=other-blogs%253Amcafee-labs%253Aburan-ransomware-the-evolution-of-vegalocker%2C10%2C10%2C1200; __adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275; __ar_v4=%7CBSO3ZR5BDRHVJEQK4OCMRI%3A20210525%3A1%7CXMT6NB3COJHGRLXR3MMYZ4%3A20210525%3A1; __qca=P0-166225625-1622062497126; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQApwM6p15AQAAIn51qgXLJNw9q7a5s9jLuJwfioJEPwO+b3RzwO5LKwRBWEzcEnmifBqBRRQfyZ9MkNB4gej9TfKBSG8nxFs1nUUNgJ7N6uSNpn7wQX1lC4JhMeAOnELj7mgzCTm06/nea+spDUG+unOd6loHAO14jRRWtpgfE5lwGKl2sDjSS2MdbRjI1HszBMeb9w9Bjdqa7xmtZCK5aBF0kMMGc+Kg7WAfpRbUduTLkgMtepJq64bqbiZFthYkHPTdHRRNfohBhPxd3E3lqTk+xbHzpQ3Yau2yL2TEj7gUmhXQCVIhLoRqWbi2MSEbG+LVsdg7iErgMWCHOQanulLXc/mEFNXRMCb8CWtTD/XGvCq6q7iF5dE8lIgo0WR349+Xig==~-1~||1-twPajWasvJ-1-10-1000-2||~-1; Target_Test=seg%3D13216020%2C13216019%2C13216018%2C13216017%2C13306012%2C13306015%2C13306029%2C13306030%2C13306033%2C13306034%2C13306035%2C13306037%2C13306040; aam_uuid=18372740443827920210694679194462571264
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:58 GMT
last-modified: Sun, 04 Apr 2021 03:12:00 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=404525
server-timing: cdn-cache; desc=HIT edge; dur=823
content-length: 12735
expires: Mon, 31 May 2021 13:17:03 GMT

GET
H2 200 15.png
www.mcafee.com/wp-content/uploads/2019/11/ 5 KB
5 KB 581ms
580ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/15.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

3f98891b06b8c86917c1fa19e405f937312bb107e49821a8f7fb83746c324449

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/15.png
pragma: no-cache
cookie: bm_sz=3943293BC7E816B6C516DD97221A3B2C~YAAQbrsQAo0M6p15AQAAa3p1qgtfBJSSiRYVhard7ySKDNJ94kxj8muCEdvK8H2x5iOvVucaGfMD7XReHLRe6U4QkRBCeQ+V3lBlDQ1Jos5eLhVBZuiCT+atZuBwA/1uARN8mDZG2DX5zzdAMcymnEWxArsSvshsfVnjkeLZFHK49KClBdHHKG4j8T7Lk7wl; RT="z=1&dm=mcafee.com&si=ca9f7b13-2a01-4aa7-9a01-e323be6c3ad3&ss=kp5y4n4n&sl=0&tt=0&bcn=%2F%2F686eb51b.akstat.io%2F"; _fbp=fb.1.1622062496567.2061090722; AMCVS_A729776A5245B1590A490D44%40AdobeOrg=1; run_fs_for_user=false; utag_main=v_id:0179aa757b43000a50b18c08f5a100072006206a00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1622064296579$ses_id:1622062496579%3Bexp-session$vapi_domain:mcafee.com; s_ecid=MCMID%7C13158920519591245840188672693979582525; s_gpv=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cburan-ransomware-the-evolution-of-vegalocker; s_cc=true; _gcl_au=1.1.2132358590.1622062497; _ga=GA1.2.1270127944.1622062497; _gid=GA1.2.1219848794.1622062497; _gat_gtag_UA_35949610_14=1; _uetsid=a0e33600be6411ebaa75a7cc295eba60; _uetvid=a0e36160be6411ebb7153db265205953; AMCV_A729776A5245B1590A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C18774%7CMCMID%7C13158920519591245840188672693979582525%7CMCAAMLH-1622667296%7C6%7CMCAAMB-1622667296%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1622069696s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18781%7CvVersion%7C4.6.0; s_nr=1622062497265-New; gpv=other-blogs%3Amcafee-labs%3Aburan-ransomware-the-evolution-of-vegalocker; tp=11733; s_ppv=other-blogs%253Amcafee-labs%253Aburan-ransomware-the-evolution-of-vegalocker%2C10%2C10%2C1200; __adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275; __ar_v4=%7CBSO3ZR5BDRHVJEQK4OCMRI%3A20210525%3A1%7CXMT6NB3COJHGRLXR3MMYZ4%3A20210525%3A1; __qca=P0-166225625-1622062497126; Target_Test=seg%3D13216020%2C13216019%2C13216018%2C13216017%2C13306012%2C13306015%2C13306029%2C13306030%2C13306033%2C13306034%2C13306035%2C13306037%2C13306040; aam_uuid=18372740443827920210694679194462571264; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAqYM6p15AQAAIIB1qgUPFG8kr9kzc6fQqih7YGX6VCOvQ55g1x+ZynjMLIaGzexoZQYPHkGy6By9v96eXV72HpIZdyhtdZDRQeaIJFbXivUIWKvR0fZY3rv7WiErmDUjMlTEo+zj4xVS566Mr8xNGjjPNtSpXy3JAKnQpB9A0UZmFc4SETSfUqflXXceWVLDLK7p4Hox53HiyFb2rL4qK2J6xVHO6UXlpzYFZdgA2Kz3Bxs4/+iDjzgxC3VHN/GyOwBOGAKBRmX+BbFrHBzmlF9PgmSW77ooa7LTmPeKJGdXpd6BchELreOYKHH+0iTcPOOk6inuv1Jts9HGXnoymOG0XzdCzdc7dbp0H/B3rpmFluqtS1fivIItnFdRTP+jiuYuWw==~-1~||-1||~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:58 GMT
last-modified: Tue, 10 Nov 2020 17:23:27 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=2232306
server-timing: cdn-cache; desc=HIT edge; dur=547
content-length: 4853
expires: Mon, 21 Jun 2021 17:00:04 GMT

GET
H2 200 16.png
www.mcafee.com/wp-content/uploads/2019/11/ 12 KB
12 KB 577ms
576ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/16.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

b985ce795573bdf1c1d3389bfb630e2b333cbb2a30f7365e32a95328bc02dff5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/16.png
pragma: no-cache
cookie: bm_sz=3943293BC7E816B6C516DD97221A3B2C~YAAQbrsQAo0M6p15AQAAa3p1qgtfBJSSiRYVhard7ySKDNJ94kxj8muCEdvK8H2x5iOvVucaGfMD7XReHLRe6U4QkRBCeQ+V3lBlDQ1Jos5eLhVBZuiCT+atZuBwA/1uARN8mDZG2DX5zzdAMcymnEWxArsSvshsfVnjkeLZFHK49KClBdHHKG4j8T7Lk7wl; RT="z=1&dm=mcafee.com&si=ca9f7b13-2a01-4aa7-9a01-e323be6c3ad3&ss=kp5y4n4n&sl=0&tt=0&bcn=%2F%2F686eb51b.akstat.io%2F"; _fbp=fb.1.1622062496567.2061090722; AMCVS_A729776A5245B1590A490D44%40AdobeOrg=1; run_fs_for_user=false; utag_main=v_id:0179aa757b43000a50b18c08f5a100072006206a00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1622064296579$ses_id:1622062496579%3Bexp-session$vapi_domain:mcafee.com; s_ecid=MCMID%7C13158920519591245840188672693979582525; s_gpv=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cburan-ransomware-the-evolution-of-vegalocker; s_cc=true; _gcl_au=1.1.2132358590.1622062497; _ga=GA1.2.1270127944.1622062497; _gid=GA1.2.1219848794.1622062497; _gat_gtag_UA_35949610_14=1; _uetsid=a0e33600be6411ebaa75a7cc295eba60; _uetvid=a0e36160be6411ebb7153db265205953; AMCV_A729776A5245B1590A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C18774%7CMCMID%7C13158920519591245840188672693979582525%7CMCAAMLH-1622667296%7C6%7CMCAAMB-1622667296%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1622069696s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18781%7CvVersion%7C4.6.0; s_nr=1622062497265-New; gpv=other-blogs%3Amcafee-labs%3Aburan-ransomware-the-evolution-of-vegalocker; tp=11733; s_ppv=other-blogs%253Amcafee-labs%253Aburan-ransomware-the-evolution-of-vegalocker%2C10%2C10%2C1200; __adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275; __ar_v4=%7CBSO3ZR5BDRHVJEQK4OCMRI%3A20210525%3A1%7CXMT6NB3COJHGRLXR3MMYZ4%3A20210525%3A1; __qca=P0-166225625-1622062497126; Target_Test=seg%3D13216020%2C13216019%2C13216018%2C13216017%2C13306012%2C13306015%2C13306029%2C13306030%2C13306033%2C13306034%2C13306035%2C13306037%2C13306040; aam_uuid=18372740443827920210694679194462571264; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAqYM6p15AQAAIIB1qgUPFG8kr9kzc6fQqih7YGX6VCOvQ55g1x+ZynjMLIaGzexoZQYPHkGy6By9v96eXV72HpIZdyhtdZDRQeaIJFbXivUIWKvR0fZY3rv7WiErmDUjMlTEo+zj4xVS566Mr8xNGjjPNtSpXy3JAKnQpB9A0UZmFc4SETSfUqflXXceWVLDLK7p4Hox53HiyFb2rL4qK2J6xVHO6UXlpzYFZdgA2Kz3Bxs4/+iDjzgxC3VHN/GyOwBOGAKBRmX+BbFrHBzmlF9PgmSW77ooa7LTmPeKJGdXpd6BchELreOYKHH+0iTcPOOk6inuv1Jts9HGXnoymOG0XzdCzdc7dbp0H/B3rpmFluqtS1fivIItnFdRTP+jiuYuWw==~-1~||-1||~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:58 GMT
last-modified: Sun, 02 May 2021 21:45:24 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=521488
server-timing: cdn-cache; desc=HIT edge; dur=544
content-length: 12501
expires: Tue, 01 Jun 2021 21:46:26 GMT

GET
H2 200 17.png
www.mcafee.com/wp-content/uploads/2019/11/ 33 KB
34 KB 524ms
523ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/17.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

9cd70afe3b6dbf32327d6e35eadb54526e60b51d29bd50308a60e6e05223b4ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/17.png
pragma: no-cache
cookie: bm_sz=3943293BC7E816B6C516DD97221A3B2C~YAAQbrsQAo0M6p15AQAAa3p1qgtfBJSSiRYVhard7ySKDNJ94kxj8muCEdvK8H2x5iOvVucaGfMD7XReHLRe6U4QkRBCeQ+V3lBlDQ1Jos5eLhVBZuiCT+atZuBwA/1uARN8mDZG2DX5zzdAMcymnEWxArsSvshsfVnjkeLZFHK49KClBdHHKG4j8T7Lk7wl; RT="z=1&dm=mcafee.com&si=ca9f7b13-2a01-4aa7-9a01-e323be6c3ad3&ss=kp5y4n4n&sl=0&tt=0&bcn=%2F%2F686eb51b.akstat.io%2F"; _fbp=fb.1.1622062496567.2061090722; AMCVS_A729776A5245B1590A490D44%40AdobeOrg=1; run_fs_for_user=false; utag_main=v_id:0179aa757b43000a50b18c08f5a100072006206a00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1622064296579$ses_id:1622062496579%3Bexp-session$vapi_domain:mcafee.com; s_ecid=MCMID%7C13158920519591245840188672693979582525; s_gpv=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cburan-ransomware-the-evolution-of-vegalocker; s_cc=true; _gcl_au=1.1.2132358590.1622062497; _ga=GA1.2.1270127944.1622062497; _gid=GA1.2.1219848794.1622062497; _gat_gtag_UA_35949610_14=1; _uetsid=a0e33600be6411ebaa75a7cc295eba60; _uetvid=a0e36160be6411ebb7153db265205953; AMCV_A729776A5245B1590A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C18774%7CMCMID%7C13158920519591245840188672693979582525%7CMCAAMLH-1622667296%7C6%7CMCAAMB-1622667296%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1622069696s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18781%7CvVersion%7C4.6.0; s_nr=1622062497265-New; gpv=other-blogs%3Amcafee-labs%3Aburan-ransomware-the-evolution-of-vegalocker; tp=11733; s_ppv=other-blogs%253Amcafee-labs%253Aburan-ransomware-the-evolution-of-vegalocker%2C10%2C10%2C1200; __adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275; __ar_v4=%7CBSO3ZR5BDRHVJEQK4OCMRI%3A20210525%3A1%7CXMT6NB3COJHGRLXR3MMYZ4%3A20210525%3A1; __qca=P0-166225625-1622062497126; Target_Test=seg%3D13216020%2C13216019%2C13216018%2C13216017%2C13306012%2C13306015%2C13306029%2C13306030%2C13306033%2C13306034%2C13306035%2C13306037%2C13306040; aam_uuid=18372740443827920210694679194462571264; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAqYM6p15AQAAIIB1qgUPFG8kr9kzc6fQqih7YGX6VCOvQ55g1x+ZynjMLIaGzexoZQYPHkGy6By9v96eXV72HpIZdyhtdZDRQeaIJFbXivUIWKvR0fZY3rv7WiErmDUjMlTEo+zj4xVS566Mr8xNGjjPNtSpXy3JAKnQpB9A0UZmFc4SETSfUqflXXceWVLDLK7p4Hox53HiyFb2rL4qK2J6xVHO6UXlpzYFZdgA2Kz3Bxs4/+iDjzgxC3VHN/GyOwBOGAKBRmX+BbFrHBzmlF9PgmSW77ooa7LTmPeKJGdXpd6BchELreOYKHH+0iTcPOOk6inuv1Jts9HGXnoymOG0XzdCzdc7dbp0H/B3rpmFluqtS1fivIItnFdRTP+jiuYuWw==~-1~||-1||~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:58 GMT
last-modified: Thu, 29 Apr 2021 18:17:41 GMT
x-serial: 1996
strict-transport-security: max-age=31536000
content-type: image/png
x-check-cacheable: YES
cache-control: no-transform, max-age=249778
server-timing: cdn-cache; desc=MISS edge; dur=-368 origin; dur=857
content-length: 34276
server: Akamai Image Manager
expires: Sat, 29 May 2021 18:17:56 GMT

GET
H2 200 18.png
www.mcafee.com/wp-content/uploads/2019/11/ 2 KB
2 KB 606ms
606ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/18.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

6138f63ddb36010ea46df8e9c6f158fd9eac0b2ab58e8ee0c05f3d513f261cfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/18.png
pragma: no-cache
cookie: bm_sz=3943293BC7E816B6C516DD97221A3B2C~YAAQbrsQAo0M6p15AQAAa3p1qgtfBJSSiRYVhard7ySKDNJ94kxj8muCEdvK8H2x5iOvVucaGfMD7XReHLRe6U4QkRBCeQ+V3lBlDQ1Jos5eLhVBZuiCT+atZuBwA/1uARN8mDZG2DX5zzdAMcymnEWxArsSvshsfVnjkeLZFHK49KClBdHHKG4j8T7Lk7wl; RT="z=1&dm=mcafee.com&si=ca9f7b13-2a01-4aa7-9a01-e323be6c3ad3&ss=kp5y4n4n&sl=0&tt=0&bcn=%2F%2F686eb51b.akstat.io%2F"; _fbp=fb.1.1622062496567.2061090722; AMCVS_A729776A5245B1590A490D44%40AdobeOrg=1; run_fs_for_user=false; utag_main=v_id:0179aa757b43000a50b18c08f5a100072006206a00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1622064296579$ses_id:1622062496579%3Bexp-session$vapi_domain:mcafee.com; s_ecid=MCMID%7C13158920519591245840188672693979582525; s_gpv=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cburan-ransomware-the-evolution-of-vegalocker; s_cc=true; _gcl_au=1.1.2132358590.1622062497; _ga=GA1.2.1270127944.1622062497; _gid=GA1.2.1219848794.1622062497; _gat_gtag_UA_35949610_14=1; _uetsid=a0e33600be6411ebaa75a7cc295eba60; _uetvid=a0e36160be6411ebb7153db265205953; AMCV_A729776A5245B1590A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C18774%7CMCMID%7C13158920519591245840188672693979582525%7CMCAAMLH-1622667296%7C6%7CMCAAMB-1622667296%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1622069696s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18781%7CvVersion%7C4.6.0; s_nr=1622062497265-New; gpv=other-blogs%3Amcafee-labs%3Aburan-ransomware-the-evolution-of-vegalocker; tp=11733; s_ppv=other-blogs%253Amcafee-labs%253Aburan-ransomware-the-evolution-of-vegalocker%2C10%2C10%2C1200; __adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275; __ar_v4=%7CBSO3ZR5BDRHVJEQK4OCMRI%3A20210525%3A1%7CXMT6NB3COJHGRLXR3MMYZ4%3A20210525%3A1; __qca=P0-166225625-1622062497126; Target_Test=seg%3D13216020%2C13216019%2C13216018%2C13216017%2C13306012%2C13306015%2C13306029%2C13306030%2C13306033%2C13306034%2C13306035%2C13306037%2C13306040; aam_uuid=18372740443827920210694679194462571264; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAqYM6p15AQAAIIB1qgUPFG8kr9kzc6fQqih7YGX6VCOvQ55g1x+ZynjMLIaGzexoZQYPHkGy6By9v96eXV72HpIZdyhtdZDRQeaIJFbXivUIWKvR0fZY3rv7WiErmDUjMlTEo+zj4xVS566Mr8xNGjjPNtSpXy3JAKnQpB9A0UZmFc4SETSfUqflXXceWVLDLK7p4Hox53HiyFb2rL4qK2J6xVHO6UXlpzYFZdgA2Kz3Bxs4/+iDjzgxC3VHN/GyOwBOGAKBRmX+BbFrHBzmlF9PgmSW77ooa7LTmPeKJGdXpd6BchELreOYKHH+0iTcPOOk6inuv1Jts9HGXnoymOG0XzdCzdc7dbp0H/B3rpmFluqtS1fivIItnFdRTP+jiuYuWw==~-1~||-1||~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:59 GMT
last-modified: Fri, 14 May 2021 23:31:20 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=1564617
server-timing: cdn-cache; desc=HIT edge; dur=570
content-length: 1672
expires: Sun, 13 Jun 2021 23:31:56 GMT

GET
H2 200 19.png
www.mcafee.com/wp-content/uploads/2019/11/ 829 B
1 KB 468ms
467ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/19.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

f2e63e685395b6179bd3b99e991f0b5746af7c7d34066b1d42bef4e18fbf6720

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/19.png
pragma: no-cache
cookie: bm_sz=3943293BC7E816B6C516DD97221A3B2C~YAAQbrsQAo0M6p15AQAAa3p1qgtfBJSSiRYVhard7ySKDNJ94kxj8muCEdvK8H2x5iOvVucaGfMD7XReHLRe6U4QkRBCeQ+V3lBlDQ1Jos5eLhVBZuiCT+atZuBwA/1uARN8mDZG2DX5zzdAMcymnEWxArsSvshsfVnjkeLZFHK49KClBdHHKG4j8T7Lk7wl; RT="z=1&dm=mcafee.com&si=ca9f7b13-2a01-4aa7-9a01-e323be6c3ad3&ss=kp5y4n4n&sl=0&tt=0&bcn=%2F%2F686eb51b.akstat.io%2F"; _fbp=fb.1.1622062496567.2061090722; AMCVS_A729776A5245B1590A490D44%40AdobeOrg=1; run_fs_for_user=false; utag_main=v_id:0179aa757b43000a50b18c08f5a100072006206a00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1622064296579$ses_id:1622062496579%3Bexp-session$vapi_domain:mcafee.com; s_ecid=MCMID%7C13158920519591245840188672693979582525; s_gpv=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cburan-ransomware-the-evolution-of-vegalocker; s_cc=true; _gcl_au=1.1.2132358590.1622062497; _ga=GA1.2.1270127944.1622062497; _gid=GA1.2.1219848794.1622062497; _gat_gtag_UA_35949610_14=1; _uetsid=a0e33600be6411ebaa75a7cc295eba60; _uetvid=a0e36160be6411ebb7153db265205953; AMCV_A729776A5245B1590A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C18774%7CMCMID%7C13158920519591245840188672693979582525%7CMCAAMLH-1622667296%7C6%7CMCAAMB-1622667296%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1622069696s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18781%7CvVersion%7C4.6.0; s_nr=1622062497265-New; gpv=other-blogs%3Amcafee-labs%3Aburan-ransomware-the-evolution-of-vegalocker; tp=11733; s_ppv=other-blogs%253Amcafee-labs%253Aburan-ransomware-the-evolution-of-vegalocker%2C10%2C10%2C1200; __adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275; __ar_v4=%7CBSO3ZR5BDRHVJEQK4OCMRI%3A20210525%3A1%7CXMT6NB3COJHGRLXR3MMYZ4%3A20210525%3A1; __qca=P0-166225625-1622062497126; Target_Test=seg%3D13216020%2C13216019%2C13216018%2C13216017%2C13306012%2C13306015%2C13306029%2C13306030%2C13306033%2C13306034%2C13306035%2C13306037%2C13306040; aam_uuid=18372740443827920210694679194462571264; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAqYM6p15AQAAIIB1qgUPFG8kr9kzc6fQqih7YGX6VCOvQ55g1x+ZynjMLIaGzexoZQYPHkGy6By9v96eXV72HpIZdyhtdZDRQeaIJFbXivUIWKvR0fZY3rv7WiErmDUjMlTEo+zj4xVS566Mr8xNGjjPNtSpXy3JAKnQpB9A0UZmFc4SETSfUqflXXceWVLDLK7p4Hox53HiyFb2rL4qK2J6xVHO6UXlpzYFZdgA2Kz3Bxs4/+iDjzgxC3VHN/GyOwBOGAKBRmX+BbFrHBzmlF9PgmSW77ooa7LTmPeKJGdXpd6BchELreOYKHH+0iTcPOOk6inuv1Jts9HGXnoymOG0XzdCzdc7dbp0H/B3rpmFluqtS1fivIItnFdRTP+jiuYuWw==~-1~||-1||~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:59 GMT
last-modified: Sat, 12 Sep 2020 18:00:50 GMT
x-serial: 20
strict-transport-security: max-age=31536000
content-type: image/png
x-check-cacheable: YES
cache-control: no-transform, max-age=1696628
server-timing: cdn-cache; desc=MISS edge; dur=274 origin; dur=161
content-length: 829
server: Akamai Image Manager
expires: Tue, 15 Jun 2021 12:12:07 GMT

GET
H2 200 20.png
www.mcafee.com/wp-content/uploads/2019/11/ 953 B
1 KB 343ms
342ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/20.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

a6657a50b32fff305c83a9b68bead88b7df67d3021f9f6e236f5fad13ca58519

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/20.png
pragma: no-cache
cookie: bm_sz=3943293BC7E816B6C516DD97221A3B2C~YAAQbrsQAo0M6p15AQAAa3p1qgtfBJSSiRYVhard7ySKDNJ94kxj8muCEdvK8H2x5iOvVucaGfMD7XReHLRe6U4QkRBCeQ+V3lBlDQ1Jos5eLhVBZuiCT+atZuBwA/1uARN8mDZG2DX5zzdAMcymnEWxArsSvshsfVnjkeLZFHK49KClBdHHKG4j8T7Lk7wl; RT="z=1&dm=mcafee.com&si=ca9f7b13-2a01-4aa7-9a01-e323be6c3ad3&ss=kp5y4n4n&sl=0&tt=0&bcn=%2F%2F686eb51b.akstat.io%2F"; _fbp=fb.1.1622062496567.2061090722; AMCVS_A729776A5245B1590A490D44%40AdobeOrg=1; run_fs_for_user=false; utag_main=v_id:0179aa757b43000a50b18c08f5a100072006206a00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1622064296579$ses_id:1622062496579%3Bexp-session$vapi_domain:mcafee.com; s_ecid=MCMID%7C13158920519591245840188672693979582525; s_gpv=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cburan-ransomware-the-evolution-of-vegalocker; s_cc=true; _gcl_au=1.1.2132358590.1622062497; _ga=GA1.2.1270127944.1622062497; _gid=GA1.2.1219848794.1622062497; _gat_gtag_UA_35949610_14=1; _uetsid=a0e33600be6411ebaa75a7cc295eba60; _uetvid=a0e36160be6411ebb7153db265205953; AMCV_A729776A5245B1590A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C18774%7CMCMID%7C13158920519591245840188672693979582525%7CMCAAMLH-1622667296%7C6%7CMCAAMB-1622667296%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1622069696s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18781%7CvVersion%7C4.6.0; s_nr=1622062497265-New; gpv=other-blogs%3Amcafee-labs%3Aburan-ransomware-the-evolution-of-vegalocker; tp=11733; s_ppv=other-blogs%253Amcafee-labs%253Aburan-ransomware-the-evolution-of-vegalocker%2C10%2C10%2C1200; __adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275; __ar_v4=%7CBSO3ZR5BDRHVJEQK4OCMRI%3A20210525%3A1%7CXMT6NB3COJHGRLXR3MMYZ4%3A20210525%3A1; __qca=P0-166225625-1622062497126; Target_Test=seg%3D13216020%2C13216019%2C13216018%2C13216017%2C13306012%2C13306015%2C13306029%2C13306030%2C13306033%2C13306034%2C13306035%2C13306037%2C13306040; aam_uuid=18372740443827920210694679194462571264; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAqYM6p15AQAAIIB1qgUPFG8kr9kzc6fQqih7YGX6VCOvQ55g1x+ZynjMLIaGzexoZQYPHkGy6By9v96eXV72HpIZdyhtdZDRQeaIJFbXivUIWKvR0fZY3rv7WiErmDUjMlTEo+zj4xVS566Mr8xNGjjPNtSpXy3JAKnQpB9A0UZmFc4SETSfUqflXXceWVLDLK7p4Hox53HiyFb2rL4qK2J6xVHO6UXlpzYFZdgA2Kz3Bxs4/+iDjzgxC3VHN/GyOwBOGAKBRmX+BbFrHBzmlF9PgmSW77ooa7LTmPeKJGdXpd6BchELreOYKHH+0iTcPOOk6inuv1Jts9HGXnoymOG0XzdCzdc7dbp0H/B3rpmFluqtS1fivIItnFdRTP+jiuYuWw==~-1~||-1||~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:58 GMT
last-modified: Tue, 20 Oct 2020 22:40:23 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=631483
server-timing: cdn-cache; desc=HIT edge; dur=306
content-length: 953
expires: Thu, 03 Jun 2021 04:19:41 GMT

GET
H2 200 21.png
www.mcafee.com/wp-content/uploads/2019/11/ 3 KB
3 KB 598ms
598ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/21.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

dbaac57621bdd36e948aac23d3800c57845ba3cd42f00fe69033aafd1520ce93

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/21.png
pragma: no-cache
cookie: bm_sz=3943293BC7E816B6C516DD97221A3B2C~YAAQbrsQAo0M6p15AQAAa3p1qgtfBJSSiRYVhard7ySKDNJ94kxj8muCEdvK8H2x5iOvVucaGfMD7XReHLRe6U4QkRBCeQ+V3lBlDQ1Jos5eLhVBZuiCT+atZuBwA/1uARN8mDZG2DX5zzdAMcymnEWxArsSvshsfVnjkeLZFHK49KClBdHHKG4j8T7Lk7wl; RT="z=1&dm=mcafee.com&si=ca9f7b13-2a01-4aa7-9a01-e323be6c3ad3&ss=kp5y4n4n&sl=0&tt=0&bcn=%2F%2F686eb51b.akstat.io%2F"; _fbp=fb.1.1622062496567.2061090722; AMCVS_A729776A5245B1590A490D44%40AdobeOrg=1; run_fs_for_user=false; utag_main=v_id:0179aa757b43000a50b18c08f5a100072006206a00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1622064296579$ses_id:1622062496579%3Bexp-session$vapi_domain:mcafee.com; s_ecid=MCMID%7C13158920519591245840188672693979582525; s_gpv=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cburan-ransomware-the-evolution-of-vegalocker; s_cc=true; _gcl_au=1.1.2132358590.1622062497; _ga=GA1.2.1270127944.1622062497; _gid=GA1.2.1219848794.1622062497; _gat_gtag_UA_35949610_14=1; _uetsid=a0e33600be6411ebaa75a7cc295eba60; _uetvid=a0e36160be6411ebb7153db265205953; AMCV_A729776A5245B1590A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C18774%7CMCMID%7C13158920519591245840188672693979582525%7CMCAAMLH-1622667296%7C6%7CMCAAMB-1622667296%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1622069696s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18781%7CvVersion%7C4.6.0; s_nr=1622062497265-New; gpv=other-blogs%3Amcafee-labs%3Aburan-ransomware-the-evolution-of-vegalocker; tp=11733; s_ppv=other-blogs%253Amcafee-labs%253Aburan-ransomware-the-evolution-of-vegalocker%2C10%2C10%2C1200; __adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275; __ar_v4=%7CBSO3ZR5BDRHVJEQK4OCMRI%3A20210525%3A1%7CXMT6NB3COJHGRLXR3MMYZ4%3A20210525%3A1; __qca=P0-166225625-1622062497126; Target_Test=seg%3D13216020%2C13216019%2C13216018%2C13216017%2C13306012%2C13306015%2C13306029%2C13306030%2C13306033%2C13306034%2C13306035%2C13306037%2C13306040; aam_uuid=18372740443827920210694679194462571264; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAqYM6p15AQAAIIB1qgUPFG8kr9kzc6fQqih7YGX6VCOvQ55g1x+ZynjMLIaGzexoZQYPHkGy6By9v96eXV72HpIZdyhtdZDRQeaIJFbXivUIWKvR0fZY3rv7WiErmDUjMlTEo+zj4xVS566Mr8xNGjjPNtSpXy3JAKnQpB9A0UZmFc4SETSfUqflXXceWVLDLK7p4Hox53HiyFb2rL4qK2J6xVHO6UXlpzYFZdgA2Kz3Bxs4/+iDjzgxC3VHN/GyOwBOGAKBRmX+BbFrHBzmlF9PgmSW77ooa7LTmPeKJGdXpd6BchELreOYKHH+0iTcPOOk6inuv1Jts9HGXnoymOG0XzdCzdc7dbp0H/B3rpmFluqtS1fivIItnFdRTP+jiuYuWw==~-1~||-1||~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:59 GMT
last-modified: Thu, 04 Feb 2021 17:19:13 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=2412272
server-timing: cdn-cache; desc=HIT edge; dur=563
content-length: 3069
expires: Wed, 23 Jun 2021 18:59:31 GMT

GET
H2 200 22.png
www.mcafee.com/wp-content/uploads/2019/11/ 89 KB
90 KB 742ms
741ms Image
image/webp 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/22.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

5efcb3edeabaffdcc9b98ad2651c3d03a06532bba88ffcde629650a2fc0ce91f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/22.png
pragma: no-cache
cookie: bm_sz=3943293BC7E816B6C516DD97221A3B2C~YAAQbrsQAo0M6p15AQAAa3p1qgtfBJSSiRYVhard7ySKDNJ94kxj8muCEdvK8H2x5iOvVucaGfMD7XReHLRe6U4QkRBCeQ+V3lBlDQ1Jos5eLhVBZuiCT+atZuBwA/1uARN8mDZG2DX5zzdAMcymnEWxArsSvshsfVnjkeLZFHK49KClBdHHKG4j8T7Lk7wl; RT="z=1&dm=mcafee.com&si=ca9f7b13-2a01-4aa7-9a01-e323be6c3ad3&ss=kp5y4n4n&sl=0&tt=0&bcn=%2F%2F686eb51b.akstat.io%2F"; _fbp=fb.1.1622062496567.2061090722; AMCVS_A729776A5245B1590A490D44%40AdobeOrg=1; run_fs_for_user=false; utag_main=v_id:0179aa757b43000a50b18c08f5a100072006206a00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1622064296579$ses_id:1622062496579%3Bexp-session$vapi_domain:mcafee.com; s_ecid=MCMID%7C13158920519591245840188672693979582525; s_gpv=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cburan-ransomware-the-evolution-of-vegalocker; s_cc=true; _gcl_au=1.1.2132358590.1622062497; _ga=GA1.2.1270127944.1622062497; _gid=GA1.2.1219848794.1622062497; _gat_gtag_UA_35949610_14=1; _uetsid=a0e33600be6411ebaa75a7cc295eba60; _uetvid=a0e36160be6411ebb7153db265205953; AMCV_A729776A5245B1590A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C18774%7CMCMID%7C13158920519591245840188672693979582525%7CMCAAMLH-1622667296%7C6%7CMCAAMB-1622667296%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1622069696s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18781%7CvVersion%7C4.6.0; s_nr=1622062497265-New; gpv=other-blogs%3Amcafee-labs%3Aburan-ransomware-the-evolution-of-vegalocker; tp=11733; s_ppv=other-blogs%253Amcafee-labs%253Aburan-ransomware-the-evolution-of-vegalocker%2C10%2C10%2C1200; __adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275; __ar_v4=%7CBSO3ZR5BDRHVJEQK4OCMRI%3A20210525%3A1%7CXMT6NB3COJHGRLXR3MMYZ4%3A20210525%3A1; __qca=P0-166225625-1622062497126; Target_Test=seg%3D13216020%2C13216019%2C13216018%2C13216017%2C13306012%2C13306015%2C13306029%2C13306030%2C13306033%2C13306034%2C13306035%2C13306037%2C13306040; aam_uuid=18372740443827920210694679194462571264; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAqYM6p15AQAAIIB1qgUPFG8kr9kzc6fQqih7YGX6VCOvQ55g1x+ZynjMLIaGzexoZQYPHkGy6By9v96eXV72HpIZdyhtdZDRQeaIJFbXivUIWKvR0fZY3rv7WiErmDUjMlTEo+zj4xVS566Mr8xNGjjPNtSpXy3JAKnQpB9A0UZmFc4SETSfUqflXXceWVLDLK7p4Hox53HiyFb2rL4qK2J6xVHO6UXlpzYFZdgA2Kz3Bxs4/+iDjzgxC3VHN/GyOwBOGAKBRmX+BbFrHBzmlF9PgmSW77ooa7LTmPeKJGdXpd6BchELreOYKHH+0iTcPOOk6inuv1Jts9HGXnoymOG0XzdCzdc7dbp0H/B3rpmFluqtS1fivIItnFdRTP+jiuYuWw==~-1~||-1||~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:59 GMT
last-modified: Thu, 22 Apr 2021 12:56:29 GMT
x-serial: 1694
strict-transport-security: max-age=31536000
content-type: image/webp
x-check-cacheable: YES
cache-control: no-transform, max-age=1989902
server-timing: cdn-cache; desc=MISS edge; dur=552 origin; dur=150
content-length: 91410
server: Akamai Image Manager
expires: Fri, 18 Jun 2021 21:40:01 GMT

GET
H2

404

23.png
www.mcafee.com/blogs/wp-content/uploads/2019/11/
Redirect Chain

https://securingtomorrow.mcafee.com/wp-content/uploads/2019/11/23.png
https://www.mcafee.com/blogs/wp-content/uploads/2019/11/23.png

44 KB
44 KB

3219ms
3218ms

Image
text/html

104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/blogs/wp-content/uploads/2019/11/23.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

797a4e901f06c26e59f26a2b449a8fcfffcf86dd2b66d73240ee8b3cd04528e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /blogs/wp-content/uploads/2019/11/23.png
pragma: no-cache
cookie: bm_sz=3943293BC7E816B6C516DD97221A3B2C~YAAQbrsQAo0M6p15AQAAa3p1qgtfBJSSiRYVhard7ySKDNJ94kxj8muCEdvK8H2x5iOvVucaGfMD7XReHLRe6U4QkRBCeQ+V3lBlDQ1Jos5eLhVBZuiCT+atZuBwA/1uARN8mDZG2DX5zzdAMcymnEWxArsSvshsfVnjkeLZFHK49KClBdHHKG4j8T7Lk7wl; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAo4M6p15AQAAa3p1qgUESSM9rXm/qC5pgFUhUbu/3Waq8Oomrn/Zy/2bv5bncf/kbcFSOQj/6r1XjF8CGIeQ1+ptc8XuNeCRQSuOGQNjBwQ60JEHcsQjcK5o3ykcnY3zQHQNieh1t7ljAKrPC8S3NI9aqDBR1sGC9RR67kWmyF9FPu2ZmR82NJu48RghRZokUeyLNxnh5HfOqxnItozNsPSp2JbBndRaipNlCNM539cjCZcaWrnmBviyYVu6I1FBZpHZZnNE1UGy+/i6VaXUvwAUbSTPdt07H/HNllLtMP28/SMbaPhCbXL2u/9xGVzomh8hRkG28YB7pV4dAGt0nORF44TkwQY1Br59kb34ZalyKzqCbB188m3ndSBar7MQi/K87g==~-1~-1~-1; RT="z=1&dm=mcafee.com&si=ca9f7b13-2a01-4aa7-9a01-e323be6c3ad3&ss=kp5y4n4n&sl=0&tt=0&bcn=%2F%2F686eb51b.akstat.io%2F"; _fbp=fb.1.1622062496567.2061090722; utag_main=v_id:0179aa757b43000a50b18c08f5a100072006206a00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1622064296579$ses_id:1622062496579%3Bexp-session; AMCVS_A729776A5245B1590A490D44%40AdobeOrg=1; AMCV_A729776A5245B1590A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C18774%7CMCMID%7C13158920519591245840188672693979582525%7CMCAAMLH-1622667296%7C6%7CMCAAMB-1622667296%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1622069696s%7CNONE%7CvVersion%7C4.6.0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-site
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:59 GMT
x-content-type-options: nosniff
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=2591999
content-disposition: inline
server-timing: cdn-cache; desc=HIT edge; dur=1
link: <https://www.mcafee.com/blogs/wp-json/>; rel="https://api.w.org/"
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
expires: Fri, 25 Jun 2021 20:54:58 GMT

Redirect headers

Location: https://www.mcafee.com/blogs/wp-content/uploads/2019/11/23.png
Date: Wed, 26 May 2021 20:54:56 GMT
Server: Apache
Connection: keep-alive
Content-Length: 270
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 24.png
www.mcafee.com/wp-content/uploads/2019/11/ 1 KB
2 KB 546ms
545ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/24.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

1bdc1ec691f814059b0332d8dd4da72ef0117f2849c763330e0e5d4174ad5667

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/24.png
pragma: no-cache
cookie: bm_sz=3943293BC7E816B6C516DD97221A3B2C~YAAQbrsQAo0M6p15AQAAa3p1qgtfBJSSiRYVhard7ySKDNJ94kxj8muCEdvK8H2x5iOvVucaGfMD7XReHLRe6U4QkRBCeQ+V3lBlDQ1Jos5eLhVBZuiCT+atZuBwA/1uARN8mDZG2DX5zzdAMcymnEWxArsSvshsfVnjkeLZFHK49KClBdHHKG4j8T7Lk7wl; RT="z=1&dm=mcafee.com&si=ca9f7b13-2a01-4aa7-9a01-e323be6c3ad3&ss=kp5y4n4n&sl=0&tt=0&bcn=%2F%2F686eb51b.akstat.io%2F"; _fbp=fb.1.1622062496567.2061090722; AMCVS_A729776A5245B1590A490D44%40AdobeOrg=1; run_fs_for_user=false; utag_main=v_id:0179aa757b43000a50b18c08f5a100072006206a00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1622064296579$ses_id:1622062496579%3Bexp-session$vapi_domain:mcafee.com; s_ecid=MCMID%7C13158920519591245840188672693979582525; s_gpv=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cburan-ransomware-the-evolution-of-vegalocker; s_cc=true; _gcl_au=1.1.2132358590.1622062497; _ga=GA1.2.1270127944.1622062497; _gid=GA1.2.1219848794.1622062497; _gat_gtag_UA_35949610_14=1; _uetsid=a0e33600be6411ebaa75a7cc295eba60; _uetvid=a0e36160be6411ebb7153db265205953; AMCV_A729776A5245B1590A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C18774%7CMCMID%7C13158920519591245840188672693979582525%7CMCAAMLH-1622667296%7C6%7CMCAAMB-1622667296%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1622069696s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18781%7CvVersion%7C4.6.0; s_nr=1622062497265-New; gpv=other-blogs%3Amcafee-labs%3Aburan-ransomware-the-evolution-of-vegalocker; tp=11733; s_ppv=other-blogs%253Amcafee-labs%253Aburan-ransomware-the-evolution-of-vegalocker%2C10%2C10%2C1200; __adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275; __ar_v4=%7CBSO3ZR5BDRHVJEQK4OCMRI%3A20210525%3A1%7CXMT6NB3COJHGRLXR3MMYZ4%3A20210525%3A1; __qca=P0-166225625-1622062497126; Target_Test=seg%3D13216020%2C13216019%2C13216018%2C13216017%2C13306012%2C13306015%2C13306029%2C13306030%2C13306033%2C13306034%2C13306035%2C13306037%2C13306040; aam_uuid=18372740443827920210694679194462571264; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAqYM6p15AQAAIIB1qgUPFG8kr9kzc6fQqih7YGX6VCOvQ55g1x+ZynjMLIaGzexoZQYPHkGy6By9v96eXV72HpIZdyhtdZDRQeaIJFbXivUIWKvR0fZY3rv7WiErmDUjMlTEo+zj4xVS566Mr8xNGjjPNtSpXy3JAKnQpB9A0UZmFc4SETSfUqflXXceWVLDLK7p4Hox53HiyFb2rL4qK2J6xVHO6UXlpzYFZdgA2Kz3Bxs4/+iDjzgxC3VHN/GyOwBOGAKBRmX+BbFrHBzmlF9PgmSW77ooa7LTmPeKJGdXpd6BchELreOYKHH+0iTcPOOk6inuv1Jts9HGXnoymOG0XzdCzdc7dbp0H/B3rpmFluqtS1fivIItnFdRTP+jiuYuWw==~-1~||-1||~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:59 GMT
last-modified: Mon, 19 Oct 2020 14:28:51 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=521363
server-timing: cdn-cache; desc=HIT edge; dur=511
content-length: 1498
expires: Tue, 01 Jun 2021 21:44:22 GMT

GET
H2 200 25.png
www.mcafee.com/wp-content/uploads/2019/11/ 2 KB
3 KB 541ms
540ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/25.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

89d0f2a439bbbd6f0d72bd9ddfcd74d75d40c34399e24168fc817b4389a3e546

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/25.png
pragma: no-cache
cookie: bm_sz=3943293BC7E816B6C516DD97221A3B2C~YAAQbrsQAo0M6p15AQAAa3p1qgtfBJSSiRYVhard7ySKDNJ94kxj8muCEdvK8H2x5iOvVucaGfMD7XReHLRe6U4QkRBCeQ+V3lBlDQ1Jos5eLhVBZuiCT+atZuBwA/1uARN8mDZG2DX5zzdAMcymnEWxArsSvshsfVnjkeLZFHK49KClBdHHKG4j8T7Lk7wl; RT="z=1&dm=mcafee.com&si=ca9f7b13-2a01-4aa7-9a01-e323be6c3ad3&ss=kp5y4n4n&sl=0&tt=0&bcn=%2F%2F686eb51b.akstat.io%2F"; _fbp=fb.1.1622062496567.2061090722; AMCVS_A729776A5245B1590A490D44%40AdobeOrg=1; run_fs_for_user=false; utag_main=v_id:0179aa757b43000a50b18c08f5a100072006206a00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1622064296579$ses_id:1622062496579%3Bexp-session$vapi_domain:mcafee.com; s_ecid=MCMID%7C13158920519591245840188672693979582525; s_gpv=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cburan-ransomware-the-evolution-of-vegalocker; s_cc=true; _gcl_au=1.1.2132358590.1622062497; _ga=GA1.2.1270127944.1622062497; _gid=GA1.2.1219848794.1622062497; _gat_gtag_UA_35949610_14=1; _uetsid=a0e33600be6411ebaa75a7cc295eba60; _uetvid=a0e36160be6411ebb7153db265205953; AMCV_A729776A5245B1590A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C18774%7CMCMID%7C13158920519591245840188672693979582525%7CMCAAMLH-1622667296%7C6%7CMCAAMB-1622667296%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1622069696s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18781%7CvVersion%7C4.6.0; s_nr=1622062497265-New; gpv=other-blogs%3Amcafee-labs%3Aburan-ransomware-the-evolution-of-vegalocker; tp=11733; s_ppv=other-blogs%253Amcafee-labs%253Aburan-ransomware-the-evolution-of-vegalocker%2C10%2C10%2C1200; __adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275; __ar_v4=%7CBSO3ZR5BDRHVJEQK4OCMRI%3A20210525%3A1%7CXMT6NB3COJHGRLXR3MMYZ4%3A20210525%3A1; __qca=P0-166225625-1622062497126; Target_Test=seg%3D13216020%2C13216019%2C13216018%2C13216017%2C13306012%2C13306015%2C13306029%2C13306030%2C13306033%2C13306034%2C13306035%2C13306037%2C13306040; aam_uuid=18372740443827920210694679194462571264; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAqYM6p15AQAAIIB1qgUPFG8kr9kzc6fQqih7YGX6VCOvQ55g1x+ZynjMLIaGzexoZQYPHkGy6By9v96eXV72HpIZdyhtdZDRQeaIJFbXivUIWKvR0fZY3rv7WiErmDUjMlTEo+zj4xVS566Mr8xNGjjPNtSpXy3JAKnQpB9A0UZmFc4SETSfUqflXXceWVLDLK7p4Hox53HiyFb2rL4qK2J6xVHO6UXlpzYFZdgA2Kz3Bxs4/+iDjzgxC3VHN/GyOwBOGAKBRmX+BbFrHBzmlF9PgmSW77ooa7LTmPeKJGdXpd6BchELreOYKHH+0iTcPOOk6inuv1Jts9HGXnoymOG0XzdCzdc7dbp0H/B3rpmFluqtS1fivIItnFdRTP+jiuYuWw==~-1~||-1||~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:59 GMT
last-modified: Tue, 24 Nov 2020 20:02:31 GMT
x-serial: 120
strict-transport-security: max-age=31536000
content-type: image/png
x-check-cacheable: YES
cache-control: no-transform, max-age=1107384
server-timing: cdn-cache; desc=MISS edge; dur=333 origin; dur=174
content-length: 2269
server: Akamai Image Manager
expires: Tue, 08 Jun 2021 16:31:23 GMT

GET
H2 200 26.png
www.mcafee.com/wp-content/uploads/2019/11/ 1 KB
2 KB 997ms
997ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/26.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

15043751aa849b913e307a6e1188512f2a189b8def23d5815178731d8ddf1c29

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/26.png
pragma: no-cache
cookie: bm_sz=3943293BC7E816B6C516DD97221A3B2C~YAAQbrsQAo0M6p15AQAAa3p1qgtfBJSSiRYVhard7ySKDNJ94kxj8muCEdvK8H2x5iOvVucaGfMD7XReHLRe6U4QkRBCeQ+V3lBlDQ1Jos5eLhVBZuiCT+atZuBwA/1uARN8mDZG2DX5zzdAMcymnEWxArsSvshsfVnjkeLZFHK49KClBdHHKG4j8T7Lk7wl; RT="z=1&dm=mcafee.com&si=ca9f7b13-2a01-4aa7-9a01-e323be6c3ad3&ss=kp5y4n4n&sl=0&tt=0&bcn=%2F%2F686eb51b.akstat.io%2F"; _fbp=fb.1.1622062496567.2061090722; AMCVS_A729776A5245B1590A490D44%40AdobeOrg=1; run_fs_for_user=false; utag_main=v_id:0179aa757b43000a50b18c08f5a100072006206a00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1622064296579$ses_id:1622062496579%3Bexp-session$vapi_domain:mcafee.com; s_ecid=MCMID%7C13158920519591245840188672693979582525; s_gpv=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cburan-ransomware-the-evolution-of-vegalocker; s_cc=true; _gcl_au=1.1.2132358590.1622062497; _ga=GA1.2.1270127944.1622062497; _gid=GA1.2.1219848794.1622062497; _gat_gtag_UA_35949610_14=1; _uetsid=a0e33600be6411ebaa75a7cc295eba60; _uetvid=a0e36160be6411ebb7153db265205953; AMCV_A729776A5245B1590A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C18774%7CMCMID%7C13158920519591245840188672693979582525%7CMCAAMLH-1622667296%7C6%7CMCAAMB-1622667296%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1622069696s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18781%7CvVersion%7C4.6.0; s_nr=1622062497265-New; gpv=other-blogs%3Amcafee-labs%3Aburan-ransomware-the-evolution-of-vegalocker; tp=11733; s_ppv=other-blogs%253Amcafee-labs%253Aburan-ransomware-the-evolution-of-vegalocker%2C10%2C10%2C1200; __adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275; __ar_v4=%7CBSO3ZR5BDRHVJEQK4OCMRI%3A20210525%3A1%7CXMT6NB3COJHGRLXR3MMYZ4%3A20210525%3A1; __qca=P0-166225625-1622062497126; Target_Test=seg%3D13216020%2C13216019%2C13216018%2C13216017%2C13306012%2C13306015%2C13306029%2C13306030%2C13306033%2C13306034%2C13306035%2C13306037%2C13306040; aam_uuid=18372740443827920210694679194462571264; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAqYM6p15AQAAIIB1qgUPFG8kr9kzc6fQqih7YGX6VCOvQ55g1x+ZynjMLIaGzexoZQYPHkGy6By9v96eXV72HpIZdyhtdZDRQeaIJFbXivUIWKvR0fZY3rv7WiErmDUjMlTEo+zj4xVS566Mr8xNGjjPNtSpXy3JAKnQpB9A0UZmFc4SETSfUqflXXceWVLDLK7p4Hox53HiyFb2rL4qK2J6xVHO6UXlpzYFZdgA2Kz3Bxs4/+iDjzgxC3VHN/GyOwBOGAKBRmX+BbFrHBzmlF9PgmSW77ooa7LTmPeKJGdXpd6BchELreOYKHH+0iTcPOOk6inuv1Jts9HGXnoymOG0XzdCzdc7dbp0H/B3rpmFluqtS1fivIItnFdRTP+jiuYuWw==~-1~||-1||~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:55:00 GMT
last-modified: Sun, 09 May 2021 21:22:53 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=1124816
server-timing: cdn-cache; desc=HIT edge; dur=961
content-length: 1521
expires: Tue, 08 Jun 2021 21:21:56 GMT

GET
H2 200 27.png
www.mcafee.com/wp-content/uploads/2019/11/ 1 KB
2 KB 561ms
561ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/27.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

88b3b2d6d43e3d37e38e2daa2d73a89db49ad66931f16cc9f599c72360178c4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/27.png
pragma: no-cache
cookie: bm_sz=3943293BC7E816B6C516DD97221A3B2C~YAAQbrsQAo0M6p15AQAAa3p1qgtfBJSSiRYVhard7ySKDNJ94kxj8muCEdvK8H2x5iOvVucaGfMD7XReHLRe6U4QkRBCeQ+V3lBlDQ1Jos5eLhVBZuiCT+atZuBwA/1uARN8mDZG2DX5zzdAMcymnEWxArsSvshsfVnjkeLZFHK49KClBdHHKG4j8T7Lk7wl; RT="z=1&dm=mcafee.com&si=ca9f7b13-2a01-4aa7-9a01-e323be6c3ad3&ss=kp5y4n4n&sl=0&tt=0&bcn=%2F%2F686eb51b.akstat.io%2F"; _fbp=fb.1.1622062496567.2061090722; AMCVS_A729776A5245B1590A490D44%40AdobeOrg=1; run_fs_for_user=false; utag_main=v_id:0179aa757b43000a50b18c08f5a100072006206a00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1622064296579$ses_id:1622062496579%3Bexp-session$vapi_domain:mcafee.com; s_ecid=MCMID%7C13158920519591245840188672693979582525; s_gpv=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cburan-ransomware-the-evolution-of-vegalocker; s_cc=true; _gcl_au=1.1.2132358590.1622062497; _ga=GA1.2.1270127944.1622062497; _gid=GA1.2.1219848794.1622062497; _gat_gtag_UA_35949610_14=1; _uetsid=a0e33600be6411ebaa75a7cc295eba60; _uetvid=a0e36160be6411ebb7153db265205953; AMCV_A729776A5245B1590A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C18774%7CMCMID%7C13158920519591245840188672693979582525%7CMCAAMLH-1622667296%7C6%7CMCAAMB-1622667296%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1622069696s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18781%7CvVersion%7C4.6.0; s_nr=1622062497265-New; gpv=other-blogs%3Amcafee-labs%3Aburan-ransomware-the-evolution-of-vegalocker; tp=11733; s_ppv=other-blogs%253Amcafee-labs%253Aburan-ransomware-the-evolution-of-vegalocker%2C10%2C10%2C1200; __adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275; __ar_v4=%7CBSO3ZR5BDRHVJEQK4OCMRI%3A20210525%3A1%7CXMT6NB3COJHGRLXR3MMYZ4%3A20210525%3A1; __qca=P0-166225625-1622062497126; Target_Test=seg%3D13216020%2C13216019%2C13216018%2C13216017%2C13306012%2C13306015%2C13306029%2C13306030%2C13306033%2C13306034%2C13306035%2C13306037%2C13306040; aam_uuid=18372740443827920210694679194462571264; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAqYM6p15AQAAIIB1qgUPFG8kr9kzc6fQqih7YGX6VCOvQ55g1x+ZynjMLIaGzexoZQYPHkGy6By9v96eXV72HpIZdyhtdZDRQeaIJFbXivUIWKvR0fZY3rv7WiErmDUjMlTEo+zj4xVS566Mr8xNGjjPNtSpXy3JAKnQpB9A0UZmFc4SETSfUqflXXceWVLDLK7p4Hox53HiyFb2rL4qK2J6xVHO6UXlpzYFZdgA2Kz3Bxs4/+iDjzgxC3VHN/GyOwBOGAKBRmX+BbFrHBzmlF9PgmSW77ooa7LTmPeKJGdXpd6BchELreOYKHH+0iTcPOOk6inuv1Jts9HGXnoymOG0XzdCzdc7dbp0H/B3rpmFluqtS1fivIItnFdRTP+jiuYuWw==~-1~||-1||~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:59 GMT
last-modified: Wed, 07 Apr 2021 12:26:15 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=670931
server-timing: cdn-cache; desc=HIT edge; dur=528
content-length: 1364
expires: Thu, 03 Jun 2021 15:17:10 GMT

GET
H2 200 28.png
www.mcafee.com/wp-content/uploads/2019/11/ 1 KB
2 KB 488ms
488ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/28.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

64e36f5ff48cef951b1fb823100277926b3f02e93094eee3c687092816cb06ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/28.png
pragma: no-cache
cookie: bm_sz=3943293BC7E816B6C516DD97221A3B2C~YAAQbrsQAo0M6p15AQAAa3p1qgtfBJSSiRYVhard7ySKDNJ94kxj8muCEdvK8H2x5iOvVucaGfMD7XReHLRe6U4QkRBCeQ+V3lBlDQ1Jos5eLhVBZuiCT+atZuBwA/1uARN8mDZG2DX5zzdAMcymnEWxArsSvshsfVnjkeLZFHK49KClBdHHKG4j8T7Lk7wl; RT="z=1&dm=mcafee.com&si=ca9f7b13-2a01-4aa7-9a01-e323be6c3ad3&ss=kp5y4n4n&sl=0&tt=0&bcn=%2F%2F686eb51b.akstat.io%2F"; _fbp=fb.1.1622062496567.2061090722; AMCVS_A729776A5245B1590A490D44%40AdobeOrg=1; run_fs_for_user=false; utag_main=v_id:0179aa757b43000a50b18c08f5a100072006206a00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1622064296579$ses_id:1622062496579%3Bexp-session$vapi_domain:mcafee.com; s_ecid=MCMID%7C13158920519591245840188672693979582525; s_gpv=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cburan-ransomware-the-evolution-of-vegalocker; s_cc=true; _gcl_au=1.1.2132358590.1622062497; _ga=GA1.2.1270127944.1622062497; _gid=GA1.2.1219848794.1622062497; _gat_gtag_UA_35949610_14=1; _uetsid=a0e33600be6411ebaa75a7cc295eba60; _uetvid=a0e36160be6411ebb7153db265205953; AMCV_A729776A5245B1590A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C18774%7CMCMID%7C13158920519591245840188672693979582525%7CMCAAMLH-1622667296%7C6%7CMCAAMB-1622667296%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1622069696s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18781%7CvVersion%7C4.6.0; s_nr=1622062497265-New; gpv=other-blogs%3Amcafee-labs%3Aburan-ransomware-the-evolution-of-vegalocker; tp=11733; s_ppv=other-blogs%253Amcafee-labs%253Aburan-ransomware-the-evolution-of-vegalocker%2C10%2C10%2C1200; __adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275; __ar_v4=%7CBSO3ZR5BDRHVJEQK4OCMRI%3A20210525%3A1%7CXMT6NB3COJHGRLXR3MMYZ4%3A20210525%3A1; __qca=P0-166225625-1622062497126; Target_Test=seg%3D13216020%2C13216019%2C13216018%2C13216017%2C13306012%2C13306015%2C13306029%2C13306030%2C13306033%2C13306034%2C13306035%2C13306037%2C13306040; aam_uuid=18372740443827920210694679194462571264; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAqYM6p15AQAAIIB1qgUPFG8kr9kzc6fQqih7YGX6VCOvQ55g1x+ZynjMLIaGzexoZQYPHkGy6By9v96eXV72HpIZdyhtdZDRQeaIJFbXivUIWKvR0fZY3rv7WiErmDUjMlTEo+zj4xVS566Mr8xNGjjPNtSpXy3JAKnQpB9A0UZmFc4SETSfUqflXXceWVLDLK7p4Hox53HiyFb2rL4qK2J6xVHO6UXlpzYFZdgA2Kz3Bxs4/+iDjzgxC3VHN/GyOwBOGAKBRmX+BbFrHBzmlF9PgmSW77ooa7LTmPeKJGdXpd6BchELreOYKHH+0iTcPOOk6inuv1Jts9HGXnoymOG0XzdCzdc7dbp0H/B3rpmFluqtS1fivIItnFdRTP+jiuYuWw==~-1~||-1||~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:59 GMT
last-modified: Tue, 20 Apr 2021 15:59:19 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=1818468
server-timing: cdn-cache; desc=HIT edge; dur=454
content-length: 1336
expires: Wed, 16 Jun 2021 22:02:47 GMT

GET
H2 200 29.png
www.mcafee.com/wp-content/uploads/2019/11/ 7 KB
7 KB 512ms
511ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/29.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

b892c5be335af0dba8944c2d245d80ede66099738a88df1c478f7ca4832388a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/29.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:59 GMT
last-modified: Tue, 06 Apr 2021 06:03:16 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=631617
server-timing: cdn-cache; desc=HIT edge; dur=479
content-length: 6793
expires: Thu, 03 Jun 2021 04:21:56 GMT

GET
H2 200 30.png
www.mcafee.com/wp-content/uploads/2019/11/ 11 KB
11 KB 550ms
549ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/uploads/2019/11/30.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

13918cd8119361049fbea62221802f5d0b612e9b54ad3ee93a41e06821eecb97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/uploads/2019/11/30.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:55:00 GMT
last-modified: Thu, 01 Oct 2020 08:56:34 GMT
server: Akamai Image Manager
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: no-transform, max-age=426305
server-timing: cdn-cache; desc=HIT edge; dur=516
content-length: 11251
expires: Mon, 31 May 2021 19:20:05 GMT

GET
H2 200 logo-mcafee-secure.svg
www.mcafee.com/enterprise/en-us/img/v1/common/ 2 KB
3 KB 30ms
30ms Image
image/svg+xml 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/enterprise/en-us/img/v1/common/logo-mcafee-secure.svg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

5c1da3c68b2500408c538cec9898b1f58b56d4a0e529342c256785cf9d4f5c65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /enterprise/en-us/img/v1/common/logo-mcafee-secure.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:59 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-disposition: attachment; filename="logo-mcafee-secure.svg"
server-timing: cdn-cache; desc=HIT edge; dur=1
content-length: 2447
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 20 Apr 2020 17:36:51 GMT
server: Apache
etag: "98f-5a3bc581c92c0"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: max-age=0
accept-ranges: bytes
expires: Wed, 26 May 2021 20:54:59 GMT

GET
H2 200 97950c5b4no227ea5e345f54080189a Show response
www.mcafee.com/clientlibs/ 77 KB
20 KB 29ms
29ms Script
application/javascript 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/clientlibs/97950c5b4no227ea5e345f54080189a

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Resource Hash

7923c5df4689d8e2b03d4b24349057eb7415f9d70b6cd91975fd19814b402821

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /clientlibs/97950c5b4no227ea5e345f54080189a
pragma: no-cache
cookie: bm_sz=002DF1B055598189835F07F34F5748D6~YAAQbrsQAocM6p15AQAAmXh1qguzYGIOBVHUJUWOdVGTrbwrZK18N7VDULZ2hoT+9ipmHbJxHm+xtQaX7Be4VVLvRaniMlavQO3pGTl0IKsyz0IEhH7EI/i3KrjKAQwaud//hmGFoeMu5+fd6x4YAiEM+Wn/bA2TL1yiCCAZyWHJ8TMMaBs9m33qoPZETwP7; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAogM6p15AQAAmXh1qgVsoIDiaaYGHh/rQWG1zQ+AKAPiBcZy9rBAEesAI8KY6FpslZwe/9kdGIkuORGxkC4yuK7exqRpkF9rBntMRdmmBNO2cYflLr293caFN5HPu+81+a8OtdvCqodWXmgpaxAF5gDllxiAI+DuWltdFw9/sgQCTU0N4lgexpX1mMiSkbl+oOlqzuuKYPj31M/3xEjLbwnRZ6SRVGlMPwArZYfSMrs3Rq2AUH/EBb2apls2kKwOZy9Di55zTUwSfm9IQCnbftxWN8nTpqCP4PnpF8+p00h3/AnsPSRCvRtwZBu+ffPL0M40QnAOeJYYAsKYHsDCfkPa26Q/QffG9XQkWN6b8eTk9cInLW0=~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
last-modified: Mon, 26 Apr 2021 16:10:06 GMT
etag: "d1dbb955755ca44a0b872a64f97c471a45b14e941f69d082c19f792576ae34fb"
vary: Accept-Encoding
content-type: application/javascript
set-cookie: _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAokM6p15AQAAnnl1qgXFt9FAqI8wC40oyRoCCestQBVlWmDUFnxFXZQ82xpFI8cjP5sAp0XaF829PnS7blfrTFMJi7GCsMj2y4eEGpUl2PVkMjGG4suHaK9FIukF+SxaPYhCrCn4Yh0wrhHauF6xOrxvB8zLiGIqCLxgRBg2nBTQYgzQn0biFVva+IcIRrGUW56kc1ETi+qYod7nQNfE2GAx4u+FUPbzGLdABD2LJlCWwJoGWxXhDgmdXZAWc3CAEaQXMlBJj1Z5vFBizGkUCw/XiYcWd2EUlrqVrEWqedcaoE+NQ4Z9xk3xFURiujRKMbUj1b+Nh8Bo+9UCmT9S2lbUZ9e+ycmmEnMGpHmrO9qhqX8MbX0QqxN03WocdU0eCmOPOQ==~-1~-1~-1; Domain=.mcafee.com; Path=/; Expires=Thu, 26 May 2022 20:54:56 GMT; Max-Age=31536000; Secure
cache-control: max-age=21600
server-timing: cdn-cache; desc=HIT edge; dur=1
strict-transport-security: max-age=31536000
content-length: 19642

GET
H2 200 sec-3-4.css
www.mcafee.com/_sec/cp_challenge/ 2 KB
853 B 34ms
26ms Stylesheet
text/css 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/_sec/cp_challenge/sec-3-4.css

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Resource Hash

e98c61d19f0e628139216fc2f3103faedad7910a4653db598c120b8fa7537ac8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /_sec/cp_challenge/sec-3-4.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
last-modified: Wed, 12 May 2021 16:44:06 GMT
etag: "85a455336c5679f86581ba35c69cc24469bd5ce3b4eaae567a7a69bc0775d19b"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=1800
server-timing: cdn-cache; desc=HIT edge; dur=1
strict-transport-security: max-age=31536000
content-length: 610

GET
H2 200 sec-cpt-3-4.js Show response
www.mcafee.com/_sec/cp_challenge/ 9 KB
3 KB 28ms
27ms Script
application/javascript 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/_sec/cp_challenge/sec-cpt-3-4.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Resource Hash

db7d30f0f913f053accc45f3750d68a8dc8c472942660996b4b7e55a5e83e435

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /_sec/cp_challenge/sec-cpt-3-4.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:59 GMT
content-encoding: gzip
last-modified: Wed, 12 May 2021 16:44:06 GMT
etag: "f2b828bcd1b18ef766ba39f60bfa5b9903684457985f22ff9f80ffc632dfbb75"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1800
server-timing: cdn-cache; desc=HIT edge; dur=1
strict-transport-security: max-age=31536000
content-length: 3258

GET
H2 200 mpp-frontend.js Show response
www.mcafee.com/wp-content/plugins/metronet-profile-picture/js/ 331 B
674 B 38ms
31ms Script
application/javascript 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.3.8

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b695f4e09490004246d228e02338f9d3c4591273e1f35bb0ebe63607c860e608

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.3.8
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 01 Nov 2019 14:46:34 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: public, max-age=3848
server-timing: cdn-cache; desc=HIT edge; dur=1
accept-ranges: bytes
content-length: 331
x-content-type-options: nosniff
expires: Wed, 26 May 2021 21:59:04 GMT

GET
H2 200 hlst-extend.min.js Show response
www.mcafee.com/wp-content/plugins/highlight-search-terms/ 7 KB
7 KB 43ms
36ms Script
application/javascript 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/plugins/highlight-search-terms/hlst-extend.min.js?ver=1.5

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

11ad34354aa42ea83ed45226016e50b8fe825c1a213c57e998af4cd7a251ec7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/highlight-search-terms/hlst-extend.min.js?ver=1.5
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 15 Nov 2019 04:19:16 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: public, max-age=5376
server-timing: cdn-cache; desc=HIT edge; dur=1
accept-ranges: bytes
content-length: 6701
x-content-type-options: nosniff
expires: Wed, 26 May 2021 22:24:32 GMT

GET
H2 200 shortcodes.js Show response
www.mcafee.com/wp-content/plugins/social-polls-by-opinionstage/public/js/ 439 B
782 B 49ms
41ms Script
application/javascript 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/plugins/social-polls-by-opinionstage/public/js/shortcodes.js?ver=19.6.31

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

25afe676005c046f770992aa6e09eb9cbd6f73ee0b51000efd239fbc4ac600e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/social-polls-by-opinionstage/public/js/shortcodes.js?ver=19.6.31
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 01 Nov 2019 14:46:29 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: public, max-age=5569
server-timing: cdn-cache; desc=HIT edge; dur=1
accept-ranges: bytes
content-length: 439
x-content-type-options: nosniff
expires: Wed, 26 May 2021 22:27:45 GMT

GET
H2 200 wpmm.js Show response
www.mcafee.com/wp-content/plugins/wp-megamenu/assets/js/ 3 KB
3 KB 54ms
47ms Script
application/javascript 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/plugins/wp-megamenu/assets/js/wpmm.js?ver=1.3.1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

f6533a7fce56c0926097f8848be9b24fc7cde5f71bf41680b73e2e186ae4272d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/wp-megamenu/assets/js/wpmm.js?ver=1.3.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 15 Nov 2019 04:18:31 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: public, max-age=5359
server-timing: cdn-cache; desc=HIT edge; dur=1
accept-ranges: bytes
content-length: 3192
x-content-type-options: nosniff
expires: Wed, 26 May 2021 22:24:15 GMT

GET
H2 200 theme-script.js Show response
www.mcafee.com/wp-content/themes/securingtomorrow/js/ 4 KB
4 KB 31ms
30ms Script
application/javascript 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/themes/securingtomorrow/js/theme-script.js?ver=5.4.2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

b5ef1c00425aca5499c3fa6e3ae78cecaa4682508e587b952780fccc7e8a2475

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/themes/securingtomorrow/js/theme-script.js?ver=5.4.2
pragma: no-cache
cookie: _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAokM6p15AQAAnnl1qgXFt9FAqI8wC40oyRoCCestQBVlWmDUFnxFXZQ82xpFI8cjP5sAp0XaF829PnS7blfrTFMJi7GCsMj2y4eEGpUl2PVkMjGG4suHaK9FIukF+SxaPYhCrCn4Yh0wrhHauF6xOrxvB8zLiGIqCLxgRBg2nBTQYgzQn0biFVva+IcIRrGUW56kc1ETi+qYod7nQNfE2GAx4u+FUPbzGLdABD2LJlCWwJoGWxXhDgmdXZAWc3CAEaQXMlBJj1Z5vFBizGkUCw/XiYcWd2EUlrqVrEWqedcaoE+NQ4Z9xk3xFURiujRKMbUj1b+Nh8Bo+9UCmT9S2lbUZ9e+ycmmEnMGpHmrO9qhqX8MbX0QqxN03WocdU0eCmOPOQ==~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 15 Nov 2019 04:15:06 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: public, max-age=5154
server-timing: cdn-cache; desc=HIT edge; dur=1
accept-ranges: bytes
content-length: 3736
x-content-type-options: nosniff
expires: Wed, 26 May 2021 22:20:50 GMT

GET
H2 200 skip-link-focus-fix.min.js Show response
www.mcafee.com/wp-content/themes/securingtomorrow/js/ 325 B
668 B 32ms
32ms Script
application/javascript 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/themes/securingtomorrow/js/skip-link-focus-fix.min.js?ver=20151215

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

53f829ae556bf7011727483015d83a98bcdb4b5796eecb728827c1282c971536

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/themes/securingtomorrow/js/skip-link-focus-fix.min.js?ver=20151215
pragma: no-cache
cookie: _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAokM6p15AQAAnnl1qgXFt9FAqI8wC40oyRoCCestQBVlWmDUFnxFXZQ82xpFI8cjP5sAp0XaF829PnS7blfrTFMJi7GCsMj2y4eEGpUl2PVkMjGG4suHaK9FIukF+SxaPYhCrCn4Yh0wrhHauF6xOrxvB8zLiGIqCLxgRBg2nBTQYgzQn0biFVva+IcIRrGUW56kc1ETi+qYod7nQNfE2GAx4u+FUPbzGLdABD2LJlCWwJoGWxXhDgmdXZAWc3CAEaQXMlBJj1Z5vFBizGkUCw/XiYcWd2EUlrqVrEWqedcaoE+NQ4Z9xk3xFURiujRKMbUj1b+Nh8Bo+9UCmT9S2lbUZ9e+ycmmEnMGpHmrO9qhqX8MbX0QqxN03WocdU0eCmOPOQ==~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 15 Nov 2019 04:15:05 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: public, max-age=9125
server-timing: cdn-cache; desc=HIT edge; dur=1
accept-ranges: bytes
content-length: 325
x-content-type-options: nosniff
expires: Wed, 26 May 2021 23:27:01 GMT

GET
H2 200 general.js Show response
www.mcafee.com/wp-content/plugins/super-socializer/js/front/social_login/ 3 KB
3 KB 33ms
33ms Script
application/javascript 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/plugins/super-socializer/js/front/social_login/general.js?ver=7.12.37

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

d945e554a74fa4ece7c2023a078d170d99db2274f1d1c40fc27793fb6ed5f0cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/super-socializer/js/front/social_login/general.js?ver=7.12.37
pragma: no-cache
cookie: _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAokM6p15AQAAnnl1qgXFt9FAqI8wC40oyRoCCestQBVlWmDUFnxFXZQ82xpFI8cjP5sAp0XaF829PnS7blfrTFMJi7GCsMj2y4eEGpUl2PVkMjGG4suHaK9FIukF+SxaPYhCrCn4Yh0wrhHauF6xOrxvB8zLiGIqCLxgRBg2nBTQYgzQn0biFVva+IcIRrGUW56kc1ETi+qYod7nQNfE2GAx4u+FUPbzGLdABD2LJlCWwJoGWxXhDgmdXZAWc3CAEaQXMlBJj1Z5vFBizGkUCw/XiYcWd2EUlrqVrEWqedcaoE+NQ4Z9xk3xFURiujRKMbUj1b+Nh8Bo+9UCmT9S2lbUZ9e+ycmmEnMGpHmrO9qhqX8MbX0QqxN03WocdU0eCmOPOQ==~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 01 Nov 2019 14:46:33 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: public, max-age=5346
content-disposition: inline
server-timing: cdn-cache; desc=HIT edge; dur=1
accept-ranges: bytes
content-length: 2610
x-content-type-options: nosniff
expires: Wed, 26 May 2021 22:24:02 GMT

GET
H2 200 wp-embed.min.js Show response
www.mcafee.com/wp-includes/js/ 1 KB
2 KB 32ms
32ms Script
application/javascript 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-includes/js/wp-embed.min.js?ver=5.4.2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-includes/js/wp-embed.min.js?ver=5.4.2
pragma: no-cache
cookie: _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAokM6p15AQAAnnl1qgXFt9FAqI8wC40oyRoCCestQBVlWmDUFnxFXZQ82xpFI8cjP5sAp0XaF829PnS7blfrTFMJi7GCsMj2y4eEGpUl2PVkMjGG4suHaK9FIukF+SxaPYhCrCn4Yh0wrhHauF6xOrxvB8zLiGIqCLxgRBg2nBTQYgzQn0biFVva+IcIRrGUW56kc1ETi+qYod7nQNfE2GAx4u+FUPbzGLdABD2LJlCWwJoGWxXhDgmdXZAWc3CAEaQXMlBJj1Z5vFBizGkUCw/XiYcWd2EUlrqVrEWqedcaoE+NQ4Z9xk3xFURiujRKMbUj1b+Nh8Bo+9UCmT9S2lbUZ9e+ycmmEnMGpHmrO9qhqX8MbX0QqxN03WocdU0eCmOPOQ==~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 01 Apr 2020 21:50:30 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: public, max-age=1921
server-timing: cdn-cache; desc=HIT edge; dur=1
accept-ranges: bytes
content-length: 1434
x-content-type-options: nosniff
expires: Wed, 26 May 2021 21:26:57 GMT

GET
H2 200 slick.min.js Show response
cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/ 42 KB
10 KB 12ms
6ms Script
application/javascript 2a04:4e42:3::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js?ver=10faaf528e636a046163bdb6753031b2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 9150946
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 10429
etag: W/"a76f-O0GzvJVmhQFaNHoiOOcdsp36Dbs"
x-served-by: cache-fra19157-FRA
date: Wed, 26 May 2021 20:54:56 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 jquery-lib.js Show response
www.mcafee.com/wp-content/themes/securingtomorrow/js/ 137 KB
137 KB 33ms
33ms Script
application/javascript 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/themes/securingtomorrow/js/jquery-lib.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

72e5ff70b2607cdc1d4be2a6421e55416063b27b7de975d259f4e536bd7b20a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/themes/securingtomorrow/js/jquery-lib.js
pragma: no-cache
cookie: _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAokM6p15AQAAnnl1qgXFt9FAqI8wC40oyRoCCestQBVlWmDUFnxFXZQ82xpFI8cjP5sAp0XaF829PnS7blfrTFMJi7GCsMj2y4eEGpUl2PVkMjGG4suHaK9FIukF+SxaPYhCrCn4Yh0wrhHauF6xOrxvB8zLiGIqCLxgRBg2nBTQYgzQn0biFVva+IcIRrGUW56kc1ETi+qYod7nQNfE2GAx4u+FUPbzGLdABD2LJlCWwJoGWxXhDgmdXZAWc3CAEaQXMlBJj1Z5vFBizGkUCw/XiYcWd2EUlrqVrEWqedcaoE+NQ4Z9xk3xFURiujRKMbUj1b+Nh8Bo+9UCmT9S2lbUZ9e+ycmmEnMGpHmrO9qhqX8MbX0QqxN03WocdU0eCmOPOQ==~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 15 Nov 2019 04:15:03 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: public, max-age=3770
server-timing: cdn-cache; desc=HIT edge; dur=1
accept-ranges: bytes
content-length: 140055
x-content-type-options: nosniff
expires: Wed, 26 May 2021 21:57:46 GMT

GET
H2 200 main.js Show response
www.mcafee.com/wp-content/themes/securingtomorrow/js/ 26 KB
27 KB 49ms
49ms Script
application/javascript 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/themes/securingtomorrow/js/main.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

4a8895e9d5f662094d8bedc183c8b88d8ae4ec0a5446e754c8c6967289440a8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/themes/securingtomorrow/js/main.js
pragma: no-cache
cookie: _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAokM6p15AQAAnnl1qgXFt9FAqI8wC40oyRoCCestQBVlWmDUFnxFXZQ82xpFI8cjP5sAp0XaF829PnS7blfrTFMJi7GCsMj2y4eEGpUl2PVkMjGG4suHaK9FIukF+SxaPYhCrCn4Yh0wrhHauF6xOrxvB8zLiGIqCLxgRBg2nBTQYgzQn0biFVva+IcIRrGUW56kc1ETi+qYod7nQNfE2GAx4u+FUPbzGLdABD2LJlCWwJoGWxXhDgmdXZAWc3CAEaQXMlBJj1Z5vFBizGkUCw/XiYcWd2EUlrqVrEWqedcaoE+NQ4Z9xk3xFURiujRKMbUj1b+Nh8Bo+9UCmT9S2lbUZ9e+ycmmEnMGpHmrO9qhqX8MbX0QqxN03WocdU0eCmOPOQ==~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 06 Mar 2020 04:47:32 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: public, max-age=5573
server-timing: cdn-cache; desc=HIT edge; dur=1
accept-ranges: bytes
content-length: 26963
x-content-type-options: nosniff
expires: Wed, 26 May 2021 22:27:49 GMT

GET
H2 200 general_footer.js Show response
www.mcafee.com/wp-content/themes/securingtomorrow/js/ 303 B
654 B 45ms
45ms Script
application/javascript 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-content/themes/securingtomorrow/js/general_footer.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

5dfb09f58859b87a71be37c53ad49024c4e7842c997c8ffc4f163fb883bf52b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/themes/securingtomorrow/js/general_footer.js
pragma: no-cache
cookie: _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAokM6p15AQAAnnl1qgXFt9FAqI8wC40oyRoCCestQBVlWmDUFnxFXZQ82xpFI8cjP5sAp0XaF829PnS7blfrTFMJi7GCsMj2y4eEGpUl2PVkMjGG4suHaK9FIukF+SxaPYhCrCn4Yh0wrhHauF6xOrxvB8zLiGIqCLxgRBg2nBTQYgzQn0biFVva+IcIRrGUW56kc1ETi+qYod7nQNfE2GAx4u+FUPbzGLdABD2LJlCWwJoGWxXhDgmdXZAWc3CAEaQXMlBJj1Z5vFBizGkUCw/XiYcWd2EUlrqVrEWqedcaoE+NQ4Z9xk3xFURiujRKMbUj1b+Nh8Bo+9UCmT9S2lbUZ9e+ycmmEnMGpHmrO9qhqX8MbX0QqxN03WocdU0eCmOPOQ==~-1~-1~-1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 15 Nov 2019 04:15:04 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: public, max-age=3817
content-disposition: inline
server-timing: cdn-cache; desc=HIT edge; dur=1
accept-ranges: bytes
content-length: 303
x-content-type-options: nosniff
expires: Wed, 26 May 2021 21:58:33 GMT

GET
H2 200 launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js Show response
assets.adobedtm.com/ 356 KB
100 KB 49ms
28ms Script
application/x-javascript 2a02:26f0:6c00:28a::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28a::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: b2517b851c58b81e7109344a0729d05734ce47d5fc20a29a4cd374d7b569ff1f

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
last-modified: Tue, 25 May 2021 16:34:02 GMT
server: AkamaiNetStorage
etag: "02d4d80be80d8ea5090b1ca58e5cdfdd:1621960442.506839"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.mcafee.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 26 May 2021 21:54:56 GMT

GET
H2 200 wp-emoji-release.min.js Show response
www.mcafee.com/wp-includes/js/ 14 KB
14 KB 30ms
29ms Script
application/javascript 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/wp-includes/js/wp-emoji-release.min.js?ver=5.4.2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

96d33f532112177ede6bf262dcf6d0140dbe29f05a4595d17b0be4743205b5ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-includes/js/wp-emoji-release.min.js?ver=5.4.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:59 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 01 Apr 2020 21:50:30 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
x-xss-protection: 1; mode=block
cache-control: public, max-age=10208
server-timing: cdn-cache; desc=HIT edge; dur=1
accept-ranges: bytes
content-length: 13901
x-content-type-options: nosniff
expires: Wed, 26 May 2021 23:45:07 GMT

GET
H2 200 page.js Show response
static.addtoany.com/menu/ 84 KB
26 KB 28ms
27ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f909a31bfd7a13b9dd53e98b5652f13f4782fdfd1653dc4befade7386c087371

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
via: e1s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 51146
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a4c0e91a500002b8912209000000001
last-modified: Fri, 14 May 2021 06:41:59 GMT
server: cloudflare
etag: W/"14f2c-5c2448a7281f2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=172800
cf-ray: 6559e6c90ef72b89-FRA
cf-bgj: minify

GET
H2 200 LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC Show response
s.go-mpulse.net/boomerang/ Frame 7BE2 205 KB
49 KB 32ms
7ms Script
application/javascript 2a02:26f0:6c00:2b9::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:2b9::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: br
last-modified: Wed, 12 May 2021 22:28:07 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
timing-allow-origin: *
content-length: 50393

GET
H2 200 red-pattern.png
www.mcafee.com/enterprise/en-us/img/v1/backgrounds/ 31 KB
31 KB 30ms
30ms Image
image/png 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/enterprise/en-us/img/v1/backgrounds/red-pattern.png

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/enterprise/www/css/main.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

cc007a0a53718c30e88228e266579a80337c633b093a3bed3d053256c17a08f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /enterprise/en-us/img/v1/backgrounds/red-pattern.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/enterprise/www/css/main.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/enterprise/www/css/main.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:59 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-disposition: inline
server-timing: cdn-cache; desc=HIT edge; dur=1
content-length: 31751
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 19 Jul 2019 23:36:30 GMT
server: Apache
etag: "7c07-58e11321e7b80"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: public, max-age=14400
accept-ranges: bytes
expires: Thu, 27 May 2021 00:54:59 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v20/ 14 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v20/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A300%2C400&ver=5.4.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.mcafee.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 21:32:20 GMT
x-content-type-options: nosniff
last-modified: Tue, 18 May 2021 21:21:19 GMT
server: sffe
age: 84156
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14440
x-xss-protection: 0
expires: Wed, 25 May 2022 21:32:20 GMT

GET
H2 200 mcafee-symbols.ttf
www.mcafee.com/enterprise/www/css/fonts/ 6 KB
6 KB 51ms
50ms Font
application/x-font-ttf 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/enterprise/www/css/fonts/mcafee-symbols.ttf

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/enterprise/www/css/main.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

ed98fc6c0671986924db3baa6d8cbf61611a3d54a220a559bed267d933b33c79

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /enterprise/www/css/fonts/mcafee-symbols.ttf
pragma: no-cache
origin: https://www.mcafee.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: www.mcafee.com
referer: https://www.mcafee.com/enterprise/www/css/main.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.mcafee.com
Referer: https://www.mcafee.com/enterprise/www/css/main.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-disposition: attachment
server-timing: cdn-cache; desc=HIT edge; dur=1
content-length: 5996
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 23 Apr 2020 19:41:46 GMT
server: Apache
etag: "176c-5a3fa705f5280"
x-frame-options: SAMEORIGIN
content-type: application/x-font-ttf
cache-control: max-age=0
accept-ranges: bytes
expires: Wed, 26 May 2021 20:54:56 GMT

GET
H2 200 opensans-semibold-webfont.woff2
www.mcafee.com/enterprise/www/css/fonts/ 18 KB
19 KB 57ms
56ms Font
text/plain 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/enterprise/www/css/fonts/opensans-semibold-webfont.woff2

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/enterprise/www/css/main.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

75cea5ef8f44fc5c39c34d20e73a4f998377816dcc4d09a6bf7c6bb00535677d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /enterprise/www/css/fonts/opensans-semibold-webfont.woff2
pragma: no-cache
origin: https://www.mcafee.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: www.mcafee.com
referer: https://www.mcafee.com/enterprise/www/css/main.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.mcafee.com
Referer: https://www.mcafee.com/enterprise/www/css/main.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 22 Jun 2019 10:16:44 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "49b4-58be6e037ee4b"
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block
cache-control: max-age=1780
server-timing: cdn-cache; desc=HIT edge; dur=1
accept-ranges: bytes
content-length: 18868
x-content-type-options: nosniff
expires: Wed, 26 May 2021 21:24:36 GMT

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&ver=1.3.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.mcafee.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 20 May 2021 15:44:02 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 22:01:55 GMT
server: sffe
age: 537054
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7776
x-xss-protection: 0
expires: Fri, 20 May 2022 15:44:02 GMT

GET
H2 200 fontawesome-webfont.woff2
stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 75 KB
76 KB 29ms
14ms Font
font/woff2 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: stackpath.bootstrapcdn.com
URL: https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css?ver=5.4.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.mcafee.com
Referer: https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css?ver=5.4.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 617, 617, 617
age: 2907236
cdn-cachedat: 2021-04-23 07:11:16
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77160
cf-request-id: 0a4c0e91b100002c56eb98a000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: e71c35892e592d47d28b20316badbfe5
accept-ranges: bytes
cf-ray: 6559e6c91ca62c56-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

POST
H2 201 97950c5b4no227ea5e345f54080189a Show response
www.mcafee.com/clientlibs/ 18 B
889 B 32ms
32ms XHR
application/json 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/clientlibs/97950c5b4no227ea5e345f54080189a

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/clientlibs/97950c5b4no227ea5e345f54080189a

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Resource Hash

fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-fetch-mode: cors
origin: https://www.mcafee.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAokM6p15AQAAnnl1qgXFt9FAqI8wC40oyRoCCestQBVlWmDUFnxFXZQ82xpFI8cjP5sAp0XaF829PnS7blfrTFMJi7GCsMj2y4eEGpUl2PVkMjGG4suHaK9FIukF+SxaPYhCrCn4Yh0wrhHauF6xOrxvB8zLiGIqCLxgRBg2nBTQYgzQn0biFVva+IcIRrGUW56kc1ETi+qYod7nQNfE2GAx4u+FUPbzGLdABD2LJlCWwJoGWxXhDgmdXZAWc3CAEaQXMlBJj1Z5vFBizGkUCw/XiYcWd2EUlrqVrEWqedcaoE+NQ4Z9xk3xFURiujRKMbUj1b+Nh8Bo+9UCmT9S2lbUZ9e+ycmmEnMGpHmrO9qhqX8MbX0QqxN03WocdU0eCmOPOQ==~-1~-1~-1
content-length: 1520
:path: /clientlibs/97950c5b4no227ea5e345f54080189a
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
cache-control: no-cache
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
vary: Origin
content-type: application/json
access-control-allow-origin: https://www.mcafee.com
set-cookie: bm_sz=3943293BC7E816B6C516DD97221A3B2C~YAAQbrsQAo0M6p15AQAAa3p1qgtfBJSSiRYVhard7ySKDNJ94kxj8muCEdvK8H2x5iOvVucaGfMD7XReHLRe6U4QkRBCeQ+V3lBlDQ1Jos5eLhVBZuiCT+atZuBwA/1uARN8mDZG2DX5zzdAMcymnEWxArsSvshsfVnjkeLZFHK49KClBdHHKG4j8T7Lk7wl; Domain=.mcafee.com; Path=/; Expires=Thu, 27 May 2021 00:54:56 GMT; Max-Age=14400; HttpOnly _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAo4M6p15AQAAa3p1qgUESSM9rXm/qC5pgFUhUbu/3Waq8Oomrn/Zy/2bv5bncf/kbcFSOQj/6r1XjF8CGIeQ1+ptc8XuNeCRQSuOGQNjBwQ60JEHcsQjcK5o3ykcnY3zQHQNieh1t7ljAKrPC8S3NI9aqDBR1sGC9RR67kWmyF9FPu2ZmR82NJu48RghRZokUeyLNxnh5HfOqxnItozNsPSp2JbBndRaipNlCNM539cjCZcaWrnmBviyYVu6I1FBZpHZZnNE1UGy+/i6VaXUvwAUbSTPdt07H/HNllLtMP28/SMbaPhCbXL2u/9xGVzomh8hRkG28YB7pV4dAGt0nORF44TkwQY1Br59kb34ZalyKzqCbB188m3ndSBar7MQi/K87g==~-1~-1~-1; Domain=.mcafee.com; Path=/; Expires=Thu, 26 May 2022 20:54:56 GMT; Max-Age=31536000; Secure
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
access-control-allow-headers: Content-Type
content-length: 18

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 312 KB
77 KB 99ms
48ms Script
application/x-javascript 104.109.77.38
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.109.77.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-77-38.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 62b4ba1d861a54cc6b02ab1aba762f7b6b14dc03c52d86c51a33950d044472ee

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
last-modified: Wed, 05 May 2021 13:30:41 GMT
server: AkamaiNetStorage
etag: "8b7d76c146888be3e3baf0d50ab659eb:1620221440.871556"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=300
accept-ranges: bytes
expires: Wed, 26 May 2021 20:59:56 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 92 KB
24 KB 49ms
16ms Script
application/x-javascript 2a03:2880:f030:13:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f030:13:face:b00c:0:3 , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ba6856b3aa462b18c9f5fc3b0d553eca0fe0f03d5ff668ba7d465394c85896b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 24156
x-fb-rlafr: 0
pragma: public
x-fb-debug: a/RtjMg/w8Se/EecoQFt0rhxeuKf/Bh/X/kUhkGjszI9rd/72O8NfSAu2D+MF+PntiNk3J2OKriuOWVB8dNAyg==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Wed, 26 May 2021 20:54:56 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
x-xss-protection: 0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 8ms
7ms Script
application/x-javascript 2a02:26f0:6c00:2b0::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2b0::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 26 May 2021 20:54:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 22:14:03 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=12520
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1855

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 74ms
24ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
via: 1.1 varnish
last-modified: Fri, 04 Dec 2020 00:21:46 GMT
age: 72192
etag: "cbc512946c8abb461c6215ed5b454e5f+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding: gzip
cache-control: no-cache
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 1957
x-timer: S1622062496.438432,VS0,VE0
x-served-by: cache-hhn11528-HHN

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 43 KB
17 KB 96ms
38ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

325fe3b5a9d659efe33a7c3b6efd4a361bf4823895d49f81bf9aaa893f6b35a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16634
x-xss-protection: 0
server: cafe
etag: 4412582579092058430
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 26 May 2021 20:54:56 GMT

GET
H2

200

/
p.adsymptotic.com/d/px/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1622062496395&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D68395%26time%3D1622062496395%26url%3Dhttps%253A%252F%252Fwww.mcafee.com%252Fblogs...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1622062496395&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&li...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1622062496395&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&l...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=68395&time=1622062496395&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&l...
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=4728f73b-99ff-4ed2-81d2-90608b66ae88

43 B
294 B

101ms
53ms

Image
image/gif

104.18.102.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=4728f73b-99ff-4ed2-81d2-90608b66ae88
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.102.194 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:57 GMT
cf-cache-status: DYNAMIC
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cf-ray: 6559e6d06e910c5d-AMS
content-length: 43
cf-request-id: 0a4c0e964500000c5de794e000000001

Redirect headers

date: Wed, 26 May 2021 20:54:57 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
location: https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=4728f73b-99ff-4ed2-81d2-90608b66ae88
x-li-proto: http/2
x-li-pop: prod-edc2
content-length: 0
x-li-uuid: l/4YRj+5ghYw1YeRiysAAA==

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ Frame 7BE2 6 KB
2 KB 30ms
29ms XHR
application/json 2a02:26f0:6c00:1bb::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC&d=www.mcafee.com&t=5406875&v=1.720.0&if=&sl=0&si=bba3f5eb-b3d1-411b-ac3c-1440bb5350c7-qtqffj&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=250743
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:1bb::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: f3c0f0722a369b7d225ab963ee2f5b2f9237ad200d49cc6e16adb8e7618113ce

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 26 May 2021 20:54:56 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 1718

GET
H3-29 200 187610925152304 Show response
connect.facebook.net/signals/config/ 254 KB
72 KB 19ms
18ms Script
application/x-javascript 2a03:2880:f030:13:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/187610925152304?v=2.9.40&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f030:13:face:b00c:0:3 , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

fd0423a6494debe047912f09243d854bf65bdc995d5f88365301a2e7601c02db

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 74039
x-fb-rlafr: 0
pragma: public
x-fb-debug: p8Y/RFssGygnDbRsXILWM8sxV/czn4vl1gnQNAp6uMhV3zvXU5Fimnz/Y7+7kiMpt/UtnZepBgezpx83qFU0Fw==
x-frame-options: DENY
date: Wed, 26 May 2021 20:54:56 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
454 B 189ms
138ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=nxlgc&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Wed, 26 May 2021 20:54:56 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: cdacd7432852905e7d3abc8d02d16e1b43d4ebf2c9e3c322ea2f05303b823a4f
x-transaction: 383ab83b745e9a47
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/975085349/ 2 KB
1 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975085349/?random=1622062496491&cv=9&fst=1622062496491&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&tiba=Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c04fa2bf0050c9ad447b45f5b79333e21538a78f808cfe8dead3a47db8d22990

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1066
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 526 B
1 KB 149ms
41ms XHR
application/json 34.242.112.45
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=4.6.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=A729776A5245B1590A490D44%40AdobeOrg&d_nsid=0&ts=1622062496518

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.242.112.45 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-242-112-45.eu-west-1.compute.amazonaws.com

Software

Resource Hash

26fa17cabd8c56457618139d01a6c93dcfe3945a352d8521b3cbb72b099145da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v007-0406f0f6a.edge-irl1.demdex.com 6.2.1.20210514105329-PR_1432-SNAPSHOT
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: 82BsD8z4RX0=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.mcafee.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 359
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/ 33 KB
12 KB 11ms
10ms Script
application/x-javascript 2a02:26f0:6c00:28a::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28a::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9cc56307a599f98aca4e3fedeba9b46a424244e8257a64f0e9700f7d90cf2834

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
last-modified: Tue, 02 Jun 2020 21:30:12 GMT
server: AkamaiNetStorage
etag: "41f1b46329a6056c0f2c993498eda989:1591133412.019903"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.mcafee.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12161
expires: Wed, 26 May 2021 21:54:56 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/ 3 KB
2 KB 11ms
11ms Script
application/x-javascript 2a02:26f0:6c00:28a::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28a::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c92295bd1bd22a2460a97272741c3ef8753884a1a370ad862753cc16e6d94e85

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
last-modified: Tue, 02 Jun 2020 21:30:12 GMT
server: AkamaiNetStorage
etag: "e9aa55ef8b40a205f86b54789b37de5c:1591133412.323749"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.mcafee.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1607
expires: Wed, 26 May 2021 21:54:56 GMT

GET
H2 200 AppMeasurement_Module_AudienceManagement.min.js Show response
assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/ 25 KB
9 KB 12ms
12ms Script
application/x-javascript 2a02:26f0:6c00:28a::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement_Module_AudienceManagement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28a::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 414b33c761e7ba385e0bd403c1d0c1fe37978a956a3898309f17518b217025c8

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
last-modified: Tue, 02 Jun 2020 21:30:12 GMT
server: AkamaiNetStorage
etag: "7324535d27629ca693bad7fd0da315ea:1591133412.560246"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.mcafee.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 8764
expires: Wed, 26 May 2021 21:54:56 GMT

GET
H2

451

400906.gif
so.rlcdn.com/
Redirect Chain

https://api2932.d41.co/sync/
https://so.rlcdn.com/400906.gif?cparams=cparams%3D3f2dfb951f764e5ebbdfefb0b13d5dc4-35dc4ec16c4a4c688666f32e19f910e5-1-191

0
0

163ms
118ms

Script
text/plain

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://so.rlcdn.com/400906.gif?cparams=cparams%3D3f2dfb951f764e5ebbdfefb0b13d5dc4-35dc4ec16c4a4c688666f32e19f910e5-1-191
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:57 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

Redirect headers

Pragma: no-cache
Date: Wed, 26 May 2021 20:54:57 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: no-referrer-when-downgrade
Access-Control-Allow-Origin: https://www.mcafee.com
Expect-CT: max-age=30, report-uri="https://a54b4ab95d40a8b116fae47033b75682.report-uri.com/r/d/ct/reportOnly"
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Location: https://so.rlcdn.com/400906.gif?cparams=cparams%3D3f2dfb951f764e5ebbdfefb0b13d5dc4-35dc4ec16c4a4c688666f32e19f910e5-1-191
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK dnb_coretag_v4.min.js Show response
cdn-0.d41.co/tags/ 1 KB
2 KB 102ms
27ms Script
application/javascript 13.32.21.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-0.d41.co/tags/dnb_coretag_v4.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.21.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-21-107.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 240fbcfd9cce9f9883216b7f5097be022d5af697075bb9987439d7b8bba5aeb9

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Wed, 26 May 2021 20:51:52 GMT
Via: 1.1 3fdf3aacaef6ec40c4eedb85c8144da2.cloudfront.net (CloudFront)
Last-Modified: Thu, 10 Jan 2019 15:43:36 GMT
Server: AmazonS3
Age: 185
ETag: "e876f53a6063aa4d75f88c7b67222687"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
X-Amz-Cf-Pop: FRA56-C2
Accept-Ranges: bytes
Content-Length: 1420
X-Amz-Cf-Id: aFfOXrZZ9pezueAsOUzxFNRUqp4rpX36Ld9NgJFU9meArTYD1VNBHA==

GET
H3-29 200 766537420057144 Show response
connect.facebook.net/signals/config/ 254 KB
72 KB 17ms
16ms Script
application/x-javascript 2a03:2880:f030:13:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/766537420057144?v=2.9.40&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f030:13:face:b00c:0:3 , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

91add12447593df02fc14f1ac31d7034fd390167d12fc67314ea4f8a65065d94

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 74053
x-fb-rlafr: 0
pragma: public
x-fb-debug: gQJVxcxHGTMHhvrpDlRSzk9ji0gvO22xOk73jOmY9VdJfxdbGAEafjDOvHDKs0ztHqHz7Xxr5As5lCjcb6uOeA==
x-frame-options: DENY
date: Wed, 26 May 2021 20:54:56 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 49ms
15ms Image
image/gif 2a03:2880:f130:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=187610925152304&ev=PageView&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&rl=&if=false&ts=1622062496570&sw=1600&sh=1200&v=2.9.40&r=stable&ec=0&o=30&fbp=fb.1.1622062496567.2061090722&it=1622062496438&coo=false&exp=l1&rqm=GET

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Wed, 26 May 2021 20:54:56 GMT

GET
H2 200 utag.currency.js Show response
tags.tiqcdn.com/utag/tiqapp/ 3 KB
2 KB 28ms
28ms Script
application/x-javascript 104.109.77.38
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.currency.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.109.77.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-77-38.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4ac14dae4a8ee2ad617f1a73262f84d0d7b873cbc7883e05634fc1b4ee5aee69

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
last-modified: Tue, 25 May 2021 01:06:06 GMT
server: AkamaiNetStorage
etag: "3a4f3fcfeca05dc6deac6d01e8d1fc6a:1621904766.451167"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1832
expires: Thu, 10 Jun 2021 20:54:56 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/975085349/ 42 B
120 B 21ms
20ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/975085349/?random=1622062496491&cv=9&fst=1622059200000&num=1&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&tiba=Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs&fmt=3&is_vtc=1&random=575652923&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/975085349/ 42 B
108 B 27ms
25ms Image
image/gif 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/975085349/?random=1622062496491&cv=9&fst=1622059200000&num=1&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&tiba=Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs&fmt=3&is_vtc=1&random=575652923&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 21ms
16ms Image
image/gif 2a03:2880:f130:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=766537420057144&ev=PageView&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&rl=&if=false&ts=1622062496625&sw=1600&sh=1200&v=2.9.40&r=stable&ec=0&o=30&fbp=fb.1.1622062496567.2061090722&it=1622062496438&coo=false&exp=l1&rqm=GET

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Wed, 26 May 2021 20:54:56 GMT

GET
H/1.1 200
OK / Show response
api2932.d41.co/api/ 1 KB
2 KB 328ms
110ms XHR
application/json 52.45.16.186
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api2932.d41.co/api/?req=api2932&form=json

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.45.16.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-45-16-186.compute-1.amazonaws.com

Software

Resource Hash

7176c77b8f2fd12ddcbdcecbae5ffdbf2ff5e1bde8ed372a0bbf2ef98312a6fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 26 May 2021 20:54:56 GMT
Referrer-Policy: no-referrer-when-downgrade
Expect-CT: max-age=30, report-uri="https://a54b4ab95d40a8b116fae47033b75682.report-uri.com/r/d/ct/reportOnly"
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: application/json
Access-Control-Allow-Origin: https://www.mcafee.com
Cache-control: no-store
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 1275
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/BSO3ZR5BDRHVJEQK4OCMRI/ 48 KB
15 KB 14ms
9ms Script
text/javascript 2a02:26f0:6c00::210:ba80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/BSO3ZR5BDRHVJEQK4OCMRI/roundtrip.js
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 29be4fee248b9677e2bec2ec68574d671801009f81296ce694ee6aaf8cfe9458

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: PhGceUknSMbmPMQLErWh97jHHsRbD26L
Content-Encoding: gzip
ETag: "b0cfa2b20941a79e9a7bfcac9acb7a25"
x-amz-request-id: J4WQ34B3BSMBXH9P
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 14641
x-amz-id-2: zvDwCbVdJ2oRaK9j2wwSfX8PmSMz0LaabbQT9/n8K11cqDe0ut3Pj2KSxohqmbzBsqO9ABslp0Q=
Last-Modified: Tue, 25 May 2021 18:01:09 GMT
Server: AmazonS3
Date: Wed, 26 May 2021 20:54:56 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 85 KB
34 KB 30ms
27ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9bb72680b6d1a9238c52ba3f2fca012d11756c7b83c141a96e0564ad339f0bf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34460
x-xss-protection: 0
last-modified: Wed, 26 May 2021 19:28:09 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 26 May 2021 20:54:56 GMT

GET
H3-29 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/ 2 KB
1 KB 31ms
28ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/?random=1622062496660&cv=9&fst=1622062496491&num=2&guid=ON&resp=GooglemKTybQhCsO&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&tiba=Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

689bb3a44dc220debb55f5e01cd84bfd10083978ba82f2e27f17b6b816ea4ea8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1069
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 RC82f3a80b1d3d4da19ec7f501cbcbc422-source.min.js Show response
assets.adobedtm.com/97913309b792/00f161500c52/eb36d36cf76b/ 736 B
717 B 14ms
14ms Script
application/x-javascript 2a02:26f0:6c00:28a::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/97913309b792/00f161500c52/eb36d36cf76b/RC82f3a80b1d3d4da19ec7f501cbcbc422-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28a::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: bf10ac18eeb8b091e51ff804a87a3f7d651391b622527468b7f952c9d660dca2

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
last-modified: Tue, 25 May 2021 16:34:03 GMT
server: AkamaiNetStorage
etag: "6c766a3dcab7d7b796054e16c6b56994:1621960443.301625"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.mcafee.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 452
expires: Wed, 26 May 2021 21:54:56 GMT

GET
H2 200 RCf77ffe5638654111bbd261cfe58ed27c-source.min.js Show response
assets.adobedtm.com/97913309b792/00f161500c52/eb36d36cf76b/ 765 B
737 B 16ms
16ms Script
application/x-javascript 2a02:26f0:6c00:28a::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/97913309b792/00f161500c52/eb36d36cf76b/RCf77ffe5638654111bbd261cfe58ed27c-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28a::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 725df6f2b0802585b4047a534147cbfbcd19befdea74a26ecce79be4fb636862

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
last-modified: Tue, 25 May 2021 16:34:03 GMT
server: AkamaiNetStorage
etag: "6c766a3dcab7d7b796054e16c6b56994:1621960443.301625"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.mcafee.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 472
expires: Wed, 26 May 2021 21:54:56 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
660 B 195ms
144ms Script
application/javascript 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=nxlgc&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
pragma: no-cache
last-modified: Wed, 26 May 2021 20:54:56 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 623bb324e5341fe6432b3197d646e322dac46fa609879e3ef2b2dba5217337ff
x-transaction: 5a8b4f1fe0f767c3
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 utag.276.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 31 KB
5 KB 48ms
43ms Script
application/x-javascript 104.109.77.38
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.276.js?utv=ut4.39.202105051330
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.109.77.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-77-38.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 9f1fd24357d053aeeae8bb0e45bda370904aa42e1334fd31532bcea2d1357f0a

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
last-modified: Wed, 18 Nov 2020 10:40:22 GMT
server: AkamaiNetStorage
etag: "0e42aeaa788bcdc60e1b897d51903ffd:1605696022.041498"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 4807
expires: Thu, 10 Jun 2021 20:54:56 GMT

GET
H2 200 utag.331.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 5 KB
2 KB 47ms
42ms Script
application/x-javascript 104.109.77.38
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.331.js?utv=ut4.39.202104141035
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.109.77.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-77-38.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cc64b820c7d17b495bf34ddd5c419037f625073b482af718a1f1d63d44c0770b

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
last-modified: Wed, 24 Jun 2020 10:16:10 GMT
server: AkamaiNetStorage
etag: "06bc809cb9d1d380bc5e06b5f1a2ed7f:1592993770.619175"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 2128
expires: Thu, 10 Jun 2021 20:54:56 GMT

GET
H2 200 utag.356.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 95 KB
26 KB 55ms
50ms Script
application/x-javascript 104.109.77.38
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.356.js?utv=ut4.39.202105051330
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.109.77.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-77-38.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a85469197f2dcf79c87dd8f196031b9d3c6984552bf9ceea1666ccd55051bffe

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
last-modified: Wed, 05 May 2021 13:30:39 GMT
server: AkamaiNetStorage
etag: "203933f4aba0b3e76be3ce2e9540a36c:1620221439.512586"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 25970
expires: Thu, 10 Jun 2021 20:54:56 GMT

GET
H2 200 utag.444.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 19 KB
6 KB 52ms
47ms Script
application/x-javascript 104.109.77.38
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.444.js?utv=ut4.39.202104141035
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.109.77.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-77-38.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: b291ebd2a06d19f82f90c28ac9c352e764890687ff38e7ea8b19a69aa8b88c27

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
last-modified: Tue, 25 Aug 2020 09:37:48 GMT
server: AkamaiNetStorage
etag: "10c97188253b96b5962c422dd6099fb3:1598348268.149793"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 6313
expires: Thu, 10 Jun 2021 20:54:56 GMT

GET
H2 200 utag.476.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 10 KB
3 KB 54ms
49ms Script
application/x-javascript 104.109.77.38
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.476.js?utv=ut4.39.202006041316
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.109.77.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-77-38.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: afca21f08d9897df9297beb699529b4a5e361fdb2e3ab514cbaea7c0f92d1e7b

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
last-modified: Thu, 31 Oct 2019 10:34:56 GMT
server: AkamaiNetStorage
etag: "6b2903b10789da4d6134a59bb1fc8a49:1572518096.337345"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 2366
expires: Thu, 10 Jun 2021 20:54:56 GMT

GET
H2 200 utag.515.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 2 KB
1 KB 54ms
49ms Script
application/x-javascript 104.109.77.38
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.515.js?utv=ut4.39.202010011046
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.109.77.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-77-38.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 71d42e52ca35bfa15765b9b71e93054a357efb81f54b0bd578285acaeee52c1f

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
last-modified: Thu, 23 Jul 2020 12:04:49 GMT
server: AkamaiNetStorage
etag: "7365d951d30f1fa9668d0437fedeb4e3:1595505889.289423"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1048
expires: Thu, 10 Jun 2021 20:54:56 GMT

GET
H2 200 utag.521.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 10 KB
3 KB 57ms
52ms Script
application/x-javascript 104.109.77.38
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.521.js?utv=ut4.39.202010011046
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.109.77.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-77-38.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 3f1594b4a09de7b05aba88a7e26812cd1f4e178604947531bf76f9d863cbb4c2

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
last-modified: Wed, 15 Jul 2020 10:59:20 GMT
server: AkamaiNetStorage
etag: "c09f093e0e4ce83103416febd13a6294:1594810760.535353"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 3237
expires: Thu, 10 Jun 2021 20:54:56 GMT

GET
H2 200 utag.531.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 10 KB
3 KB 56ms
53ms Script
application/x-javascript 104.109.77.38
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.531.js?utv=ut4.39.202012161058
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.109.77.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-77-38.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cce031204e7dbe0400e16e76e68fd3c571b8c750eff6e4fcbd5e55f68534c442

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
last-modified: Tue, 01 Dec 2020 04:25:45 GMT
server: AkamaiNetStorage
etag: "3a9ced3787ddb191062f19331c8d30bd:1606796745.86938"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 3239
expires: Thu, 10 Jun 2021 20:54:56 GMT

GET
H2 200 utag.537.js Show response
tags.tiqcdn.com/utag/mcafee/consumer-main/prod/ 3 KB
2 KB 55ms
52ms Script
application/x-javascript 104.109.77.38
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.537.js?utv=ut4.39.202012161058
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.109.77.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-77-38.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 9f5a72ce12e3919467065700621f04a38ee421e307261fb75ba1f71355f01c05

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
last-modified: Wed, 14 Oct 2020 13:17:10 GMT
server: AkamaiNetStorage
etag: "8b5d313be7f848419f47125d0c6664fd:1602681430.396878"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1538
expires: Thu, 10 Jun 2021 20:54:56 GMT

GET
H/1.1 200
OK dest5.html Show response
mcafeeinc.demdex.net/ Frame A95C 7 KB
3 KB 155ms
39ms Document
text/html 52.17.73.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://mcafeeinc.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.17.73.77 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: mcafeeinc.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: demdex=18372740443827920210694679194462571264
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Wed, 26 May 2021 20:54:56 GMT
DCS: dcs-prod-irl1-1-v007-0d93fcb86.edge-irl1.demdex.com 6.2.1.20210514105329-PR_1432-SNAPSHOT
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Thu, 20 May 2021 09:23:13 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: 3QP9fnMkQRo=
transfer-encoding: chunked
Connection: keep-alive

GET
H2 200 id Show response
smetrics.mcafee.com/ 48 B
507 B 110ms
31ms XHR
application/x-javascript 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.mcafee.com/id?d_visid_ver=4.6.0&d_fieldgroup=A&mcorgid=A729776A5245B1590A490D44%40AdobeOrg&mid=13158920519591245840188672693979582525&ts=1622062496690

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

905a3464fc5725adbcdc0dc3a7b30d43845a5b138be53a8346593ac9fe7107d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-769f4786c8-bq6sm
vary: Origin
x-c: main-1474.Ia290cf.M0-496
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.mcafee.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript;charset=utf-8
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=YK61oQAAALMcrQLs
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=18372740443827920210694679194462571264
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YK61oQAAALMcrQLs

42 B
975 B

53ms
53ms

Image
image/gif

34.242.112.45
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=YK61oQAAALMcrQLs

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.242.112.45 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-242-112-45.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v007-01f90ad7d.edge-irl1.demdex.com 6.2.1.20210514105329-PR_1432-SNAPSHOT
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: RvV3SNfUSKY=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=YK61oQAAALMcrQLs
Date: Wed, 26 May 2021 20:54:57 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 light-shield-pattern-large.jpg
www.mcafee.com/wp-content/themes/securingtomorrow/img/ 13 KB
14 KB 54ms
53ms Image
image/webp 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mcafee.com/wp-content/themes/securingtomorrow/img/light-shield-pattern-large.jpg

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

931834a833e2f458c9a561a1f97583b107701c9d684353bc5ae01af6cf244eae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/securingtomorrow/img/light-shield-pattern-large.jpg
pragma: no-cache
cookie: bm_sz=3943293BC7E816B6C516DD97221A3B2C~YAAQbrsQAo0M6p15AQAAa3p1qgtfBJSSiRYVhard7ySKDNJ94kxj8muCEdvK8H2x5iOvVucaGfMD7XReHLRe6U4QkRBCeQ+V3lBlDQ1Jos5eLhVBZuiCT+atZuBwA/1uARN8mDZG2DX5zzdAMcymnEWxArsSvshsfVnjkeLZFHK49KClBdHHKG4j8T7Lk7wl; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAo4M6p15AQAAa3p1qgUESSM9rXm/qC5pgFUhUbu/3Waq8Oomrn/Zy/2bv5bncf/kbcFSOQj/6r1XjF8CGIeQ1+ptc8XuNeCRQSuOGQNjBwQ60JEHcsQjcK5o3ykcnY3zQHQNieh1t7ljAKrPC8S3NI9aqDBR1sGC9RR67kWmyF9FPu2ZmR82NJu48RghRZokUeyLNxnh5HfOqxnItozNsPSp2JbBndRaipNlCNM539cjCZcaWrnmBviyYVu6I1FBZpHZZnNE1UGy+/i6VaXUvwAUbSTPdt07H/HNllLtMP28/SMbaPhCbXL2u/9xGVzomh8hRkG28YB7pV4dAGt0nORF44TkwQY1Br59kb34ZalyKzqCbB188m3ndSBar7MQi/K87g==~-1~-1~-1; RT="z=1&dm=mcafee.com&si=ca9f7b13-2a01-4aa7-9a01-e323be6c3ad3&ss=kp5y4n4n&sl=0&tt=0&bcn=%2F%2F686eb51b.akstat.io%2F"; _fbp=fb.1.1622062496567.2061090722; utag_main=v_id:0179aa757b43000a50b18c08f5a100072006206a00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1622064296579$ses_id:1622062496579%3Bexp-session; AMCVS_A729776A5245B1590A490D44%40AdobeOrg=1; AMCV_A729776A5245B1590A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C18774%7CMCMID%7C13158920519591245840188672693979582525%7CMCAAMLH-1622667296%7C6%7CMCAAMB-1622667296%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1622069696s%7CNONE%7CvVersion%7C4.6.0
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
last-modified: Tue, 31 Mar 2020 10:37:51 GMT
x-serial: 1145
strict-transport-security: max-age=31536000
content-type: image/webp
x-check-cacheable: YES
cache-control: no-transform, max-age=1173883
server-timing: cdn-cache; desc=HIT edge; dur=1
content-length: 13722
server: Akamai Image Manager
expires: Wed, 09 Jun 2021 10:59:39 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 30 KB
9 KB 32ms
31ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 6e44b9596bd11c9d0332e7f9a729f2488b67d3f458c4297e079b3e96c7011296

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
last-modified: Fri, 21 May 2021 00:51:47 GMT
x-msedge-ref: Ref A: B4614518996849F08C140A7D709EC228 Ref B: FRAEDGE1212 Ref C: 2021-05-26T20:54:56Z
etag: "8013f579db4dd71:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 8911

GET
H3-29 200 908692125983943 Show response
connect.facebook.net/signals/config/ 255 KB
73 KB 18ms
17ms Script
application/x-javascript 2a03:2880:f030:13:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/908692125983943?v=2.9.40&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f030:13:face:b00c:0:3 , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c248e1559ca2a75e57540b2d3570ea4f21824b616640905a76a3f8fef46c9a6e

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 74512
x-fb-rlafr: 0
pragma: public
x-fb-debug: 5mlbLbfEXxEw+iHY1UDGipISiJttBdS7H3uQlGgVciPHK3613IIhfSk+OyiL8OU0Y6oz5VtBVQNoh1NNqnx06w==
x-frame-options: DENY
date: Wed, 26 May 2021 20:54:56 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/976855902/ 42 B
74 B 23ms
20ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/976855902/?random=1622062496660&cv=9&fst=1622059200000&num=2&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&tiba=Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs&fmt=3&is_vtc=1&random=1537771498&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/976855902/ 42 B
64 B 27ms
24ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/976855902/?random=1622062496660&cv=9&fst=1622059200000&num=2&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&tiba=Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs&fmt=3&is_vtc=1&random=1537771498&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 88 KB
35 KB 37ms
36ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-35949610-14&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cfbdae7f042bde518bff481ed3258ea1b0f0798ad5aece42e964a4896af0b7be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35884
x-xss-protection: 0
last-modified: Wed, 26 May 2021 19:28:09 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 26 May 2021 20:54:56 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 82 KB
33 KB 47ms
46ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-5471927&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f8c0964b64b2ebf2fcb093f9be8a3e0e2b3897a6bec0f93cc594d7e248904ea1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33376
x-xss-protection: 0
last-modified: Wed, 26 May 2021 19:28:09 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 26 May 2021 20:54:56 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 85 KB
34 KB 18ms
17ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-597407903&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fa1434424b9f0ef2be08aec127a07a5a27c2fd3aedef9845b185710a2a81a215

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34478
x-xss-protection: 0
last-modified: Wed, 26 May 2021 19:28:09 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 26 May 2021 20:54:56 GMT

POST
H/1.1 201
Created messages Show response
cu1pehnsweb01.servicebus.windows.net/webp32h01/ 0
309 B 503ms
129ms XHR
application/xml 104.208.16.0
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cu1pehnsweb01.servicebus.windows.net/webp32h01/messages?timeout=60&api-version=2014-01

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.208.16.0 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
type: entry
Authorization: SharedAccessSignature sr=http%3a%2f%2fcu1pehnsweb01.servicebus.windows.net%2fwebp32h01&sig=egeBP80h1RMGKxIU3lvC2c7N8fqicJTBSJTk9weZQwA%3d&se=2188580224&skn=webp32h01send
Content-Type: application/json; charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.mcafee.com
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Credentials: true
Server: Microsoft-HTTPAPI/2.0
Date: Wed, 26 May 2021 20:54:57 GMT
Transfer-Encoding: chunked
Content-Type: application/xml; charset=utf-8

OPTIONS
H/1.1 200
OK messages
cu1pehnsweb01.servicebus.windows.net/webp32h01/ Frame 0
0 530ms
121ms Preflight 104.208.16.0
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cu1pehnsweb01.servicebus.windows.net/webp32h01/messages?timeout=60&api-version=2014-01

Protocol

HTTP/1.1

Server

104.208.16.0 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type,type
Origin: https://www.mcafee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Content-Length: 0
Server: Microsoft-HTTPAPI/2.0
Access-Control-Allow-Origin: https://www.mcafee.com
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: POST
Access-Control-Allow-Headers: authorization,content-type,type
Strict-Transport-Security: max-age=31536000
Date: Wed, 26 May 2021 20:54:56 GMT

GET
H/1.1 200
OK events.js Show response
tags.srv.stackadapt.com/ 13 KB
5 KB 419ms
104ms Script
text/javascript 52.202.228.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.515.js?utv=ut4.39.202010011046
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.202.228.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 6f8308c2f618a490d769710251821d831be94d3d76fdc88a11f236e46e650911

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 26 May 2021 20:54:57 GMT
Content-Encoding: gzip
Cache-Control: max-age=30
Content-Length: 4429
Connection: keep-alive
Content-Type: text/javascript

GET
H2 200 adsct
t.co/i/ 43 B
119 B 151ms
145ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=nxlgc&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Wed, 26 May 2021 20:54:56 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: cdacd7432852905e7d3abc8d02d16e1b43d4ebf2c9e3c322ea2f05303b823a4f
x-transaction: 34636485d4a860a5
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 85 KB
34 KB 30ms
26ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-614089511&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

837d06b67929e9ec8898bafa6c277012b4da7cbfee53172a9d60161daae751ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34447
x-xss-protection: 0
last-modified: Wed, 26 May 2021 19:28:09 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 26 May 2021 20:54:56 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 85 KB
34 KB 25ms
21ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-614089511

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.521.js?utv=ut4.39.202010011046

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8c3558754a6f2de8ccdad7701d468deb84928e1384d9b87df7cb8ed7bff2e744

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34461
x-xss-protection: 0
last-modified: Wed, 26 May 2021 19:28:09 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 26 May 2021 20:54:56 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 85 KB
34 KB 24ms
20ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-740246542&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902&l=dataLayer

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c608460c1a26a7212721a22e96ed663a47424df6e4b32a61260f67f2467264eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34448
x-xss-protection: 0
last-modified: Wed, 26 May 2021 19:28:09 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 26 May 2021 20:54:56 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
9 KB 9ms
8ms Script
application/javascript 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:57 GMT
content-encoding: gzip
etag: "WhyxmPkT7L77qVDcrjxwGw=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Wed, 02 Jun 2021 20:54:57 GMT

GET
H2 200 utag.v.js Show response
tags.tiqcdn.com/utag/tiqapp/ 2 B
202 B 25ms
25ms Script
application/x-javascript 104.109.77.38
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=mcafee/consumer-main/202105051330&cb=1622062496781
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/mcafee/consumer-main/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.109.77.38 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-77-38.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
last-modified: Thu, 14 Apr 2016 16:57:51 GMT
server: AkamaiNetStorage
etag: "7bc0ee636b3b83484fc3b9348863bd22:1460653071"
content-type: application/x-javascript
cache-control: max-age=600
accept-ranges: bytes
content-length: 2
expires: Wed, 26 May 2021 21:04:56 GMT

GET
H3-29 200 577185772377767 Show response
connect.facebook.net/signals/config/ 255 KB
73 KB 21ms
16ms Script
application/x-javascript 2a03:2880:f030:13:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/577185772377767?v=2.9.40&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f030:13:face:b00c:0:3 , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9dbd1391b378e4972202b4696444f5c36545b6bb3eb574a1b990713e2a454d7a

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 74418
x-fb-rlafr: 0
pragma: public
x-fb-debug: WeaAohPMlp+++kRGhJQ9d9zgfEbLYRWpWRD0E7skVCVQtFDdVyW/WvlzgcIqSxocIp6/MSrYX6SksHnDYPhdKw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Wed, 26 May 2021 20:54:56 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 21ms
17ms Image
image/gif 2a03:2880:f130:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=908692125983943&ev=PageView&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&rl=&if=false&ts=1622062496786&sw=1600&sh=1200&v=2.9.40&r=stable&ec=0&o=30&fbp=fb.1.1622062496567.2061090722&it=1622062496438&coo=false&exp=l1&rqm=GET

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Wed, 26 May 2021 20:54:56 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 22ms
18ms Image
image/gif 2a03:2880:f130:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=187610925152304&ev=ViewContent&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&rl=&if=false&ts=1622062496788&sw=1600&sh=1200&v=2.9.40&r=stable&ec=1&o=30&fbp=fb.1.1622062496567.2061090722&it=1622062496438&coo=false&exp=l1&rqm=GET

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Wed, 26 May 2021 20:54:56 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 21ms
18ms Image
image/gif 2a03:2880:f130:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=766537420057144&ev=ViewContent&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&rl=&if=false&ts=1622062496788&sw=1600&sh=1200&v=2.9.40&r=stable&ec=1&o=30&fbp=fb.1.1622062496567.2061090722&it=1622062496438&coo=false&exp=l1&rqm=GET

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Wed, 26 May 2021 20:54:56 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 21ms
18ms Image
image/gif 2a03:2880:f130:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=908692125983943&ev=ViewContent&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&rl=&if=false&ts=1622062496791&sw=1600&sh=1200&v=2.9.40&r=stable&ec=1&o=30&fbp=fb.1.1622062496567.2061090722&it=1622062496438&coo=false&exp=l1&rqm=GET

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Wed, 26 May 2021 20:54:56 GMT

GET
H2 200 s04489235008785
smetrics.mcafee.com/b/ss/mcafeewwconsumermain/1/JS-2.9.0/ 43 B
327 B 32ms
31ms Image
image/gif 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://smetrics.mcafee.com/b/ss/mcafeewwconsumermain/1/JS-2.9.0/s04489235008785?AQB=1&ndh=1&pf=1&t=26%2F4%2F2021%2022%3A54%3A56%203%20-120&sdid=20523A2525E4CD82-6F49C9F2C62058BD&mid=13158920519591245840188672693979582525&aamlh=6&ce=UTF-8&ns=mcafeeconsumer&g=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&events=event120%2Cevent1&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cburan-ransomware-the-evolution-of-vegalocker&v1=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cburan-ransomware-the-evolution-of-vegalocker&c5=%5Bconsumer%3Aweb%5Dother-blogs&v5=%5Bconsumer%3Aweb%5Dother-blogs&c6=%5Bconsumer%3Aweb%5Dmcafee-labs&v6=%5Bconsumer%3Aweb%5Dmcafee-labs&c7=Page%20Name-%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cburan-ransomware-the-evolution-of-vegalocker&c8=www.mcafee.com&v8=new&c9=en-us&v9=en-us&v13=%3A&v14=direct&c15=consumer&v15=consumer&v20=na&v21=united%20states&v23=1%3A30PM&v24=Wednesday&c26=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&v26=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&c33=web&v33=web&v116=buran-ransomware-the-evolution-of-vegalocker&v146=Alexandre%20Mundo&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=A729776A5245B1590A490D44%40AdobeOrg&AQE=1

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
x-content-type-options: nosniff
x-c: main-1474.Ia290cf.M0-496
p3p: CP="This is not a P3P policy"
vary: *
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Thu, 27 May 2021 20:54:56 GMT
server: jag
xserver: anedge-769f4786c8-jgdgr
etag: 3483352687920349184-4621756428827412332
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Tue, 25 May 2021 20:54:56 GMT

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/exp/BSO3ZR5BDRHVJEQK4OCMRI/ 38 B
757 B 6ms
6ms Script
application/javascript 2a02:26f0:6c00::210:ba80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/BSO3ZR5BDRHVJEQK4OCMRI/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/BSO3ZR5BDRHVJEQK4OCMRI/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3df00a08f45cc1168d3acf108e4d6af4fbba516ac25b375074d3573506f7743f

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: U7pE7.IuGNbCaxQG40d4GgQ6fxr0x3Ej
Content-Encoding: gzip
ETag: "4a0397fea136aeaacbd2de2b529cea9f"
x-amz-request-id: RVH9ZNCJ94CGWSHP
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 58
x-amz-id-2: YiTCXSZKrslDNkGdBx9gJhmyweZ15M+C1QtdQsEl+uvKceddAK6JclbZ1ro2IQTDv1aAf/Ce8jg=
Last-Modified: Thu, 20 May 2021 19:47:53 GMT
Server: AmazonS3
Date: Wed, 26 May 2021 20:54:57 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

200

/ Show response
d.adroll.com/consent/check/BSO3ZR5BDRHVJEQK4OCMRI/
Redirect Chain

https://d.adroll.mgr.consensu.org/consent/iabcheck/BSO3ZR5BDRHVJEQK4OCMRI?_s=ef140165734d9a7810d9c5fcdf37e5ea&_b=2
https://d.adroll.com/consent/check/BSO3ZR5BDRHVJEQK4OCMRI/?_s=ef140165734d9a7810d9c5fcdf37e5ea&_b=2

395 B
861 B

37ms
35ms

Script
application/javascript

3.248.28.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/BSO3ZR5BDRHVJEQK4OCMRI/?_s=ef140165734d9a7810d9c5fcdf37e5ea&_b=2
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.248.28.111 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-28-111.eu-west-1.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 937520e69a07d35fdaf3746cf97859d69c38a461da2d0f7c7df5f95d2d491102

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:57 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.18.0
content-type: application/javascript
content-length: 395
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

Redirect headers

location: https://d.adroll.com/consent/check/BSO3ZR5BDRHVJEQK4OCMRI/?_s=ef140165734d9a7810d9c5fcdf37e5ea&_b=2
date: Wed, 26 May 2021 20:54:57 GMT
server: nginx/1.18.0
content-length: 105

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 18ms
6ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-35949610-14&l=dataLayer&cx=c

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 5100
date: Wed, 26 May 2021 19:29:56 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Wed, 26 May 2021 21:29:56 GMT

GET
H3-29 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 36 KB
14 KB 44ms
43ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-597407903&l=dataLayer&cx=c

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

506df44f82ef782e6f5c6a7832dfd2be0638b393dca0c8d0964c616e296c83a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14011
x-xss-protection: 0
server: cafe
etag: 7512236244504453440
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 26 May 2021 20:54:56 GMT

POST
H2 201 97950c5b4no227ea5e345f54080189a Show response
www.mcafee.com/clientlibs/ 17 B
657 B 410ms
410ms XHR
application/json 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/clientlibs/97950c5b4no227ea5e345f54080189a

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Resource Hash

b493cdb3b30ea63f6a924f814dfccfcfe305dac02106f9994ce2bcb2e8ed28c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-fetch-mode: cors
origin: https://www.mcafee.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: bm_sz=3943293BC7E816B6C516DD97221A3B2C~YAAQbrsQAo0M6p15AQAAa3p1qgtfBJSSiRYVhard7ySKDNJ94kxj8muCEdvK8H2x5iOvVucaGfMD7XReHLRe6U4QkRBCeQ+V3lBlDQ1Jos5eLhVBZuiCT+atZuBwA/1uARN8mDZG2DX5zzdAMcymnEWxArsSvshsfVnjkeLZFHK49KClBdHHKG4j8T7Lk7wl; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAo4M6p15AQAAa3p1qgUESSM9rXm/qC5pgFUhUbu/3Waq8Oomrn/Zy/2bv5bncf/kbcFSOQj/6r1XjF8CGIeQ1+ptc8XuNeCRQSuOGQNjBwQ60JEHcsQjcK5o3ykcnY3zQHQNieh1t7ljAKrPC8S3NI9aqDBR1sGC9RR67kWmyF9FPu2ZmR82NJu48RghRZokUeyLNxnh5HfOqxnItozNsPSp2JbBndRaipNlCNM539cjCZcaWrnmBviyYVu6I1FBZpHZZnNE1UGy+/i6VaXUvwAUbSTPdt07H/HNllLtMP28/SMbaPhCbXL2u/9xGVzomh8hRkG28YB7pV4dAGt0nORF44TkwQY1Br59kb34ZalyKzqCbB188m3ndSBar7MQi/K87g==~-1~-1~-1; RT="z=1&dm=mcafee.com&si=ca9f7b13-2a01-4aa7-9a01-e323be6c3ad3&ss=kp5y4n4n&sl=0&tt=0&bcn=%2F%2F686eb51b.akstat.io%2F"; _fbp=fb.1.1622062496567.2061090722; AMCVS_A729776A5245B1590A490D44%40AdobeOrg=1; run_fs_for_user=false; utag_main=v_id:0179aa757b43000a50b18c08f5a100072006206a00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1622064296579$ses_id:1622062496579%3Bexp-session$vapi_domain:mcafee.com; s_ecid=MCMID%7C13158920519591245840188672693979582525; AMCV_A729776A5245B1590A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C18774%7CMCMID%7C13158920519591245840188672693979582525%7CMCAAMLH-1622667296%7C6%7CMCAAMB-1622667296%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1622069696s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C4.6.0; s_nr=1622062496820-New; s_gpv=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cburan-ransomware-the-evolution-of-vegalocker; s_cc=true; _gcl_au=1.1.2132358590.1622062497
content-length: 1796
:path: /clientlibs/97950c5b4no227ea5e345f54080189a
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
cache-control: no-cache
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 26 May 2021 20:54:57 GMT
vary: Origin
content-type: application/json
access-control-allow-origin: https://www.mcafee.com
set-cookie: _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQApwM6p15AQAAIn51qgXLJNw9q7a5s9jLuJwfioJEPwO+b3RzwO5LKwRBWEzcEnmifBqBRRQfyZ9MkNB4gej9TfKBSG8nxFs1nUUNgJ7N6uSNpn7wQX1lC4JhMeAOnELj7mgzCTm06/nea+spDUG+unOd6loHAO14jRRWtpgfE5lwGKl2sDjSS2MdbRjI1HszBMeb9w9Bjdqa7xmtZCK5aBF0kMMGc+Kg7WAfpRbUduTLkgMtepJq64bqbiZFthYkHPTdHRRNfohBhPxd3E3lqTk+xbHzpQ3Yau2yL2TEj7gUmhXQCVIhLoRqWbi2MSEbG+LVsdg7iErgMWCHOQanulLXc/mEFNXRMCb8CWtTD/XGvCq6q7iF5dE8lIgo0WR349+Xig==~-1~||1-twPajWasvJ-1-10-1000-2||~-1; Domain=.mcafee.com; Path=/; Expires=Thu, 26 May 2022 20:54:57 GMT; Max-Age=31536000; Secure
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
access-control-allow-headers: Content-Type
content-length: 17

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 18ms
17ms Image
image/gif 2a03:2880:f130:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=577185772377767&ev=PageView&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&rl=&if=false&ts=1622062496937&sw=1600&sh=1200&v=2.9.40&r=stable&ec=0&o=30&fbp=fb.1.1622062496567.2061090722&it=1622062496438&coo=false&exp=l1&rqm=GET

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Wed, 26 May 2021 20:54:56 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 18ms
18ms Image
image/gif 2a03:2880:f130:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=577185772377767&ev=ViewContent&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&rl=&if=false&ts=1622062496938&cd[content_type]=product&sw=1600&sh=1200&v=2.9.40&r=stable&ec=1&o=30&fbp=fb.1.1622062496567.2061090722&it=1622062496438&coo=false&tm=1&exp=l1&rqm=GET

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:56 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Wed, 26 May 2021 20:54:56 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 13ms
12ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1803438544&t=pageview&_s=1&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&ul=en-us&de=UTF-8&dt=Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=4GBACUABBAAAAC~&jid=2142612645&gjid=121596712&cid=1270127944.1622062497&tid=UA-35949610-14&_gid=1219848794.1622062497&_r=1&gtm=2ou5j0&cd1=na&cd2=us&cd3=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&cd9=&cd10=buran-ransomware-the-evolution-of-vegalocker&cd13=&cd16=Alexandre%20Mundo&cd17=Nov%2005%2C%202019&cg1=blogs&cg2=other-blogs&cg3=mcafee-labs&cg4=buran-ransomware-the-evolution-of-vegalocker&cg5=&z=682394378

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mcafee.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/ 2 KB
1 KB 24ms
22ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/?random=1622062496971&cv=9&fst=1622062496971&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa5j0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&tiba=Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b8131f63901f3ffc2eb933f34fff569fccfaad6b4cdbc5d94eda3c3da7c2c0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1108
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/ 2 KB
1 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/740246542/?random=1622062496973&cv=9&fst=1622062496973&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa5j0&sendb=1&ig=1&data=event%3Dpage_view&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&tiba=Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

321a5919ed78b6e8fe74d7c9a61a155b19ea85d4d7a15cb2a14b2246a67dc373

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1110
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/614089511/ 2 KB
1 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/614089511/?random=1622062496975&cv=9&fst=1622062496975&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa5j0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&tiba=Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38a9016154cf40874a2b3729da44742a8c51448a10d46db350e8ce63ede43118

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1110
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/597407903/ 3 KB
1 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/597407903/?random=1622062496976&cv=9&fst=1622062496976&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa5j0&sendb=1&ig=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Dburan-ransomware-the-evolution-of-vegalocker%3Bcontent_group5%3D%3Bauthor%3DAlexandre%20Mundo%3BpubDate%3DNov%2005%5C%2C%202019%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&tiba=Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs&hn=www.googleadservices.com&gbcov=0&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fa0303b3885cb507258b48f971e8ac5bc3eb76b280b048978926cb0fc8720ded

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1223
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/ 3 KB
1 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/?random=1622062496977&cv=9&fst=1622062496977&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa5j0&sendb=1&ig=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Dburan-ransomware-the-evolution-of-vegalocker%3Bcontent_group5%3D%3Bauthor%3DAlexandre%20Mundo%3BpubDate%3DNov%2005%5C%2C%202019%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&tiba=Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f37eb16a6f4083ed663369f3857c041bea38a9dcf188234775b29e597c9ba498

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1223
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 15ms
14ms XHR
text/plain 2a00:1450:400c:c04::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-35949610-14&cid=1270127944.1622062497&jid=2142612645&gjid=121596712&_gid=1219848794.1622062497&_u=4GBACUAABAAAAC~&z=2111081994

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 26 May 2021 20:54:56 GMT
content-type: text/plain
access-control-allow-origin: https://www.mcafee.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=477&dpuuid=1d4767e3bb3bb73288911ec4c2d04da7c5c5f40e5dcc4ddfc8c782ff085de502b0da87c991749652
dpm.demdex.net/ Frame A95C
Redirect Chain

https://idsync.rlcdn.com/365868.gif?partner_uid=18372740443827920210694679194462571264
https://idsync.rlcdn.com/1000.gif?memo=CKyqFhIxCi0IARCYEhomMTgzNzI3NDA0NDM4Mjc5MjAyMTA2OTQ2NzkxOTQ0NjI1NzEyNjQQABoNCKHruoUGEgUI6AcQAEIASgA
https://dpm.demdex.net/ibs:dpid=477&dpuuid=1d4767e3bb3bb73288911ec4c2d04da7c5c5f40e5dcc4ddfc8c782ff085de502b0da87c991749652

42 B
975 B

75ms
39ms

Image
image/gif

34.242.112.45
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=477&dpuuid=1d4767e3bb3bb73288911ec4c2d04da7c5c5f40e5dcc4ddfc8c782ff085de502b0da87c991749652

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.242.112.45 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-242-112-45.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://mcafeeinc.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v007-066c634f0.edge-irl1.demdex.com 6.2.1.20210514105329-PR_1432-SNAPSHOT
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: ps2xiA52Q5w=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date: Wed, 26 May 2021 20:54:57 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://dpm.demdex.net/ibs:dpid=477&dpuuid=1d4767e3bb3bb73288911ec4c2d04da7c5c5f40e5dcc4ddfc8c782ff085de502b0da87c991749652
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
72 B 33ms
30ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-35949610-14&cid=1270127944.1622062497&jid=2142612645&_u=4GBACUAABAAAAC~&z=844081553

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.de/ads/ 42 B
63 B 31ms
27ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-35949610-14&cid=1270127944.1622062497&jid=2142612645&_u=4GBACUAABAAAAC~&z=844081553

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/740246542/ 42 B
74 B 27ms
22ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/740246542/?random=1622062496971&cv=9&fst=1622059200000&num=1&bg=ffffff&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa5j0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&tiba=Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs&async=1&fmt=3&is_vtc=1&random=2166450041&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/740246542/ 42 B
64 B 31ms
26ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/740246542/?random=1622062496971&cv=9&fst=1622059200000&num=1&bg=ffffff&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa5j0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&tiba=Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs&async=1&fmt=3&is_vtc=1&random=2166450041&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/740246542/ 42 B
74 B 26ms
22ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/740246542/?random=1622062496973&cv=9&fst=1622059200000&num=1&bg=ffffff&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa5j0&sendb=1&data=event%3Dpage_view&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&tiba=Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs&async=1&fmt=3&is_vtc=1&random=3890419790&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/740246542/ 42 B
64 B 30ms
25ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/740246542/?random=1622062496973&cv=9&fst=1622059200000&num=1&bg=ffffff&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa5j0&sendb=1&data=event%3Dpage_view&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&tiba=Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs&async=1&fmt=3&is_vtc=1&random=3890419790&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/614089511/ 42 B
74 B 27ms
22ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/614089511/?random=1622062496975&cv=9&fst=1622059200000&num=1&bg=ffffff&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa5j0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&tiba=Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs&async=1&fmt=3&is_vtc=1&random=102694890&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/614089511/ 42 B
64 B 28ms
25ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/614089511/?random=1622062496975&cv=9&fst=1622059200000&num=1&bg=ffffff&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa5j0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&tiba=Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs&async=1&fmt=3&is_vtc=1&random=102694890&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/976855902/ 42 B
74 B 22ms
20ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/976855902/?random=1622062496977&cv=9&fst=1622059200000&num=1&bg=ffffff&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa5j0&sendb=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Dburan-ransomware-the-evolution-of-vegalocker%3Bcontent_group5%3D%3Bauthor%3DAlexandre%20Mundo%3BpubDate%3DNov%2005%5C%2C%202019%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&tiba=Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs&async=1&fmt=3&is_vtc=1&random=2270558619&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/976855902/ 42 B
64 B 26ms
23ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/976855902/?random=1622062496977&cv=9&fst=1622059200000&num=1&bg=ffffff&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa5j0&sendb=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Dburan-ransomware-the-evolution-of-vegalocker%3Bcontent_group5%3D%3Bauthor%3DAlexandre%20Mundo%3BpubDate%3DNov%2005%5C%2C%202019%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&tiba=Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs&async=1&fmt=3&is_vtc=1&random=2270558619&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/597407903/ 42 B
74 B 24ms
21ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/597407903/?random=1622062496976&cv=9&fst=1622059200000&num=1&bg=ffffff&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa5j0&sendb=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Dburan-ransomware-the-evolution-of-vegalocker%3Bcontent_group5%3D%3Bauthor%3DAlexandre%20Mundo%3BpubDate%3DNov%2005%5C%2C%202019%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&tiba=Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs&async=1&fmt=3&is_vtc=1&random=3918246897&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/597407903/ 42 B
64 B 27ms
25ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/597407903/?random=1622062496976&cv=9&fst=1622059200000&num=1&bg=ffffff&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa5j0&sendb=1&data=event%3Dpage_view%3Bsent_to%3DUA-35949610-14%3Bcontent_group1%3Dblogs%3Bcontent_group2%3Dother-blogs%3Bcontent_group3%3Dmcafee-labs%3Bcontent_group4%3Dburan-ransomware-the-evolution-of-vegalocker%3Bcontent_group5%3D%3Bauthor%3DAlexandre%20Mundo%3BpubDate%3DNov%2005%5C%2C%202019%3BvisitorType%3D&frm=0&url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&tiba=Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs&async=1&fmt=3&is_vtc=1&random=3918246897&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 5713167 Show response
bat.bing.com/p/action/ 0
116 B 33ms
33ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/p/action/5713167
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ARR/3.0
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 26 May 2021 20:54:57 GMT
cache-control: private,max-age=86400
x-msedge-ref: Ref A: BEAF1318F049453992A6783DBCB77E7F Ref B: FRAEDGE1212 Ref C: 2021-05-26T20:54:57Z
x-powered-by: ARR/3.0
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
94 B 30ms
29ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5713167&Ver=2&mid=fddb97b9-d7f9-46a9-8fd9-55917bc1d973&sid=a0e33600be6411ebaa75a7cc295eba60&vid=a0e36160be6411ebb7153db265205953&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs&p=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&r=&lt=1932&evt=pageLoad&msclkid=N&sv=1&rn=770311
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Wed, 26 May 2021 20:54:57 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 0697E9A406FC4984BDACD8F28B768BA8 Ref B: FRAEDGE1212 Ref C: 2021-05-26T20:54:57Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 /
www.facebook.com/tr/ 0
15 B 16ms
16ms Ping
text/plain 2a03:2880:f130:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryuAFSAsCuhMECAjh5

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Wed, 26 May 2021 20:54:57 GMT
content-type: text/plain
access-control-allow-origin: https://www.mcafee.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i

GET
H2 200 rules-p-hvA1U3-AR_BCf.js Show response
rules.quantcount.com/ 3 KB
1 KB 10ms
9ms Script
application/javascript 2600:9000:2182:9800:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-hvA1U3-AR_BCf.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:9800:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 506749860aa7e22e638011c219c9bd26bece45a3b33057c2f145b96b937b5e44

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:08:24 GMT
content-encoding: gzip
age: 2934
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
last-modified: Tue, 04 May 2021 18:33:58 GMT
server: AmazonS3
etag: W/"eb0fff4b7031d9152713e8e316a7cc4e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 58dd513f0a53b3e6851a071cb857a706.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: Bwop8MgMZZSZKHPcufRzilDGs4LXb91SaE0SIpfGm8bQVrzYMbQwAQ==

GET
H2 200 pixel;r=130476507;source=TLM;rf=3;a=p-hvA1U3-AR_BCf;url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F;uht=2;fpan=1;fpa=P0-166225...
pixel.quantserve.com/ 35 B
371 B 13ms
12ms Image
image/gif 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=130476507;source=TLM;rf=3;a=p-hvA1U3-AR_BCf;url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F;uht=2;fpan=1;fpa=P0-166225625-1622062497126;pbcn=u;pbc=;ns=0;ce=1;qjs=1;qv=82efd7d8-20210517233434;cm=;gdpr=0;ref=;d=mcafee.com;je=0;sr=1600x1200x24;dst=1;et=1622062497126;tzo=-120;ogl=locale.en_US%2Ctype.article%2Ctitle.Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs%2Cdescription.McAfee%E2%80%99s%20Advanced%20Threat%20Research%20Team%20observed%20how%20a%20new%20ransomware%20family%20name%2Curl.%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F%2Csite_name.McAfee%20Blogs%2Cimage.https%3A%2F%2Fwww%252Emcafee%252Ecom%2Fwp-content%2Fuploads%2F2019%2F08%2Flabs-thumbnail-3%252Ejpeg%2Cimage%3Awidth.2048%2Cimage%3Aheight.1152

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:54:57 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

POST
H3-29 200 /
www.facebook.com/tr/ 0
15 B 16ms
16ms Ping
text/plain 2a03:2880:f130:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryBEr1p7TiC9VTFYvE

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Wed, 26 May 2021 20:54:57 GMT
content-type: text/plain
access-control-allow-origin: https://www.mcafee.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i

GET
H2 200 s06349775487632 Show response
smetrics.mcafee.com/b/ss/mcafeeenterprise/10/JS-2.20.0-LBSQ/ 491 B
854 B 58ms
58ms Script
application/x-javascript 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.mcafee.com/b/ss/mcafeeenterprise/10/JS-2.20.0-LBSQ/s06349775487632?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=26%2F4%2F2021%2022%3A54%3A57%203%20-120&d.&nsid=0&jsonv=1&.d&sdid=20523A2525E4CD82-6F49C9F2C62058BD&mid=13158920519591245840188672693979582525&aamlh=6&ce=UTF-8&pageName=other-blogs%3Amcafee-labs%3Aburan-ransomware-the-evolution-of-vegalocker&g=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&cc=USD&ch=other-blogs&server=www.mcafee.com&events=event1&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=D%3DpageName&v1=D%3DpageName&c5=D%3Dv5&v5=other-blogs&c6=D%3Dv6&v6=mcafee-labs&c8=D%3Dv153&c16=Alexandre%20Mundo&c26=D%3Dg&v26=D%3Dg&c51=%7C&c52=Nov%2005%2C%202019&c56=D%3Dv159&c57=D%3Dv160&c58=D%3Dv161&c59=D%3Dv180&c60=New&c62=D%3Dr&c75=D%3Dv190&v98=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F89.0.4389.72%20Safari%2F537.36&v100=2.20.0&v153=www.mcafee.com&v154=us&v155=english&v166=%7C002226124%7C795408868%7C831353003%7CUniversal%20Instruments%20Corporation%7CUSA%7COther%20Industrial%20Machinery%20Manufacturing%7CLarge%7C1020%7C%7C200%7C&v180=year%3D2021%20%7C%20month%3DMay%20%7C%20date%3D26%20%7C%20day%3DWednesday%20%7C%20time%3D1%3A54%20PM&v181=New&v184=D%3Dmid&v185=Direct%2FBookmarked&v187=na&v188=Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs&v190=buran-ransomware-the-evolution-of-vegalocker&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=A729776A5245B1590A490D44%40AdobeOrg&AQE=1

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

914ee50b3b8d6e6b0420db3ff03346aaf7eb13d396eceee553211286c73e04c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-aam-tid: 6D3WiHdKS48=
date: Wed, 26 May 2021 20:54:57 GMT
x-content-type-options: nosniff
x-c: main-1474.Ia290cf.M0-496
p3p: CP="This is not a P3P policy"
vary: *
content-length: 491
x-xss-protection: 1; mode=block
dcs: dcs-prod-irl1-2-v007-0b95ed9b4.edge-irl1.demdex.com 6.2.1.20210514105329-PR_1432-SNAPSHOT
pragma: no-cache
last-modified: Thu, 27 May 2021 20:54:57 GMT
server: jag
xserver: anedge-769f4786c8-fl5zt
etag: 3483352688938549248-4622000281501293031
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Tue, 25 May 2021 20:54:57 GMT

GET
H/1.1 200
OK sendrolling.js Show response
s.adroll.com/j/ 11 KB
3 KB 10ms
9ms Script
text/javascript 2a02:26f0:6c00::210:ba80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/sendrolling.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/BSO3ZR5BDRHVJEQK4OCMRI/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 982366f1ad02914ee8f64b7b11ac8a7f9902b6050e10c269b171cd2e51db3dee

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: hhddmS4HBoCHlBGNMub5KsX6g2g1jeBP
Content-Encoding: gzip
ETag: "5c44da3d0ddeac28ae4c1facdfbfa217"
x-amz-request-id: MR6CY611SNME3Y55
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 2719
x-amz-id-2: zOMty4g7q6S3616yxxUwBqmrdpgyZM7UsiAx/5YjPrMt55WGVKyFHxvbaJOzh+ClW3CHk2xsH3c=
Last-Modified: Wed, 26 May 2021 18:39:17 GMT
Server: AmazonS3
Date: Wed, 26 May 2021 20:54:57 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 XMT6NB3COJHGRLXR3MMYZ4 Show response
d.adroll.com/segment/BSO3ZR5BDRHVJEQK4OCMRI/ 42 B
904 B 39ms
39ms XHR
image/gif 3.248.28.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/segment/BSO3ZR5BDRHVJEQK4OCMRI/XMT6NB3COJHGRLXR3MMYZ4?adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275&arrfrr=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&xid_ch=f&pv=19250689204.802174&cookie=&adroll_s_ref=&keyw=&adroll_external_data=&adroll_version=2.0
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.248.28.111 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-28-111.eu-west-1.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-pixel-eid: XMT6NB3COJHGRLXR3MMYZ4
date: Wed, 26 May 2021 20:54:57 GMT
x-advertisable-eid: BSO3ZR5BDRHVJEQK4OCMRI
x-segment-display-name: Visitors to Unsegmented Pages
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-length: 42
pragma: no-cache
x-conversion-value: 0.0
server: nginx/1.18.0
x-rule: *
x-segment-eid: CSTXIZLI2JFWJBJL6CLPRZ
content-type: image/gif
access-control-allow-origin: https://www.mcafee.com
access-control-expose-headers: X-Conversion-Value, X-Conversion-Currency, X-Advertisable-Eid, X-Segment-Eid, X-Pixel-Eid
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
access-control-request-methods: GET
x-segment-name: *
access-control-allow-headers: *
x-conversion-currency

GET
H2

204

sync
pixel.advertising.com/ups/55980/
Redirect Chain

https://d.adroll.com/cm/aol/out?adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275&arrfrr=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of...
https://pixel.advertising.com/ups/55980/sync?uid=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

0
125 B

81ms
27ms

Image
text/plain

18.197.99.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/55980/sync?uid=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.197.99.6 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:57 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://pixel.advertising.com/ups/55980/sync?uid=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
pragma: no-cache
date: Wed, 26 May 2021 20:54:57 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.18.0
content-length: 167
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://d.adroll.com/cm/index/out?adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275&arrfrr=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-...
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU&expiration=1653598497
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU&expiration=1653598497&C=1

43 B
1 KB

68ms
67ms

Image
image/gif

104.108.145.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU&expiration=1653598497&C=1
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.108.145.8 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-145-8.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 26 May 2021 20:54:57 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 26 May 2021 20:54:57 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 26 May 2021 20:54:57 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU&expiration=1653598497&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 333
Expires: Wed, 26 May 2021 20:54:57 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://d.adroll.com/cm/n/out?adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275&arrfrr=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-v...
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU&expires=365

0
239 B

109ms
30ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU&expires=365
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Content-Type: image/gif

Redirect headers

location: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU&expires=365
pragma: no-cache
date: Wed, 26 May 2021 20:54:57 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.18.0
content-length: 124
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/
Redirect Chain

https://d.adroll.com/cm/outbrain/out?adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275&arrfrr=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evoluti...
https://sync.outbrain.com/cookie-sync?p=adroll&uid=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU

0
477 B

422ms
107ms

Image
text/plain

70.42.32.63
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=adroll&uid=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.63 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 26 May 2021 20:54:57 GMT
Cache-Control: no-cache
X-TraceId: d6a7821bc90dc869467086fe6f95472d
Content-Length: 0

Redirect headers

location: https://sync.outbrain.com/cookie-sync?p=adroll&uid=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU
pragma: no-cache
date: Wed, 26 May 2021 20:54:57 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.18.0
content-length: 100
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/
Redirect Chain

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275&arrfrr=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evoluti...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENA...

1 B
550 B

63ms
19ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:55 GMT
cache-control: no-store, no-cache, private
x-lat: amspug012:0:318
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
pragma: no-cache
date: Wed, 26 May 2021 20:54:57 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.18.0
content-length: 220
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

204

rtb-h
sync.taboola.com/sg/adroll-network/1/
Redirect Chain

https://d.adroll.com/cm/taboola/out?adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275&arrfrr=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolutio...
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU

0
218 B

69ms
18ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.40.0.195:10213
date: Wed, 26 May 2021 20:54:57 GMT
server: nginx
x-fastly-to-nlb-rtt: 1272

Redirect headers

location: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU
pragma: no-cache
date: Wed, 26 May 2021 20:54:57 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.18.0
content-length: 111
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://d.adroll.com/cm/triplelift/out?adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275&arrfrr=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolu...
https://eb2.3lift.com/xuid?mid=4714&xuid=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU&dongle=c85e
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=

37 B
352 B

27ms
27ms

Image
image/gif

3.121.70.57
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
Requested by: Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.121.70.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-121-70-57.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:57 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: /xuid?ld=1&mid=4714&xuid=ZGRjNGViZDE0YWU4ZDJlZjkyZTcyNzZkMjBmMDFhMjU&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
date: Wed, 26 May 2021 20:54:57 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

POST
H3-29 200 /
www.facebook.com/tr/ 0
15 B 16ms
16ms Ping
text/plain 2a03:2880:f130:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryqSBwOvGfs2ShAVVA

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Wed, 26 May 2021 20:54:57 GMT
content-type: text/plain
access-control-allow-origin: https://www.mcafee.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i

GET
H3-29 200 292818695430230 Show response
connect.facebook.net/signals/config/ 254 KB
72 KB 18ms
17ms Script
application/x-javascript 2a03:2880:f030:13:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/292818695430230?v=2.9.40&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f030:13:face:b00c:0:3 , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d8070a28df7e974772b6de0569dc36a9ba6061ae9b314f35d0a313cf72142c08

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 74131
x-fb-rlafr: 0
pragma: public
x-fb-debug: TmvS30cnnPEdnaHFYSWe1oZieQw7DWCqJicRxRtsJ1+YE7Y6gMiSb9huij2tt0AEokubEBo44EuEz2ECoAWjKQ==
x-frame-options: DENY
date: Wed, 26 May 2021 20:54:57 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 16ms
16ms Image
image/gif 2a03:2880:f130:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=292818695430230&ev=PageView&dl=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&rl=&if=false&ts=1622062497413&cd[segment_eid]=CSTXIZLI2JFWJBJL6CLPRZ&sw=1600&sh=1200&v=2.9.40&r=stable&ec=0&o=29&fbp=fb.1.1622062496567.2061090722&it=1622062496438&coo=false&dpo=LDU&dpoco=0&dpost=0&exp=l1&rqm=GET

Requested by

Host: www.mcafee.com
URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:54:57 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Wed, 26 May 2021 20:54:57 GMT

POST
H2 201 97950c5b4no227ea5e345f54080189a Show response
www.mcafee.com/clientlibs/ 17 B
643 B 407ms
406ms XHR
application/json 104.111.238.175
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mcafee.com/clientlibs/97950c5b4no227ea5e345f54080189a

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.238.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-175.deploy.static.akamaitechnologies.com

Software

Resource Hash

b493cdb3b30ea63f6a924f814dfccfcfe305dac02106f9994ce2bcb2e8ed28c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-fetch-mode: cors
origin: https://www.mcafee.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: bm_sz=3943293BC7E816B6C516DD97221A3B2C~YAAQbrsQAo0M6p15AQAAa3p1qgtfBJSSiRYVhard7ySKDNJ94kxj8muCEdvK8H2x5iOvVucaGfMD7XReHLRe6U4QkRBCeQ+V3lBlDQ1Jos5eLhVBZuiCT+atZuBwA/1uARN8mDZG2DX5zzdAMcymnEWxArsSvshsfVnjkeLZFHK49KClBdHHKG4j8T7Lk7wl; RT="z=1&dm=mcafee.com&si=ca9f7b13-2a01-4aa7-9a01-e323be6c3ad3&ss=kp5y4n4n&sl=0&tt=0&bcn=%2F%2F686eb51b.akstat.io%2F"; _fbp=fb.1.1622062496567.2061090722; AMCVS_A729776A5245B1590A490D44%40AdobeOrg=1; run_fs_for_user=false; utag_main=v_id:0179aa757b43000a50b18c08f5a100072006206a00b08$_sn:1$_ss:1$_pn:1%3Bexp-session$_st:1622064296579$ses_id:1622062496579%3Bexp-session$vapi_domain:mcafee.com; s_ecid=MCMID%7C13158920519591245840188672693979582525; s_gpv=%5Bconsumer%3Aweb%5D%7Cother-blogs%7Cmcafee-labs%7Cburan-ransomware-the-evolution-of-vegalocker; s_cc=true; _gcl_au=1.1.2132358590.1622062497; _ga=GA1.2.1270127944.1622062497; _gid=GA1.2.1219848794.1622062497; _gat_gtag_UA_35949610_14=1; _uetsid=a0e33600be6411ebaa75a7cc295eba60; _uetvid=a0e36160be6411ebb7153db265205953; AMCV_A729776A5245B1590A490D44%40AdobeOrg=-408604571%7CMCIDTS%7C18774%7CMCMID%7C13158920519591245840188672693979582525%7CMCAAMLH-1622667296%7C6%7CMCAAMB-1622667296%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1622069696s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18781%7CvVersion%7C4.6.0; s_nr=1622062497265-New; gpv=other-blogs%3Amcafee-labs%3Aburan-ransomware-the-evolution-of-vegalocker; tp=11733; s_ppv=other-blogs%253Amcafee-labs%253Aburan-ransomware-the-evolution-of-vegalocker%2C10%2C10%2C1200; __adroll_fpc=75d205509b05120d3efe018771d86c71-1622062497275; __ar_v4=%7CBSO3ZR5BDRHVJEQK4OCMRI%3A20210525%3A1%7CXMT6NB3COJHGRLXR3MMYZ4%3A20210525%3A1; __qca=P0-166225625-1622062497126; _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQApwM6p15AQAAIn51qgXLJNw9q7a5s9jLuJwfioJEPwO+b3RzwO5LKwRBWEzcEnmifBqBRRQfyZ9MkNB4gej9TfKBSG8nxFs1nUUNgJ7N6uSNpn7wQX1lC4JhMeAOnELj7mgzCTm06/nea+spDUG+unOd6loHAO14jRRWtpgfE5lwGKl2sDjSS2MdbRjI1HszBMeb9w9Bjdqa7xmtZCK5aBF0kMMGc+Kg7WAfpRbUduTLkgMtepJq64bqbiZFthYkHPTdHRRNfohBhPxd3E3lqTk+xbHzpQ3Yau2yL2TEj7gUmhXQCVIhLoRqWbi2MSEbG+LVsdg7iErgMWCHOQanulLXc/mEFNXRMCb8CWtTD/XGvCq6q7iF5dE8lIgo0WR349+Xig==~-1~||1-twPajWasvJ-1-10-1000-2||~-1; Target_Test=seg%3D13216020%2C13216019%2C13216018%2C13216017%2C13306012%2C13306015%2C13306029%2C13306030%2C13306033%2C13306034%2C13306035%2C13306037%2C13306040; aam_uuid=18372740443827920210694679194462571264
content-length: 2365
:path: /clientlibs/97950c5b4no227ea5e345f54080189a
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
cache-control: no-cache
:authority: www.mcafee.com
referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 26 May 2021 20:54:57 GMT
vary: Origin
content-type: application/json
access-control-allow-origin: https://www.mcafee.com
set-cookie: _abck=9A3C4415D0E385959C8E98F256310D79~-1~YAAQbrsQAqYM6p15AQAAIIB1qgUPFG8kr9kzc6fQqih7YGX6VCOvQ55g1x+ZynjMLIaGzexoZQYPHkGy6By9v96eXV72HpIZdyhtdZDRQeaIJFbXivUIWKvR0fZY3rv7WiErmDUjMlTEo+zj4xVS566Mr8xNGjjPNtSpXy3JAKnQpB9A0UZmFc4SETSfUqflXXceWVLDLK7p4Hox53HiyFb2rL4qK2J6xVHO6UXlpzYFZdgA2Kz3Bxs4/+iDjzgxC3VHN/GyOwBOGAKBRmX+BbFrHBzmlF9PgmSW77ooa7LTmPeKJGdXpd6BchELreOYKHH+0iTcPOOk6inuv1Jts9HGXnoymOG0XzdCzdc7dbp0H/B3rpmFluqtS1fivIItnFdRTP+jiuYuWw==~-1~||-1||~-1; Domain=.mcafee.com; Path=/; Expires=Thu, 26 May 2022 20:54:57 GMT; Max-Age=31536000; Secure
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
access-control-allow-headers: Content-Type
content-length: 17

GET
H/1.1 200
OK sa.css
tags.srv.stackadapt.com/ 80 B
307 B 103ms
103ms Stylesheet
text/css 52.202.228.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.202.228.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 1662120f450f322ab882a5d4943837f67b0c8d035b19e62df00c6952a17efd51

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 26 May 2021 20:54:57 GMT
Cache-Control: only-if-cached, no-transform, private, max-age=7776000
Connection: keep-alive
Content-Length: 80
Content-Type: text/css

GET
H/1.1 200
OK sa.jpeg Show response
tags.srv.stackadapt.com/ 651 B
881 B 412ms
103ms Fetch
image/jpeg 52.202.228.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.202.228.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 1e27a2b326a337f927a2c9b3b910d7a4b26d28b1f49f770f34e8f054652119f1

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 26 May 2021 20:54:57 GMT
Cache-Control: only-if-cached, no-transform, private, max-age=7776000
Connection: keep-alive
Content-Length: 651
Content-Type: image/jpeg

POST
H3-29 200 /
www.facebook.com/tr/ 0
15 B 17ms
16ms Ping
text/plain 2a03:2880:f130:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryZ87au5EpLk8Y4zfj

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Wed, 26 May 2021 20:54:57 GMT
content-type: text/plain
access-control-allow-origin: https://www.mcafee.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i

GET
H/1.1 200
OK saq_pxl Show response
tags.srv.stackadapt.com/ 141 B
444 B 120ms
119ms XHR
text/plain 52.202.228.151
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=uSyobPfzhDJe2LRnhI_IVA&is_js=true&landing_url=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F&t=Buran%20Ransomware%3B%20the%20Evolution%20of%20VegaLocker%20%7C%20McAfee%20Blogs&host=https://www.mcafee.com&sa_conv_data_css_value=%20%220-40a5bb2c-16e9-4cd6-7275-934b47b4b6cb%24ip%24159.48.55.7%22&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9db34c91ee2d14efe430817589f68a8079f303707
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.202.228.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 597b7ac8d3516dea5bcb9a2820cb005616de5ccfdc990d09fed05472e9b763b2

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 26 May 2021 20:54:57 GMT
Access-Control-Allow-Methods: GET
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://www.mcafee.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 141

GET
H2 200 RC4fa51485b5894d1cb92974356ae0fc00-source.min.js Show response
assets.adobedtm.com/97913309b792/00f161500c52/eb36d36cf76b/ 830 B
709 B 6ms
6ms Script
application/x-javascript 2a02:26f0:6c00:28a::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/97913309b792/00f161500c52/eb36d36cf76b/RC4fa51485b5894d1cb92974356ae0fc00-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28a::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: d3a26688c40271a05039ad104e38b9149bfc70999bebf8180c20350acb244fdb

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:55:00 GMT
content-encoding: gzip
last-modified: Tue, 25 May 2021 16:34:03 GMT
server: AkamaiNetStorage
etag: "6c766a3dcab7d7b796054e16c6b56994:1621960443.301625"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.mcafee.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 444
expires: Wed, 26 May 2021 21:55:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
278 B 151ms
150ms Script
application/javascript 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=nxlgc&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.mcafee.com%2Fblogs%2Fother-blogs%2Fmcafee-labs%2Fburan-ransomware-the-evolution-of-vegalocker%2F

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 26 May 2021 20:55:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
pragma: no-cache
last-modified: Wed, 26 May 2021 20:55:00 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 623bb324e5341fe6432b3197d646e322dac46fa609879e3ef2b2dba5217337ff
x-transaction: 06bcd42254ffef30
expires: Tue, 31 Mar 1981 05:00:00 GMT

POST
H2 204 /
686eb51b.akstat.io/ 0
201 B 62ms
59ms Ping
image/gif 2a02:26f0:6c00:2b9::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://686eb51b.akstat.io/

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:2b9::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:55:00 GMT
content-type: image/gif
access-control-allow-origin: https://www.mcafee.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 0
expires: Wed, 26 May 2021 20:55:00 GMT

POST
H2 204 /
686eb51b.akstat.io/ 0
201 B 39ms
39ms Ping
image/gif 2a02:26f0:6c00:2b9::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://686eb51b.akstat.io/

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:2b9::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:55:00 GMT
content-type: image/gif
access-control-allow-origin: https://www.mcafee.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 0
expires: Wed, 26 May 2021 20:55:00 GMT

POST
H2 204 /
686eb51b.akstat.io/ 0
201 B 41ms
41ms Ping
image/gif 2a02:26f0:6c00:2b9::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://686eb51b.akstat.io/

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/LXNDQ-3SP7Y-P3JVN-Y4HAH-VQNKC

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:2b9::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Wed, 26 May 2021 20:55:00 GMT
content-type: image/gif
access-control-allow-origin: https://www.mcafee.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 0
expires: Wed, 26 May 2021 20:55:00 GMT

GET
H/1.1

200
OK

results.txt Show response
t4ydobyccbvzqyfowwsa-ppkgf6-6a7234850-clientnsv4-s.akamaihd.net/eum/ Frame 7BE2
Redirect Chain

https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=ppkgf6z6j
https://t4ydobyccbvzqyfowwsa-ppkgf6-6a7234850-clientnsv4-s.akamaihd.net/eum/results.txt

8 B
312 B

119ms
25ms

XHR
text/plain

2.16.107.194
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://t4ydobyccbvzqyfowwsa-ppkgf6-6a7234850-clientnsv4-s.akamaihd.net/eum/results.txt
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.107.194 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-107-194.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 26 May 2021 20:55:00 GMT
Last-Modified: Wed, 08 May 2013 07:51:12 GMT
Server: AkamaiNetStorage
ETag: "402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type: text/plain
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8

Redirect headers

Location: https://t4ydobyccbvzqyfowwsa-ppkgf6-6a7234850-clientnsv4-s.akamaihd.net/eum/results.txt
Date: Wed, 26 May 2021 20:55:00 GMT
Server: AkamaiGHost
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Length: 0

GET
H/1.1

200
OK

results.txt Show response
fiaqj6abeejrukqce3ygyaaaabqk5nne-ppkgf6-a5687b110-clienttons-s.akamaihd.net/eum/ Frame 7BE2
Redirect Chain

https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=ppkgf6z6j
https://fiaqj6abeejrukqce3ygyaaaabqk5nne-ppkgf6-a5687b110-clienttons-s.akamaihd.net/eum/results.txt

8 B
312 B

67ms
6ms

XHR
text/plain

2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://fiaqj6abeejrukqce3ygyaaaabqk5nne-ppkgf6-a5687b110-clienttons-s.akamaihd.net/eum/results.txt
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f

Request headers

Referer: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 26 May 2021 20:55:00 GMT
Last-Modified: Wed, 08 May 2013 07:51:12 GMT
Server: AkamaiNetStorage
ETag: "402e7a087747cb56c718bde84651f96a:1367999472"
Content-Type: text/plain
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8

Redirect headers

Location: https://fiaqj6abeejrukqce3ygyaaaabqk5nne-ppkgf6-a5687b110-clienttons-s.akamaihd.net/eum/results.txt
Date: Wed, 26 May 2021 20:55:00 GMT
Server: AkamaiGHost
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Length: 0

Verdicts & Comments Add Verdict or Comment

260 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.mcafee.com/	1969-12-31 23:59:59	Name: s_ppv Value: other-blogs%253Amcafee-labs%253Aburan-ransomware-the-evolution-of-vegalocker%2C7%2C7%2C1200
.mcafee.com/	1970-01-19 18:44:27	Name: RT Value: "z=1&dm=mcafee.com&si=ca9f7b13-2a01-4aa7-9a01-e323be6c3ad3&ss=kp5y4n4n&sl=1&tt=440&bcn=%2F%2F686eb51b.akstat.io%2F&ld=444"
.mcafee.com/	1969-12-31 23:59:59	Name: tp Value: 18193

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js(Line 2) Message: Adobe Analytics Extension Config : custom code
console-api	log	URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/(Line 918) Message: Fetching dnbDetails...
console-api	log	URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js(Line 11) Message: Form tracking.....
console-api	log	URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js(Line 9) Message: allPage Rule Triggered
console-api	log	URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/buran-ransomware-the-evolution-of-vegalocker/(Line 1076) Message: Assign content grouping : GTAG
console-api	log	URL: https://assets.adobedtm.com/launch-ENc117a6a508e14a879398dd6f37ed54a3.min.js(Line 2) Message: Content Finding Method

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

686eb51b.akstat.io
analytics.twitter.com
api2932.d41.co
assets.adobedtm.com
bat.bing.com
c.go-mpulse.net
cdn-0.d41.co
cdn.jsdelivr.net
cm.everesttech.net
connect.facebook.net
cu1pehnsweb01.servicebus.windows.net
d.adroll.com
d.adroll.mgr.consensu.org
dpm.demdex.net
dsum-sec.casalemedia.com
eb2.3lift.com
fiaqj6abeejrukqce3ygyaaaabqk5nne-ppkgf6-a5687b110-clienttons-s.akamaihd.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
idsync.rlcdn.com
mcafeeinc.demdex.net
p.adsymptotic.com
pixel.advertising.com
pixel.quantserve.com
pixel.rubiconproject.com
px.ads.linkedin.com
px4.ads.linkedin.com
rules.quantcount.com
s.adroll.com
s.go-mpulse.net
secure.quantserve.com
securingtomorrow.mcafee.com
simage2.pubmatic.com
smetrics.mcafee.com
snap.licdn.com
so.rlcdn.com
stackpath.bootstrapcdn.com
static.addtoany.com
static.ads-twitter.com
stats.g.doubleclick.net
sync.outbrain.com
sync.taboola.com
t.co
t4ydobyccbvzqyfowwsa-ppkgf6-6a7234850-clientnsv4-s.akamaihd.net
tags.srv.stackadapt.com
tags.tiqcdn.com
trial-eum-clientnsv4-s.akamaihd.net
trial-eum-clienttons-s.akamaihd.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.mcafee.com
104.108.145.8
104.109.77.38
104.111.238.175
104.18.102.194
104.208.16.0
104.244.42.133
104.244.42.3
108.174.10.14
13.32.21.107
141.226.228.48
142.250.185.226
15.236.176.210
161.69.25.99
18.197.99.6
185.64.189.110
199.232.136.157
2.16.107.152
2.16.107.194
2600:9000:2182:9800:6:44e3:f8c0:93a1
2606:4700:10::6816:46c5
2606:4700::6812:acf
2606:4700::6812:bcf
2620:116:800d:21:5a23:9c4e:e774:96c1
2620:119:50e4:101::6cae:b55
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:802::2003
2a00:1450:4001:808::2003
2a00:1450:4001:808::2004
2a00:1450:4001:80e::200e
2a00:1450:4001:80f::2004
2a00:1450:4001:811::2002
2a00:1450:4001:811::2008
2a00:1450:4001:829::2003
2a00:1450:4001:82f::200a
2a00:1450:4001:831::2002
2a00:1450:400c:c04::9c
2a02:26f0:6c00:1bb::11a6
2a02:26f0:6c00:28a::1e80
2a02:26f0:6c00:2b0::25ea
2a02:26f0:6c00:2b9::11a6
2a02:26f0:6c00::210:ba19
2a02:26f0:6c00::210:ba80
2a03:2880:f030:13:face:b00c:0:3
2a03:2880:f130:83:face:b00c:0:25de
2a04:4e42:3::621
3.121.70.57
3.248.28.111
34.242.112.45
34.255.166.243
35.190.60.146
35.244.174.68
52.17.73.77
52.202.228.151
52.45.16.186
69.173.144.138
70.42.32.63
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0b6c65a5fd1492c1595779918197dfd0facb389988a6a4aa651fbe2bfebe2165
0bd3cd573f1d8fa35bcee9b239ad6543b11c59f0bcc178b035b0b6d79b1b1aec
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
0e3c3790d3ef5f000a5eb4242e477574ee5f23298bca99dc2c81fd007afd45b9
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11ad34354aa42ea83ed45226016e50b8fe825c1a213c57e998af4cd7a251ec7b
13918cd8119361049fbea62221802f5d0b612e9b54ad3ee93a41e06821eecb97
15043751aa849b913e307a6e1188512f2a189b8def23d5815178731d8ddf1c29
1662120f450f322ab882a5d4943837f67b0c8d035b19e62df00c6952a17efd51
18aa66c192cbef43a61b1398c292ae5c6c1d40d679428ee998b1c6bfaf61d75a
1b35f88d28f2f2d3c6f0c27cb98c2defca1d1b6f9c85ff293d7aaad30a46aaec
1bdc1ec691f814059b0332d8dd4da72ef0117f2849c763330e0e5d4174ad5667
1e27a2b326a337f927a2c9b3b910d7a4b26d28b1f49f770f34e8f054652119f1
20d3a05e484016c8a90008fd9ebc82e0244b3ffb24015917b4a4a4db824db156
240fbcfd9cce9f9883216b7f5097be022d5af697075bb9987439d7b8bba5aeb9
25afe676005c046f770992aa6e09eb9cbd6f73ee0b51000efd239fbc4ac600e6
26fa17cabd8c56457618139d01a6c93dcfe3945a352d8521b3cbb72b099145da
29be4fee248b9677e2bec2ec68574d671801009f81296ce694ee6aaf8cfe9458
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2e770bd9e02e484d6aacb06aa5a10129a2a21082b03e3dadeb283c045f61b33e
32076e265e72764cd8497cc0d0678dae2bbe6cdf9d8c53ef1b91f9899e994e6b
321a5919ed78b6e8fe74d7c9a61a155b19ea85d4d7a15cb2a14b2246a67dc373
325fe3b5a9d659efe33a7c3b6efd4a361bf4823895d49f81bf9aaa893f6b35a7
346aae6f2e04a045081edf8a6b0e9d9ccaedb005b95fa1d6521db1e5724325ff
38a9016154cf40874a2b3729da44742a8c51448a10d46db350e8ce63ede43118
3df00a08f45cc1168d3acf108e4d6af4fbba516ac25b375074d3573506f7743f
3f1594b4a09de7b05aba88a7e26812cd1f4e178604947531bf76f9d863cbb4c2
3f98891b06b8c86917c1fa19e405f937312bb107e49821a8f7fb83746c324449
414b33c761e7ba385e0bd403c1d0c1fe37978a956a3898309f17518b217025c8
4a8895e9d5f662094d8bedc183c8b88d8ae4ec0a5446e754c8c6967289440a8a
4ac14dae4a8ee2ad617f1a73262f84d0d7b873cbc7883e05634fc1b4ee5aee69
4b8131f63901f3ffc2eb933f34fff569fccfaad6b4cdbc5d94eda3c3da7c2c0f
4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a
5045ff36c57d31ba784e8a9854d16e1addcbbf7e3da88a4a1af483a62d62d172
506749860aa7e22e638011c219c9bd26bece45a3b33057c2f145b96b937b5e44
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
506df44f82ef782e6f5c6a7832dfd2be0638b393dca0c8d0964c616e296c83a4
53f829ae556bf7011727483015d83a98bcdb4b5796eecb728827c1282c971536
57cd1d26474ce5b3da3a5167accb4460197ae0e15a10d99dabb3e0ac35510bfc
58487229acbf98441ad9647e373151ce4c0e6bfb7400b6e6723d4dd027f7f20f
597b7ac8d3516dea5bcb9a2820cb005616de5ccfdc990d09fed05472e9b763b2
5c1da3c68b2500408c538cec9898b1f58b56d4a0e529342c256785cf9d4f5c65
5dfb09f58859b87a71be37c53ad49024c4e7842c997c8ffc4f163fb883bf52b9
5efcb3edeabaffdcc9b98ad2651c3d03a06532bba88ffcde629650a2fc0ce91f
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2
5fef6314aa3fafeb4b0bc082cb5214b85d89edddb817095796d77875073c2f76
6138f63ddb36010ea46df8e9c6f158fd9eac0b2ab58e8ee0c05f3d513f261cfc
62b4ba1d861a54cc6b02ab1aba762f7b6b14dc03c52d86c51a33950d044472ee
64e36f5ff48cef951b1fb823100277926b3f02e93094eee3c687092816cb06ee
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f
689bb3a44dc220debb55f5e01cd84bfd10083978ba82f2e27f17b6b816ea4ea8
6e44b9596bd11c9d0332e7f9a729f2488b67d3f458c4297e079b3e96c7011296
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
6f8308c2f618a490d769710251821d831be94d3d76fdc88a11f236e46e650911
7176c77b8f2fd12ddcbdcecbae5ffdbf2ff5e1bde8ed372a0bbf2ef98312a6fd
71d42e52ca35bfa15765b9b71e93054a357efb81f54b0bd578285acaeee52c1f
725df6f2b0802585b4047a534147cbfbcd19befdea74a26ecce79be4fb636862
72e5ff70b2607cdc1d4be2a6421e55416063b27b7de975d259f4e536bd7b20a3
75cea5ef8f44fc5c39c34d20e73a4f998377816dcc4d09a6bf7c6bb00535677d
7923c5df4689d8e2b03d4b24349057eb7415f9d70b6cd91975fd19814b402821
797a4e901f06c26e59f26a2b449a8fcfffcf86dd2b66d73240ee8b3cd04528e9
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
837d06b67929e9ec8898bafa6c277012b4da7cbfee53172a9d60161daae751ae
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
88b3b2d6d43e3d37e38e2daa2d73a89db49ad66931f16cc9f599c72360178c4a
89d0f2a439bbbd6f0d72bd9ddfcd74d75d40c34399e24168fc817b4389a3e546
8c3558754a6f2de8ccdad7701d468deb84928e1384d9b87df7cb8ed7bff2e744
905a3464fc5725adbcdc0dc3a7b30d43845a5b138be53a8346593ac9fe7107d6
914ee50b3b8d6e6b0420db3ff03346aaf7eb13d396eceee553211286c73e04c4
91add12447593df02fc14f1ac31d7034fd390167d12fc67314ea4f8a65065d94
931834a833e2f458c9a561a1f97583b107701c9d684353bc5ae01af6cf244eae
937520e69a07d35fdaf3746cf97859d69c38a461da2d0f7c7df5f95d2d491102
96468d2b9a65383028178f08195544fc5a43bb4772196daade5b4fcb9b0b2ecb
96d33f532112177ede6bf262dcf6d0140dbe29f05a4595d17b0be4743205b5ea
982366f1ad02914ee8f64b7b11ac8a7f9902b6050e10c269b171cd2e51db3dee
9bb72680b6d1a9238c52ba3f2fca012d11756c7b83c141a96e0564ad339f0bf6
9cc56307a599f98aca4e3fedeba9b46a424244e8257a64f0e9700f7d90cf2834
9cd70afe3b6dbf32327d6e35eadb54526e60b51d29bd50308a60e6e05223b4ea
9d02130354c54670b25a58272f8b765b34fb714010bff5b43dff7f6b1e06a908
9dbd1391b378e4972202b4696444f5c36545b6bb3eb574a1b990713e2a454d7a
9e5852cf776d9607919391e12192ad3fb80e1a81d32cd01d8180b99352d1d660
9f1fd24357d053aeeae8bb0e45bda370904aa42e1334fd31532bcea2d1357f0a
9f5a72ce12e3919467065700621f04a38ee421e307261fb75ba1f71355f01c05
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1c28adb89058602ad520c2ba6d59564c91fe64597379a0144df77d23ed8fc8d
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a26221987e4db0e8684c0afc2a25466f48654ad64755ef58e9facb874beaaec3
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
a6657a50b32fff305c83a9b68bead88b7df67d3021f9f6e236f5fad13ca58519
a85469197f2dcf79c87dd8f196031b9d3c6984552bf9ceea1666ccd55051bffe
a8f64bbcd91eff200a2cdea47e6a4e6b8dc2b2efcb6013ac1d5f6623ca0091d3
a94558535ca72995a47883885d6fdfdee113dcbb8e937e88196f25cb181c72b2
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
afca21f08d9897df9297beb699529b4a5e361fdb2e3ab514cbaea7c0f92d1e7b
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2517b851c58b81e7109344a0729d05734ce47d5fc20a29a4cd374d7b569ff1f
b291ebd2a06d19f82f90c28ac9c352e764890687ff38e7ea8b19a69aa8b88c27
b493cdb3b30ea63f6a924f814dfccfcfe305dac02106f9994ce2bcb2e8ed28c4
b5ef1c00425aca5499c3fa6e3ae78cecaa4682508e587b952780fccc7e8a2475
b5fc0b1307395cb8aab403b9447971f9ad14713146384776b2122b3df014a24a
b695f4e09490004246d228e02338f9d3c4591273e1f35bb0ebe63607c860e608
b892c5be335af0dba8944c2d245d80ede66099738a88df1c478f7ca4832388a3
b985ce795573bdf1c1d3389bfb630e2b333cbb2a30f7365e32a95328bc02dff5
ba6856b3aa462b18c9f5fc3b0d553eca0fe0f03d5ff668ba7d465394c85896b1
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bba4d46952f094b62205fe06e4a78114cac5d934971925a4716ef40c33f96012
bca7af0b45b6fc6a2064e8e7a34f2041f3e77261e63f0257209bcde6bc40545d
bf10ac18eeb8b091e51ff804a87a3f7d651391b622527468b7f952c9d660dca2
c04fa2bf0050c9ad447b45f5b79333e21538a78f808cfe8dead3a47db8d22990
c248e1559ca2a75e57540b2d3570ea4f21824b616640905a76a3f8fef46c9a6e
c28b11b88f25260096e090cba278a677c0c4f0d1f36570e6c173865d7c261ba6
c58844aa5f6782b1853208cbbf20eb05ca95f8407763c41c9de73bc84a846885
c608460c1a26a7212721a22e96ed663a47424df6e4b32a61260f67f2467264eb
c7243883df019158d584ad142b9b69ab0ff43312e939b1cd9b44b14c1a1d44f1
c92295bd1bd22a2460a97272741c3ef8753884a1a370ad862753cc16e6d94e85
ca9c79b0dc7041ecfd9690d4856309d5b863c3c09964ae023e46407e872160f8
cc007a0a53718c30e88228e266579a80337c633b093a3bed3d053256c17a08f5
cc64b820c7d17b495bf34ddd5c419037f625073b482af718a1f1d63d44c0770b
cce031204e7dbe0400e16e76e68fd3c571b8c750eff6e4fcbd5e55f68534c442
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfbdae7f042bde518bff481ed3258ea1b0f0798ad5aece42e964a4896af0b7be
cfcefccb259075f21d178ee29f4bfd1c7ee14b5276e49b1faa9714fea3335e8c
d3a26688c40271a05039ad104e38b9149bfc70999bebf8180c20350acb244fdb
d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491
d8070a28df7e974772b6de0569dc36a9ba6061ae9b314f35d0a313cf72142c08
d945e554a74fa4ece7c2023a078d170d99db2274f1d1c40fc27793fb6ed5f0cb
db0ac1fb3211317ba0cb57d7e4c44c14cfe507beeeac8d8b9c234a23202eb851
db7d30f0f913f053accc45f3750d68a8dc8c472942660996b4b7e55a5e83e435
dbaac57621bdd36e948aac23d3800c57845ba3cd42f00fe69033aafd1520ce93
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
dfb119d2a4d88b2844f62b2aee6b369989685b7b1ac0411c42310f52e3f0ed5e
e37a355d1824d5c94680a67e3e0f4670e3fad0eec80799d86c778391d25ccfb3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4aef0aba15680c1b745414a7c7bc39cdbeda17f1de0c7bf57bf90378b6a5d26
e98c61d19f0e628139216fc2f3103faedad7910a4653db598c120b8fa7537ac8
eb54321d72896f9db33897fd543c09aec72ea0f39258abfebb3dbf6947288961
ed98fc6c0671986924db3baa6d8cbf61611a3d54a220a559bed267d933b33c79
edc71eb4258cbacd60278d3bf5fac4e772d6b7e6f5c43b8696f527c1e680e40c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
eff0e1854fa55be60eda0bdadc46196855405268c7dd0bfa17bbc659f04c1ae6
f021b093792378520f10a14c5af1ead78ef59cf13eacd26c7c6c1b2c8dfd2555
f2e63e685395b6179bd3b99e991f0b5746af7c7d34066b1d42bef4e18fbf6720
f37eb16a6f4083ed663369f3857c041bea38a9dcf188234775b29e597c9ba498
f3c0f0722a369b7d225ab963ee2f5b2f9237ad200d49cc6e16adb8e7618113ce
f6533a7fce56c0926097f8848be9b24fc7cde5f71bf41680b73e2e186ae4272d
f8c0964b64b2ebf2fcb093f9be8a3e0e2b3897a6bec0f93cc594d7e248904ea1
f8ccb4c83640db84fca4261e48d1bff8719ec8be545425d1a27177c39b2f4b20
f909a31bfd7a13b9dd53e98b5652f13f4782fdfd1653dc4befade7386c087371
fa0303b3885cb507258b48f971e8ac5bc3eb76b280b048978926cb0fc8720ded
fa1434424b9f0ef2be08aec127a07a5a27c2fd3aedef9845b185710a2a81a215
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
fd0423a6494debe047912f09243d854bf65bdc995d5f88365301a2e7601c02db
ff12873304e673cedcf68826bd298522ec9366a2e50b0ce4061c28012c631828

www.mcafee.com Open in urlscan Pro 104.111.238.175 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

210 Requests

100 %HTTPS

49 %IPv6

43 Domains

57 Subdomains

50 IPs

7 Countries

2303 kBTransfer

5156 kBSize

3 Cookies

8 Outgoing links

Redirected requests

210 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.mcafee.com Open in urlscan Pro
104.111.238.175 Public Scan

Screenshot
Live screenshot

Full Image

210
Requests

100 %
HTTPS

49 %
IPv6

43
Domains

57
Subdomains

50
IPs

7
Countries

2303 kB
Transfer

5156 kB
Size

3
Cookies

210 HTTP transactions
0 data transactions