www2.cybereason.com Open in urlscan Pro
104.197.196.164 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www2.cybereason.com/research-operation-escalation-click-fraud
Submission: On August 28 via manual (August 28th 2017, 10:53:01 pm UTC) from NZ

Summary HTTP 27 Redirects Behaviour Indicators

Summary

This website contacted 11 IPs in 4 countries across 8 domains to perform 27 HTTP transactions. The main IP is 104.197.196.164, located in Mountain View, United States and belongs to GOOGLE - Google Inc., US. The main domain is www2.cybereason.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 23rd 2017. Valid for: 3 months.

This is the only time www2.cybereason.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	104.197.196.164 104.197.196.164	15169 (GOOGLE) (GOOGLE - Google Inc.)
4	198.232.124.196 198.232.124.196	54104 (AS-NETDNA) (AS-NETDNA - netDNA)
3	2a00:1450:400... 2a00:1450:4001:824::200a	15169 (GOOGLE) (GOOGLE - Google Inc.)
6	2001:41d0:1:1... 2001:41d0:1:1b00:87:98:239:16	16276 (OVH) (OVH)
3	104.197.240.53 104.197.240.53	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	54.231.236.41 54.231.236.41	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	52.216.21.157 52.216.21.157	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:824::200e	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	149.126.77.252 149.126.77.252	19551 (INCAPSULA) (INCAPSULA - Incapsula Inc)
2	2a00:1450:400... 2a00:1450:4001:824::2003	15169 (GOOGLE) (GOOGLE - Google Inc.)
1	2a00:1450:401... 2a00:1450:401b:801::2003	15169 (GOOGLE) (GOOGLE - Google Inc.)
27	11

3 104.197.196.164 (Mountain View, United States)

ASN15169 (GOOGLE - Google Inc., US)
PTR: 164.196.197.104.bc.googleusercontent.com

www2.cybereason.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 198.232.124.196 (Los Angeles, United States)

ASN54104 (AS-NETDNA - netDNA, US)
PTR: 196-124-232-198.static.unitasglobal.net

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:824::200a (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2001:41d0:1:1b00:87:98:239:16 (France)

ASN16276 (OVH, FR)

mdbootstrap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.197.240.53 (Mountain View, United States)

ASN15169 (GOOGLE - Google Inc., US)
PTR: 53.240.197.104.bc.googleusercontent.com

www2.cybereason.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.231.236.41 (San Jose, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-us-west-1.amazonaws.com

s3-us-west-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.216.21.157 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::200e (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 149.126.77.252 (Frankfurt, Germany)

ASN19551 (INCAPSULA - Incapsula Inc, US)
PTR: 149.126.77.252.ip.incapdns.net

www.cybereason.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:824::2003 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:401b:801::2003 (Ireland)

ASN15169 (GOOGLE - Google Inc., US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	cybereason.com www2.cybereason.com www.cybereason.com	568 KB
6	mdbootstrap.com mdbootstrap.com	185 KB
4	fontawesome.com use.fontawesome.com	87 KB
3	amazonaws.com s3-us-west-1.amazonaws.com s3.amazonaws.com	7 KB
3	googleapis.com fonts.googleapis.com	668 B
2	gstatic.com fonts.gstatic.com	34 KB
1	google.de www.google.de	60 B
1	google-analytics.com www.google-analytics.com	13 KB
27	8

	Domain	Requested by
6	mdbootstrap.com	www2.cybereason.com
6	www2.cybereason.com	www2.cybereason.com
4	use.fontawesome.com	www2.cybereason.com use.fontawesome.com
3	fonts.googleapis.com	www2.cybereason.com
2	fonts.gstatic.com	www2.cybereason.com
2	s3.amazonaws.com	www2.cybereason.com
1	www.google.de	www2.cybereason.com
1	www.cybereason.com	www2.cybereason.com
1	www.google-analytics.com	www2.cybereason.com
1	s3-us-west-1.amazonaws.com	www2.cybereason.com
27	10

This site contains no links.

Subject Issuer	Validity	Valid
tls.mautic.net Let's Encrypt Authority X3	`2017-08-23` - `2017-11-21`	3 months	crt.sh
*.fontawesome.com DigiCert SHA2 Secure Server CA	`2017-08-10` - `2018-10-17`	a year	crt.sh
*.googleapis.com Google Internet Authority G2	`2017-08-15` - `2017-11-07`	3 months	crt.sh
mdbootstrap.com Let's Encrypt Authority X3	`2017-08-28` - `2017-11-26`	3 months	crt.sh
*.s3-us-west-1.amazonaws.com DigiCert Baltimore CA-2 G2	`2017-05-12` - `2017-10-26`	6 months	crt.sh
s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2016-07-29` - `2017-11-29`	a year	crt.sh
*.google-analytics.com Google Internet Authority G2	`2017-08-15` - `2017-11-07`	3 months	crt.sh
incapsula.com GlobalSign CloudSSL CA - SHA256 - G3	`2017-08-14` - `2018-07-17`	a year	crt.sh
*.google.com Google Internet Authority G2	`2017-08-15` - `2017-11-07`	3 months	crt.sh
www.google.de Google Internet Authority G2	`2017-08-15` - `2017-11-07`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www2.cybereason.com/research-operation-escalation-click-fraud
Frame ID: 10948.1
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

27
Requests

100 %
HTTPS

45 %
IPv6

8
Domains

10
Subdomains

11
IPs

4
Countries

895 kB
Transfer

1700 kB
Size

11
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request 7

https://www2.cybereason.com/mautic/themes/cybereason_landing_page__v2/css/simple.css
https://www2.cybereason.com/themes/cybereason_landing_page__v2/css/simple.css

Request 24

https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-56367941-1&cid=1111562757.1503960770&jid=735039434&_v=j60&z=1962238041
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-56367941-1&cid=1111562757.1503960770&jid=735039434&_v=j60&z=1962238041&slf_rd=1&random=867101895

27 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request research-operation-escalation-click-fraud Show response
www2.cybereason.com/ 10 KB
3 KB 660ms
399ms Document
text/html 104.197.196.164
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://www2.cybereason.com/research-operation-escalation-click-fraud

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.197.196.164 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

164.196.197.104.bc.googleusercontent.com

Software

nginx/1.11.1 /

Resource Hash

dc96355a4da8f007fae0019f772192f66a05920124564d46a81f1656d8bd028c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date: Mon, 28 Aug 2017 22:52:45 GMT
Content-Encoding: gzip
Server: nginx/1.11.1
Vary: Accept-Encoding
Connection: keep-alive
Upgrade: h2
Cache-Control: no-cache
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=15724800; preload
Content-Type: text/html; charset=UTF-8

GET
S 200 b58b730757.js Show response
use.fontawesome.com/ 9 KB
4 KB 24ms
6ms Script
text/javascript 198.232.124.196
netDNA

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/b58b730757.js
Requested by: Host: www2.cybereason.com
URL: https://www2.cybereason.com/research-operation-escalation-click-fraud
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.232.124.196 Los Angeles, United States, ASN54104 (AS-NETDNA - netDNA, US),
Reverse DNS: 196-124-232-198.static.unitasglobal.net
Software: NetDNA-cache/2.2 /
Resource Hash: a5abeab06896fe13945d8c1bd7cd73b869380a945009678e0e9db21d675e0723

Request headers

Referer: https://www2.cybereason.com/research-operation-escalation-click-fraud
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

date: Mon, 28 Aug 2017 22:52:45 GMT
content-encoding: gzip
last-modified: Sat, 11 Feb 2017 02:17:50 GMT
server: NetDNA-cache/2.2
x-amz-request-id: A7B50849774E23C9
etag: W/"5c18ef6ef2dc326a04fae6e8c919f909"
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=0, private, must-revalidate
x-amz-id-2: G0vcSBGt0KuCjOneNZ7ACOW2m9T8n1bPILXHV6dcLm2tM/G6oaIbqB8LX0eKG+qGMyAxNj4/y/Q=

GET
S 200 b58b730757.css
use.fontawesome.com/ 1 KB
390 B 23ms
6ms Stylesheet
text/css 198.232.124.196
netDNA

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/b58b730757.css
Requested by: Host: www2.cybereason.com
URL: https://www2.cybereason.com/research-operation-escalation-click-fraud
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.232.124.196 Los Angeles, United States, ASN54104 (AS-NETDNA - netDNA, US),
Reverse DNS: 196-124-232-198.static.unitasglobal.net
Software: NetDNA-cache/2.2 /
Resource Hash: d24be847820d19ba34be41e1f48ac2251f48b7e68cc41ed423d2d3656cacebfa

Request headers

Referer: https://www2.cybereason.com/research-operation-escalation-click-fraud
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

date: Mon, 28 Aug 2017 22:52:45 GMT
content-encoding: gzip
last-modified: Sat, 11 Feb 2017 02:17:50 GMT
server: NetDNA-cache/2.2
x-amz-request-id: A426F405DD602B79
etag: W/"5fe282c10ff08df0c18298cc5b23eedc"
x-cache: HIT
content-type: text/css
status: 200
cache-control: max-age=0, private, must-revalidate
x-amz-id-2: +sPqX/AtDVOzdl5sm8r4Ilebg+rZTruKx7KqhHKXuCzNt5JH+KQPdig0GGOGoWsvRfeKYGjlyw0=

GET
S 200 css
fonts.googleapis.com/ 221 B
191 B 26ms
25ms Stylesheet
text/css 2a00:1450:4001:824::200a
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Abel

Requested by

Host: www2.cybereason.com
URL: https://www2.cybereason.com/research-operation-escalation-click-fraud

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:824::200a , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

ESF /

Resource Hash

b833f1e3dec5be07fdda9f8c2310dc1e874c13cbe41657f7e7ce49f79eff1acf

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www2.cybereason.com/research-operation-escalation-click-fraud
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

date: Mon, 28 Aug 2017 22:52:45 GMT
content-encoding: gzip
server: ESF
status: 200
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="39,38,37,35"
x-xss-protection: 1; mode=block
expires: Mon, 28 Aug 2017 22:52:45 GMT

GET
S 200 css
fonts.googleapis.com/ 282 B
258 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:824::200a
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Droid+Sans+Mono

Requested by

Host: www2.cybereason.com
URL: https://www2.cybereason.com/research-operation-escalation-click-fraud

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:824::200a , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

ESF /

Resource Hash

d36f3e61b1c387d9578cc72eac3ba9309617a74e76b8cfef916ee128c5d4d684

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www2.cybereason.com/research-operation-escalation-click-fraud
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

date: Mon, 28 Aug 2017 22:52:45 GMT
content-encoding: gzip
server: ESF
status: 200
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="39,38,37,35"
x-xss-protection: 1; mode=block
expires: Mon, 28 Aug 2017 22:52:45 GMT

GET
S 200 css
fonts.googleapis.com/ 222 B
219 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:824::200a
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato

Requested by

Host: www2.cybereason.com
URL: https://www2.cybereason.com/research-operation-escalation-click-fraud

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:824::200a , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

ESF /

Resource Hash

b59c96b1b0f3b6fd2ebf6d54214616c8ee5ad776a033dd2a36f75f5b297058e1

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www2.cybereason.com/research-operation-escalation-click-fraud
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

date: Mon, 28 Aug 2017 22:52:45 GMT
content-encoding: gzip
server: ESF
status: 200
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="39,38,37,35"
x-xss-protection: 1; mode=block
expires: Mon, 28 Aug 2017 22:52:45 GMT

GET
H/1.1 200
OK bootstrap.min.css
mdbootstrap.com/live/_MDB/css/ 103 KB
17 KB 4582ms
56ms Stylesheet
text/css 2001:41d0:1:1b00:87:98:239:16
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://mdbootstrap.com/live/_MDB/css/bootstrap.min.css
Requested by: Host: www2.cybereason.com
URL: https://www2.cybereason.com/research-operation-escalation-click-fraud
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:41d0:1:1b00:87:98:239:16 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: Apache /
Resource Hash: 9887e1bff87730bab759289295dbae64edec691373cee7f52caf30df3de5dc96

Request headers

Referer: https://www2.cybereason.com/research-operation-escalation-click-fraud
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date: Mon, 28 Aug 2017 22:52:49 GMT
Content-Encoding: gzip
Last-Modified: Fri, 28 Oct 2016 11:16:18 GMT
Server: Apache
X-IPLB-Instance: 5232
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 17261
Expires: Wed, 27 Sep 2017 22:52:49 GMT

GET
H/1.1 200
OK mdb.min.css
mdbootstrap.com/live/_MDB/css/ 277 KB
43 KB 4585ms
59ms Stylesheet
text/css 2001:41d0:1:1b00:87:98:239:16
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://mdbootstrap.com/live/_MDB/css/mdb.min.css
Requested by: Host: www2.cybereason.com
URL: https://www2.cybereason.com/research-operation-escalation-click-fraud
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:41d0:1:1b00:87:98:239:16 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: Apache /
Resource Hash: 7127c2b233760c4e93bdf18e02f255f5778022ade082a3efd321b663768ee52d

Request headers

Referer: https://www2.cybereason.com/research-operation-escalation-click-fraud
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date: Mon, 28 Aug 2017 22:52:49 GMT
Content-Encoding: gzip
Last-Modified: Fri, 28 Oct 2016 11:16:18 GMT
Server: Apache
X-IPLB-Instance: 515
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 43552
Expires: Wed, 27 Sep 2017 22:52:49 GMT

GET
H/1.1

200
OK

simple.css
www2.cybereason.com/themes/cybereason_landing_page__v2/css/
Redirect Chain

https://www2.cybereason.com/mautic/themes/cybereason_landing_page__v2/css/simple.css
https://www2.cybereason.com/themes/cybereason_landing_page__v2/css/simple.css

7 KB
2 KB

133ms
133ms

Stylesheet
text/css

104.197.196.164
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://www2.cybereason.com/themes/cybereason_landing_page__v2/css/simple.css

Requested by

Host: www2.cybereason.com
URL: https://www2.cybereason.com/research-operation-escalation-click-fraud

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.197.196.164 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

164.196.197.104.bc.googleusercontent.com

Software

nginx/1.11.1 /

Resource Hash

039908392e3cab169893d0a5e6559016b8b69f5816a7befd6e1fe100df045d6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www2.cybereason.com/research-operation-escalation-click-fraud
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date: Mon, 28 Aug 2017 22:52:45 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 Apr 2017 15:56:24 GMT
Server: nginx/1.11.1
ETag: "1a38-54ce6223a7a00-gzip"
Vary: Accept-Encoding
Upgrade: h2
Connection: keep-alive
Strict-Transport-Security: max-age=15724800; preload
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 1796

Redirect headers

Location: https://www2.cybereason.com/themes/cybereason_landing_page__v2/css/simple.css
Date: Mon, 28 Aug 2017 22:52:45 GMT
Server: nginx/1.11.1
Connection: keep-alive
Content-Length: 372
Strict-Transport-Security: max-age=15724800; preload
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK mtc.js Show response
www2.cybereason.com/ 130 KB
37 KB 399ms
398ms Script
application/javascript 104.197.196.164
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://www2.cybereason.com/mtc.js

Requested by

Host: www2.cybereason.com
URL: https://www2.cybereason.com/research-operation-escalation-click-fraud

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.197.196.164 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

164.196.197.104.bc.googleusercontent.com

Software

nginx/1.11.1 /

Resource Hash

91dfdbca9a4afb2ed20ded2e655cef63e42c8806d07730bb29ab055b5d6cf9a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www2.cybereason.com/research-operation-escalation-click-fraud
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date: Mon, 28 Aug 2017 22:52:50 GMT
Content-Encoding: gzip
Server: nginx/1.11.1
Vary: Accept-Encoding
Connection: keep-alive
Upgrade: h2
Cache-Control: no-cache
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=15724800; preload
Content-Type: application/javascript

GET
H/1.1 200
OK 4d13304f110ce682b35a6365b432812e.png
www2.cybereason.com/images// 494 KB
494 KB 359ms
128ms Image
image/png 104.197.240.53
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www2.cybereason.com/images//4d13304f110ce682b35a6365b432812e.png

Requested by

Host: www2.cybereason.com
URL: https://www2.cybereason.com/research-operation-escalation-click-fraud

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.197.240.53 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

53.240.197.104.bc.googleusercontent.com

Software

nginx/1.11.1 /

Resource Hash

57779b1e9e04dc3de2dfddb6c175563204c73c0cdb0382b956ecdf9d334ffe11

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www2.cybereason.com/research-operation-escalation-click-fraud
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date: Mon, 28 Aug 2017 22:52:50 GMT
Last-Modified: Fri, 31 Mar 2017 18:19:13 GMT
Server: nginx/1.11.1
ETag: "7b820-54c0ad8bb5edc"
Strict-Transport-Security: max-age=15724800; preload
Upgrade: h2
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 505888

GET
H/1.1 200
OK white_logo.jpg
s3-us-west-1.amazonaws.com/cybereasonbucket/wp-content/uploads/2017/03/06145801/ 2 KB
2 KB 1078ms
217ms Image
image/jpeg 54.231.236.41
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-us-west-1.amazonaws.com/cybereasonbucket/wp-content/uploads/2017/03/06145801/white_logo.jpg
Requested by: Host: www2.cybereason.com
URL: https://www2.cybereason.com/research-operation-escalation-click-fraud
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.236.41 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-us-west-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: a46fb70804b0415159089d2a78718fae064e1d81ae114a2b22120c8cc962732f

Request headers

Referer: https://www2.cybereason.com/research-operation-escalation-click-fraud
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date: Mon, 28 Aug 2017 22:52:51 GMT
Last-Modified: Mon, 06 Mar 2017 14:58:05 GMT
Server: AmazonS3
x-amz-request-id: D7B8EFDE5A504022
ETag: "e3b4a4680f44dec9efdee2b713b0e7aa"
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 2269
x-amz-id-2: Xjf47buVyIc9TX6MbQcYII9NLX2h/V4SedVn6tlqruFvr3TBwxN4nU9VLIsFRxQrq5HBIu8j3M0=
Expires: Tue, 06 Mar 2018 14:58:03 GMT

GET
H/1.1 200
OK jquery-3.1.1.min.js Show response
mdbootstrap.com/live/_MDB/js/ 85 KB
29 KB 108ms
108ms Script
application/javascript 2001:41d0:1:1b00:87:98:239:16
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://mdbootstrap.com/live/_MDB/js/jquery-3.1.1.min.js
Requested by: Host: www2.cybereason.com
URL: https://www2.cybereason.com/research-operation-escalation-click-fraud
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:41d0:1:1b00:87:98:239:16 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: Apache /
Resource Hash: 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Request headers

Referer: https://www2.cybereason.com/research-operation-escalation-click-fraud
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date: Mon, 28 Aug 2017 22:52:49 GMT
Content-Encoding: gzip
Last-Modified: Fri, 28 Oct 2016 11:16:33 GMT
Server: Apache
X-IPLB-Instance: 5232
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 30080
Expires: Wed, 27 Sep 2017 22:52:49 GMT

GET
H/1.1 200
OK tether.min.js Show response
mdbootstrap.com/live/_MDB/js/ 23 KB
7 KB 50ms
49ms Script
application/javascript 2001:41d0:1:1b00:87:98:239:16
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://mdbootstrap.com/live/_MDB/js/tether.min.js
Requested by: Host: www2.cybereason.com
URL: https://www2.cybereason.com/research-operation-escalation-click-fraud
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:41d0:1:1b00:87:98:239:16 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: Apache /
Resource Hash: b483c27381671c52377f3ae33218233ce6b57b41f52aed2d8aa6d51f68e689f4

Request headers

Referer: https://www2.cybereason.com/research-operation-escalation-click-fraud
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date: Mon, 28 Aug 2017 22:52:49 GMT
Content-Encoding: gzip
Last-Modified: Fri, 28 Oct 2016 11:16:33 GMT
Server: Apache
X-IPLB-Instance: 515
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 6887
Expires: Wed, 27 Sep 2017 22:52:49 GMT

GET
H/1.1 200
OK bootstrap.min.js Show response
mdbootstrap.com/live/_MDB/js/ 44 KB
11 KB 124ms
79ms Script
application/javascript 2001:41d0:1:1b00:87:98:239:16
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://mdbootstrap.com/live/_MDB/js/bootstrap.min.js
Requested by: Host: www2.cybereason.com
URL: https://www2.cybereason.com/research-operation-escalation-click-fraud
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:41d0:1:1b00:87:98:239:16 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: Apache /
Resource Hash: 8fe5ebbe44388c9f7d1e3d2924a3ebea4d110a0c430d24ecdcf06a2eb5f610c7

Request headers

Referer: https://www2.cybereason.com/research-operation-escalation-click-fraud
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date: Mon, 28 Aug 2017 22:52:49 GMT
Content-Encoding: gzip
Last-Modified: Fri, 28 Oct 2016 11:16:32 GMT
Server: Apache
X-IPLB-Instance: 1119
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Length: 11690
Expires: Wed, 27 Sep 2017 22:52:49 GMT

GET
H/1.1 200
OK mdb.min.js Show response
mdbootstrap.com/live/_MDB/js/ 265 KB
78 KB 152ms
106ms Script
application/javascript 2001:41d0:1:1b00:87:98:239:16
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://mdbootstrap.com/live/_MDB/js/mdb.min.js
Requested by: Host: www2.cybereason.com
URL: https://www2.cybereason.com/research-operation-escalation-click-fraud
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:41d0:1:1b00:87:98:239:16 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: Apache /
Resource Hash: b21040ffa7a0a9a740f15bdaa5bcd6c70ab19dc77011a05523a50f81c5f20957

Request headers

Referer: https://www2.cybereason.com/research-operation-escalation-click-fraud
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date: Mon, 28 Aug 2017 22:52:49 GMT
Content-Encoding: gzip
Last-Modified: Fri, 28 Oct 2016 11:16:33 GMT
Server: Apache
X-IPLB-Instance: 182
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Transfer-Encoding: chunked
Accept-Ranges: bytes
Expires: Wed, 27 Sep 2017 22:52:49 GMT

GET
H/1.1 200
OK jquery.auto-complete.min.js Show response
s3.amazonaws.com/clearbit-blog/javascripts/ 4 KB
4 KB 439ms
134ms Script
application/x-javascript 52.216.21.157
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/clearbit-blog/javascripts/jquery.auto-complete.min.js
Requested by: Host: www2.cybereason.com
URL: https://www2.cybereason.com/research-operation-escalation-click-fraud
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.21.157 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: dac8bfebb4b63724c5ec1c068f142999c44950ec55208499d1ef0408025eedd9

Request headers

Referer: https://www2.cybereason.com/research-operation-escalation-click-fraud
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date: Mon, 28 Aug 2017 22:52:51 GMT
Last-Modified: Mon, 27 Jul 2015 17:00:24 GMT
Server: AmazonS3
x-amz-request-id: CC89E239C89E1BE7
ETag: "f859b43422bf7f1b339416c29bf44a69"
Content-Type: application/x-javascript
Accept-Ranges: bytes
Content-Length: 3756
x-amz-id-2: JbaEv6fBC3k1Sdy/H7bcEhLihEolFvSBcfWkgukEgY4AkAOesW4RFCj6KKdVkWHZoLqbjg5rBtQ=

GET
H/1.1 200
OK post-autocomplete.js Show response
s3.amazonaws.com/clearbit-blog/javascripts/ 977 B
977 B 445ms
140ms Script
text/javascript 52.216.21.157
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/clearbit-blog/javascripts/post-autocomplete.js
Requested by: Host: www2.cybereason.com
URL: https://www2.cybereason.com/research-operation-escalation-click-fraud
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.21.157 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 1afe87d0b98d68810caab64e738d2d446cf19cbce7527d93d9accf8d92171b3a

Request headers

Referer: https://www2.cybereason.com/research-operation-escalation-click-fraud
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date: Mon, 28 Aug 2017 22:52:51 GMT
Last-Modified: Wed, 09 Nov 2016 19:43:49 GMT
Server: AmazonS3
x-amz-request-id: 67648B00B4877D37
ETag: "879dcd755f8135f7961064c96ace17f0"
Content-Type: text/javascript
Accept-Ranges: bytes
Content-Length: 977
x-amz-id-2: S6ZPGKhj2babEyX9Yjr/GWcHNWsCYNQa/fz7aWytFEUW/TX6m1XLCgGv5JZN4um5v0g0gTiNXss=

GET
S 200 font-awesome-css.min.css
use.fontawesome.com/releases/v4.7.0/css/ 30 KB
8 KB 7ms
6ms Stylesheet
text/css 198.232.124.196
netDNA

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css
Requested by: Host: www2.cybereason.com
URL: https://www2.cybereason.com/research-operation-escalation-click-fraud
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.232.124.196 Los Angeles, United States, ASN54104 (AS-NETDNA - netDNA, US),
Reverse DNS: 196-124-232-198.static.unitasglobal.net
Software: NetDNA-cache/2.2 /
Resource Hash: 5b9573e1023da775390e9284ec0eb1c606df9b468a28980055b4a6aa804f4350

Request headers

Referer: https://www2.cybereason.com/research-operation-escalation-click-fraud
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

date: Mon, 28 Aug 2017 22:52:45 GMT
content-encoding: gzip
last-modified: Tue, 25 Oct 2016 17:21:58 GMT
server: NetDNA-cache/2.2
status: 200
etag: W/"36082410df2ef7f83932219089dc1443"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926
x-cache: HIT

GET
S 200 fontawesome-webfont.woff2
use.fontawesome.com/releases/v4.7.0/fonts/ 75 KB
75 KB 20ms
6ms Font
application/font-woff2 198.232.124.196
netDNA

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v4.7.0/fonts/fontawesome-webfont.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/b58b730757.js
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.232.124.196 Los Angeles, United States, ASN54104 (AS-NETDNA - netDNA, US),
Reverse DNS: 196-124-232-198.static.unitasglobal.net
Software: NetDNA-cache/2.2 /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36
Referer: https://use.fontawesome.com/b58b730757.css
Origin: https://www2.cybereason.com

Response headers

date: Mon, 28 Aug 2017 22:52:45 GMT
last-modified: Mon, 17 Jul 2017 16:24:59 GMT
server: NetDNA-cache/2.2
status: 200
etag: "af7ae505a9eed503f8b8e6982036873e"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926
x-cache: HIT
accept-ranges: bytes
content-length: 77160

GET
S 200 analytics.js Show response
www.google-analytics.com/ 32 KB
13 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:824::200e
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www2.cybereason.com
URL: https://www2.cybereason.com/research-operation-escalation-click-fraud

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:824::200e , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

Golfe2 /

Resource Hash

522cc831f77209aa434abd05e5a9a114ec3aab233232394877ea5446130584de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www2.cybereason.com/research-operation-escalation-click-fraud
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 17 Aug 2017 01:11:09 GMT
server: Golfe2
age: 5863
date: Mon, 28 Aug 2017 21:15:06 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="39,38,37,35"
content-length: 13472
expires: Mon, 28 Aug 2017 23:15:06 GMT

GET
H/1.1 200
OK mautic-form.js Show response
www2.cybereason.com/mautic/media/js/ 20 KB
5 KB 355ms
121ms Script
application/javascript 104.197.240.53
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://www2.cybereason.com/mautic/media/js/mautic-form.js

Requested by

Host: www2.cybereason.com
URL: https://www2.cybereason.com/research-operation-escalation-click-fraud

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.197.240.53 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

53.240.197.104.bc.googleusercontent.com

Software

nginx/1.11.1 /

Resource Hash

b552e42842ba57d6a4e01f5aa3e01873853635902b6f4d5cfc89ef65b3666f2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www2.cybereason.com/research-operation-escalation-click-fraud
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date: Mon, 28 Aug 2017 22:52:50 GMT
Content-Encoding: gzip
Last-Modified: Wed, 23 Aug 2017 08:28:31 GMT
Server: nginx/1.11.1
ETag: "4e53-557677f3dd559-gzip"
Vary: Accept-Encoding
Upgrade: h2
Connection: keep-alive
Strict-Transport-Security: max-age=15724800; preload
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 5120

GET
S 200 header-image.jpg
www.cybereason.com/wp-content/themes/cr_theme/img/ 27 KB
27 KB 43ms
8ms Image
image/jpeg 149.126.77.252
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/wp-content/themes/cr_theme/img/header-image.jpg
Requested by: Host: www2.cybereason.com
URL: https://www2.cybereason.com/research-operation-escalation-click-fraud
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 149.126.77.252 Frankfurt, Germany, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS: 149.126.77.252.ip.incapdns.net
Software: /
Resource Hash: e1c15f5d28daa6069ff7488fe4b98fb634dc82844c7d4ed2525613711b228593

Request headers

Referer: https://www2.cybereason.com/themes/cybereason_landing_page__v2/css/simple.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

date: Mon, 28 Aug 2017 22:52:48 GMT
last-modified: Mon, 13 Mar 2017 09:09:21 GMT
x-cdn: Incapsula
etag: "6ab0-54a991122e931"
content-type: image/jpeg
status: 200
x-iinfo: 14-6712429-0 0CNN RT(1503960768943 0) q(0 -1 -1 0) r(0 -1)
cache-control: max-age=28541514, public
content-length: 27312
expires: Wed, 25 Jul 2018 07:04:42 GMT

GET
S 200 N59kklKPso9WzbZH9jwJSg.ttf
fonts.gstatic.com/s/abel/v7/ 28 KB
13 KB 9ms
8ms Font
font/ttf 2a00:1450:4001:824::2003
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/abel/v7/N59kklKPso9WzbZH9jwJSg.ttf

Requested by

Host: www2.cybereason.com
URL: https://www2.cybereason.com/research-operation-escalation-click-fraud

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:824::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

6e31bf9408d2d0d7bc64d2c607161010e98d1634840d738c7203b134acbaa0df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Abel
Origin: https://www2.cybereason.com

Response headers

date: Tue, 15 Aug 2017 21:35:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1127850
status: 200
alt-svc: quic=":443"; ma=2592000; v="39,38,37,35"
content-length: 13058
x-xss-protection: 1; mode=block
last-modified: Thu, 11 May 2017 18:07:51 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 15 Aug 2018 21:35:19 GMT

GET
S 200 ns-m2xQYezAtqh7ai59hJYW_AySPyikQrZReizgrnuw.ttf
fonts.gstatic.com/s/droidsansmono/v8/ 31 KB
22 KB 7ms
7ms Font
font/ttf 2a00:1450:4001:824::2003
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/droidsansmono/v8/ns-m2xQYezAtqh7ai59hJYW_AySPyikQrZReizgrnuw.ttf

Requested by

Host: www2.cybereason.com
URL: https://www2.cybereason.com/research-operation-escalation-click-fraud

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:824::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

sffe /

Resource Hash

bfbaaf752f58cac794257f9e30e1bdecd24b6a22244b99260665fd18a5a3045a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Droid+Sans+Mono
Origin: https://www2.cybereason.com

Response headers

date: Wed, 16 Aug 2017 02:40:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1109553
status: 200
alt-svc: quic=":443"; ma=2592000; v="39,38,37,35"
content-length: 22155
x-xss-protection: 1; mode=block
last-modified: Tue, 15 Aug 2017 21:54:58 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 16 Aug 2018 02:40:16 GMT

GET
S

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-56367941-1&cid=1111562757.1503960770&jid=735039434&_v=j60&z=1962238041
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-56367941-1&cid=1111562757.1503960770&jid=735039434&_v=j60&z=1962238041&slf_rd=1&random=867101895

42 B
60 B

83ms
43ms

Image
image/gif

2a00:1450:401b:801::2003
Google Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-56367941-1&cid=1111562757.1503960770&jid=735039434&_v=j60&z=1962238041&slf_rd=1&random=867101895

Requested by

Host: www2.cybereason.com
URL: https://www2.cybereason.com/research-operation-escalation-click-fraud

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:401b:801::2003 , Ireland, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www2.cybereason.com/research-operation-escalation-click-fraud
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Aug 2017 22:52:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="39,38,37,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 28 Aug 2017 22:52:50 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-56367941-1&cid=1111562757.1503960770&jid=735039434&_v=j60&z=1962238041&slf_rd=1&random=867101895
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="39,38,37,35"
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK modal.min.css
www2.cybereason.com/mautic/media/css/ 3 KB
578 B 120ms
120ms Stylesheet
text/css 104.197.240.53
Google Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://www2.cybereason.com/mautic/media/css/modal.min.css

Requested by

Host: www2.cybereason.com
URL: https://www2.cybereason.com/mautic/media/js/mautic-form.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.197.240.53 Mountain View, United States, ASN15169 (GOOGLE - Google Inc., US),

Reverse DNS

53.240.197.104.bc.googleusercontent.com

Software

nginx/1.11.1 /

Resource Hash

456abdf681ebc4caac61d7eb6635e21a81d1dcc10f730b98719a65c2a88fe7ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www2.cybereason.com/research-operation-escalation-click-fraud
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.101 Safari/537.36

Response headers

Date: Mon, 28 Aug 2017 22:52:50 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Aug 2017 17:17:24 GMT
Server: nginx/1.11.1
ETag: "a45-5575ac4cd1100-gzip"
Vary: Accept-Encoding
Upgrade: h2
Connection: keep-alive
Strict-Transport-Security: max-age=15724800; preload
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 578

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cybereason.com/	1970-01-01 00:00:00	Name: incap_ses_729_862627 Value: sW+oZRHoA26gz30qv+0dCsCepFkAAAAAP5BFkO7nOt6VlXe71i4qAw==
www2.cybereason.com/	1970-01-01 00:00:00	Name: f2758fd41f6c4c052a38a564d65be6f6 Value: aacaf765fa5f28d6a2d58ae6277800b0
www2.cybereason.com/	2018-08-28 22:52:45	Name: mautic_session_id Value: 4dae66d85c694374b99d8f7418f101e329c44e6b
www2.cybereason.com/	2018-08-28 22:52:45	Name: 4dae66d85c694374b99d8f7418f101e329c44e6b Value: 6337989
www2.cybereason.com/	1970-01-01 00:00:00	Name: mtc_sid Value: 4dae66d85c694374b99d8f7418f101e329c44e6b
www2.cybereason.com/	1970-01-01 00:00:00	Name: mtc_id Value: 6337989
.cybereason.com/	2019-08-28 22:52:49	Name: _ga Value: GA1.2.1111562757.1503960770
.cybereason.com/	2017-08-28 22:53:49	Name: _gat Value: 1
www2.cybereason.com/	2017-08-28 23:22:45	Name: mautic_referer_id Value: 209804
.cybereason.com/	2017-08-29 22:52:49	Name: _gid Value: GA1.2.1253125157.1503960770
.cybereason.com/	2018-08-28 12:46:56	Name: visid_incap_862627 Value: IQYErblaTnuUZA6ciyFDPcCepFkAAAAAQUIPAAAAAAA/Hi5tbMyK0ssAZHHOO/DM

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15724800; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
mdbootstrap.com
s3-us-west-1.amazonaws.com
s3.amazonaws.com
use.fontawesome.com
www.cybereason.com
www.google-analytics.com
www.google.de
www2.cybereason.com
104.197.196.164
104.197.240.53
149.126.77.252
198.232.124.196
2001:41d0:1:1b00:87:98:239:16
2a00:1450:4001:824::2003
2a00:1450:4001:824::200a
2a00:1450:4001:824::200e
2a00:1450:401b:801::2003
52.216.21.157
54.231.236.41
039908392e3cab169893d0a5e6559016b8b69f5816a7befd6e1fe100df045d6a
1afe87d0b98d68810caab64e738d2d446cf19cbce7527d93d9accf8d92171b3a
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
456abdf681ebc4caac61d7eb6635e21a81d1dcc10f730b98719a65c2a88fe7ee
522cc831f77209aa434abd05e5a9a114ec3aab233232394877ea5446130584de
57779b1e9e04dc3de2dfddb6c175563204c73c0cdb0382b956ecdf9d334ffe11
5b9573e1023da775390e9284ec0eb1c606df9b468a28980055b4a6aa804f4350
6e31bf9408d2d0d7bc64d2c607161010e98d1634840d738c7203b134acbaa0df
7127c2b233760c4e93bdf18e02f255f5778022ade082a3efd321b663768ee52d
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8fe5ebbe44388c9f7d1e3d2924a3ebea4d110a0c430d24ecdcf06a2eb5f610c7
91dfdbca9a4afb2ed20ded2e655cef63e42c8806d07730bb29ab055b5d6cf9a8
9887e1bff87730bab759289295dbae64edec691373cee7f52caf30df3de5dc96
a46fb70804b0415159089d2a78718fae064e1d81ae114a2b22120c8cc962732f
a5abeab06896fe13945d8c1bd7cd73b869380a945009678e0e9db21d675e0723
b21040ffa7a0a9a740f15bdaa5bcd6c70ab19dc77011a05523a50f81c5f20957
b483c27381671c52377f3ae33218233ce6b57b41f52aed2d8aa6d51f68e689f4
b552e42842ba57d6a4e01f5aa3e01873853635902b6f4d5cfc89ef65b3666f2e
b59c96b1b0f3b6fd2ebf6d54214616c8ee5ad776a033dd2a36f75f5b297058e1
b833f1e3dec5be07fdda9f8c2310dc1e874c13cbe41657f7e7ce49f79eff1acf
bfbaaf752f58cac794257f9e30e1bdecd24b6a22244b99260665fd18a5a3045a
d24be847820d19ba34be41e1f48ac2251f48b7e68cc41ed423d2d3656cacebfa
d36f3e61b1c387d9578cc72eac3ba9309617a74e76b8cfef916ee128c5d4d684
dac8bfebb4b63724c5ec1c068f142999c44950ec55208499d1ef0408025eedd9
dc96355a4da8f007fae0019f772192f66a05920124564d46a81f1656d8bd028c
e1c15f5d28daa6069ff7488fe4b98fb634dc82844c7d4ed2525613711b228593
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

www2.cybereason.com Open in urlscan Pro 104.197.196.164 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

27 Requests

100 %HTTPS

45 %IPv6

8 Domains

10 Subdomains

11 IPs

4 Countries

895 kBTransfer

1700 kBSize

11 Cookies

0 Outgoing links

Redirected requests

27 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

11 Cookies

Security Headers

Indicators

www2.cybereason.com Open in urlscan Pro
104.197.196.164 Public Scan

Screenshot
Live screenshot

Full Image

27
Requests

100 %
HTTPS

45 %
IPv6

8
Domains

10
Subdomains

11
IPs

4
Countries

895 kB
Transfer

1700 kB
Size

11
Cookies

27 HTTP transactions
0 data transactions