blogs.juniper.net Open in urlscan Pro
44.233.31.59 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
Submission: On September 13 via api (September 13th 2024, 2:15:03 pm UTC) from IN — Scanned from DE

Summary HTTP 110 Redirects Links 100 Behaviour Indicators

Summary

This website contacted 42 IPs in 7 countries across 30 domains to perform 110 HTTP transactions. The main IP is 44.233.31.59, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is blogs.juniper.net.
TLS certificate: Issued by Amazon RSA 2048 M03 on May 17th 2024. Valid for: a year.

This is the only time blogs.juniper.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
30	44.233.31.59 44.233.31.59	16509 (AMAZON-02) (AMAZON-02)
10	151.101.131.10 151.101.131.10	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
20	2a02:26f0:480... 2a02:26f0:480:f9d::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:1495	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	52.17.26.217 52.17.26.217	16509 (AMAZON-02) (AMAZON-02)
2	18.66.102.127 18.66.102.127	16509 (AMAZON-02) (AMAZON-02)
3	2.19.126.198 2.19.126.198	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	54.75.32.208 54.75.32.208	16509 (AMAZON-02) (AMAZON-02)
2	63.140.62.17 63.140.62.17	15224 (OMNITURE) (OMNITURE)
1 1	54.220.77.37 54.220.77.37	16509 (AMAZON-02) (AMAZON-02)
1	66.235.152.225 66.235.152.225	15224 (OMNITURE) (OMNITURE)
1	2a02:26f0:350... 2a02:26f0:3500:10::210:a9a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 4	172.217.23.102 172.217.23.102	15169 (GOOGLE) (GOOGLE)
1	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
1	184.25.216.9 184.25.216.9	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	192.29.67.231 192.29.67.231	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
1 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.32.27.65 13.32.27.65	16509 (AMAZON-02) (AMAZON-02)
1	34.96.71.22 34.96.71.22	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	2600:9000:272... 2600:9000:2724:3c00:1d:8d6d:3b40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	18.172.103.101 18.172.103.101	16509 (AMAZON-02) (AMAZON-02)
3	2620:1ec:33:3... 2620:1ec:33:3::10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:81c::2008	15169 (GOOGLE) (GOOGLE)
1	142.250.186.142 142.250.186.142	15169 (GOOGLE) (GOOGLE)
2	54.188.203.142 54.188.203.142	16509 (AMAZON-02) (AMAZON-02)
1 1	216.239.36.21 216.239.36.21	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:38::15	15169 (GOOGLE) (GOOGLE)
1	142.250.186.134 142.250.186.134	15169 (GOOGLE) (GOOGLE)
1	104.18.20.104 104.18.20.104	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	41.63.96.130 41.63.96.130	22822 (LLNW) (LLNW)
1	108.138.26.63 108.138.26.63	16509 (AMAZON-02) (AMAZON-02)
1	52.204.237.3 52.204.237.3	14618 (AMAZON-AES) (AMAZON-AES)
1	23.197.128.137 23.197.128.137	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	2620:116:800d... 2620:116:800d:21:ef75:8280:f209:5ba1	16509 (AMAZON-02) (AMAZON-02)
1 2	52.19.101.219 52.19.101.219	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:223... 2600:9000:223c:8e00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	34.36.216.150 34.36.216.150	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	98.98.135.24 98.98.135.24	21859 (ZEN-ECN) (ZEN-ECN)
1	91.228.74.159 91.228.74.159	16509 (AMAZON-02) (AMAZON-02)
110	42

30 44.233.31.59 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-233-31-59.us-west-2.compute.amazonaws.com

blogs.juniper.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 151.101.131.10 (San Francisco, United States)

ASN54113 (FASTLY, US)

www.juniper.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a02:26f0:480:f9d::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:1495 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.17.26.217 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-26-217.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.102.127 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-127.fra56.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.19.126.198 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-19-126-198.deploy.static.akamaitechnologies.com

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.75.32.208 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-75-32-208.eu-west-1.compute.amazonaws.com

junipernetworks.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.140.62.17 (United States)

ASN15224 (OMNITURE, US)
PTR: ip-63-140-62-17.data.adobedc.net

junipernetworks.d2.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.220.77.37 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-220-77-37.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.235.152.225 (United States)

ASN15224 (OMNITURE, US)
PTR: ip-66-235-152-225.data.adobedc.net

junipernetworks.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:10::210:a9a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.23.102 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f6.1e100.net

3872718.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
11607354.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.25.216.9 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-25-216-9.deploy.static.akamaitechnologies.com

img.en25.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.29.67.231 (Toronto, Canada) 1 redirects

ASN31898 (ORACLE-BMC-31898, US)

s1229.t.eloqua.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-65.fra56.r.cloudfront.net

scripts.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.71.22 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 22.71.96.34.bc.googleusercontent.com

s.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2724:3c00:1d:8d6d:3b40:93a1 (United States)

ASN16509 (AMAZON-02, US)

tag-logger.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.172.103.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-172-103-101.fra60.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:33:3::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.142 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f14.1e100.net

google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.188.203.142 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-188-203-142.us-west-2.compute.amazonaws.com

twin-iq.kickfire.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.36.21 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: any-in-2415.1e100.net

jelly.mdhv.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:38::15 (United States)

ASN15169 (GOOGLE, US)

jelly-v6.mdhv.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.134 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.20.104 (None, )

ASN13335 (CLOUDFLARENET, US)

tracker.pixeltracker.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 41.63.96.130 (Frankfurt am Main, Germany)

ASN22822 (LLNW, US)
PTR: https-41-63-96-130.hhn.llnw.net

cdn01.basis.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.26.63 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-26-63.fra56.r.cloudfront.net

pixel.veritone-ce.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.204.237.3 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-204-237-3.compute-1.amazonaws.com

p.veritone-ce.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.197.128.137 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-197-128-137.deploy.static.akamaitechnologies.com

servedby.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:ef75:8280:f209:5ba1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.19.101.219 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-101-219.eu-west-1.compute.amazonaws.com

cnv.event.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:8e00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.36.216.150 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 150.216.36.34.bc.googleusercontent.com

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 98.98.135.24 (Riyadh, Saudi Arabia)

ASN21859 (ZEN-ECN, US)

pixel.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.228.74.159 (United Kingdom)

ASN16509 (AMAZON-02, US)

pixel-ssn.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
40	juniper.net blogs.juniper.net www.juniper.net — Cisco Umbrella Rank: 497251	6 MB
20	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 521	166 KB
6	doubleclick.net 2 redirects 3872718.fls.doubleclick.net — Cisco Umbrella Rank: 964149 googleads.g.doubleclick.net — Cisco Umbrella Rank: 77 11607354.fls.doubleclick.net — Cisco Umbrella Rank: 833314 ad.doubleclick.net — Cisco Umbrella Rank: 210	1 KB
4	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 669 px4.ads.linkedin.com — Cisco Umbrella Rank: 7330	2 KB
4	typekit.net p.typekit.net — Cisco Umbrella Rank: 1499 use.typekit.net — Cisco Umbrella Rank: 1178	705 KB
3	sitescout.com 1 redirects pixel-sync.sitescout.com — Cisco Umbrella Rank: 1117 pixel.sitescout.com — Cisco Umbrella Rank: 9356	515 B
3	quantserve.com 1 redirects secure.quantserve.com — Cisco Umbrella Rank: 2337 pixel.quantserve.com — Cisco Umbrella Rank: 1616 pixel-ssn.quantserve.com — Cisco Umbrella Rank: 507693	11 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 534	15 KB
3	omtrdc.net junipernetworks.d2.sc.omtrdc.net — Cisco Umbrella Rank: 681962 junipernetworks.tt.omtrdc.net — Cisco Umbrella Rank: 972704	1 KB
3	company-target.com api.company-target.com — Cisco Umbrella Rank: 9578 s.company-target.com — Cisco Umbrella Rank: 2669	3 KB
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 319 junipernetworks.demdex.net	2 KB
2	bidr.io 1 redirects cnv.event.prod.bidr.io — Cisco Umbrella Rank: 24996	1 KB
2	veritone-ce.com pixel.veritone-ce.com p.veritone-ce.com — Cisco Umbrella Rank: 67014	1010 B
2	mdhv.io 1 redirects jelly.mdhv.io — Cisco Umbrella Rank: 14993 jelly-v6.mdhv.io — Cisco Umbrella Rank: 16399	633 B
2	kickfire.com twin-iq.kickfire.com — Cisco Umbrella Rank: 75325	1 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	171 KB
2	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 2631 insight.adsrvr.org — Cisco Umbrella Rank: 1486	6 KB
2	demandbase.com scripts.demandbase.com — Cisco Umbrella Rank: 22842 tag-logger.demandbase.com — Cisco Umbrella Rank: 13079	18 KB
2	eloqua.com 1 redirects s1229.t.eloqua.com	1 KB
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 2075	2 KB
1	flashtalking.com servedby.flashtalking.com — Cisco Umbrella Rank: 1478
1	basis.net cdn01.basis.net — Cisco Umbrella Rank: 9836	2 KB
1	pixeltracker.co tracker.pixeltracker.co — Cisco Umbrella Rank: 53938	5 KB
1	google.com google.com — Cisco Umbrella Rank: 1	17 B
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 1352	98 B
1	en25.com img.en25.com — Cisco Umbrella Rank: 15632	3 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 176	20 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1884	14 KB
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 2184	490 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 110	4 KB
110	30

	Domain	Requested by
30	blogs.juniper.net	blogs.juniper.net
20	assets.adobedtm.com	blogs.juniper.net assets.adobedtm.com
10	www.juniper.net	blogs.juniper.net www.juniper.net
3	bat.bing.com	blogs.juniper.net bat.bing.com
3	px.ads.linkedin.com	1 redirects snap.licdn.com
3	use.typekit.net	blogs.juniper.net
2	pixel-sync.sitescout.com	1 redirects blogs.juniper.net
2	cnv.event.prod.bidr.io	1 redirects
2	11607354.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	twin-iq.kickfire.com	assets.adobedtm.com
2	www.googletagmanager.com	assets.adobedtm.com
2	s1229.t.eloqua.com	1 redirects blogs.juniper.net
2	3872718.fls.doubleclick.net	1 redirects blogs.juniper.net
2	junipernetworks.d2.sc.omtrdc.net	assets.adobedtm.com blogs.juniper.net
2	api.company-target.com	assets.adobedtm.com scripts.demandbase.com
2	dpm.demdex.net	assets.adobedtm.com blogs.juniper.net
1	pixel-ssn.quantserve.com
1	pixel.quantserve.com	1 redirects
1	pixel.sitescout.com
1	rules.quantcount.com	secure.quantserve.com
1	secure.quantserve.com	blogs.juniper.net
1	servedby.flashtalking.com	assets.adobedtm.com
1	p.veritone-ce.com
1	pixel.veritone-ce.com	assets.adobedtm.com
1	cdn01.basis.net	assets.adobedtm.com
1	tracker.pixeltracker.co	assets.adobedtm.com
1	ad.doubleclick.net
1	jelly-v6.mdhv.io
1	jelly.mdhv.io	1 redirects
1	google.com	www.googletagmanager.com
1	insight.adsrvr.org	js.adsrvr.org
1	js.adsrvr.org	assets.adobedtm.com
1	tag-logger.demandbase.com	scripts.demandbase.com
1	id.rlcdn.com	blogs.juniper.net
1	s.company-target.com	scripts.demandbase.com
1	scripts.demandbase.com	blogs.juniper.net
1	px4.ads.linkedin.com	blogs.juniper.net
1	googleads.g.doubleclick.net	www.googleadservices.com
1	img.en25.com	blogs.juniper.net
1	www.googleadservices.com	assets.adobedtm.com
1	snap.licdn.com	blogs.juniper.net
1	junipernetworks.tt.omtrdc.net	assets.adobedtm.com
1	cm.everesttech.net	1 redirects
1	junipernetworks.demdex.net	assets.adobedtm.com
1	p.typekit.net	blogs.juniper.net
1	fonts.googleapis.com	blogs.juniper.net
110	46

This site contains links to these domains. Also see Links.

Domain
www.juniper.net
community.juniper.net
summit.juniper.net
support.juniper.net
supportportal.juniper.net
license.juniper.net
entitlementsearch.juniper.net
kb.juniper.net
prsearch.juniper.net
apps.juniper.net
forums.juniper.net
threatlabs.juniper.net
learningportal.juniper.net
www.certmetrics.com
www.facebook.com
www.linkedin.com
twitter.com
investor.juniper.net

Subject Issuer	Validity	Valid
blogs.juniper.net Amazon RSA 2048 M03	`2024-05-17` - `2025-06-16`	a year	crt.sh
www.juniper.net Sectigo RSA Organization Validation Secure Server CA	`2024-04-30` - `2025-04-30`	a year	crt.sh
upload.video.google.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-09` - `2025-08-09`	a year	crt.sh
use.typekit.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-08-27` - `2025-09-27`	a year	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2024-10-26`	a year	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2024-08-13` - `2025-09-14`	a year	crt.sh
*.d2.sc.omtrdc.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-07` - `2025-03-09`	a year	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2024-02-26` - `2025-03-28`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
*.doubleclick.net WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.googleadservices.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.en25.com DigiCert TLS RSA SHA256 2020 CA1	`2024-07-30` - `2025-07-29`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-09-11` - `2025-03-11`	6 months	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2024-08-27` - `2025-09-28`	a year	crt.sh
*.company-target.com R11	`2024-08-15` - `2024-11-13`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2024-02-06` - `2025-03-05`	a year	crt.sh
*.demandbase.com Amazon RSA 2048 M02	`2024-06-10` - `2025-07-08`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2024-04-23` - `2025-05-25`	a year	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 04	`2024-06-19` - `2024-12-16`	6 months	crt.sh
*.google-analytics.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.google.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
twin-iq.kickfire.com Amazon RSA 2048 M02	`2023-11-28` - `2024-12-26`	a year	crt.sh
pixeltracker.co WE1	`2024-08-04` - `2024-11-02`	3 months	crt.sh
cdn01.basis.net GeoTrust TLS RSA CA G1	`2024-05-06` - `2025-06-06`	a year	crt.sh
pixel.veritone-ce.com Amazon RSA 2048 M03	`2024-05-16` - `2025-06-14`	a year	crt.sh
p.veritone-ce.com Amazon RSA 2048 M02	`2024-07-04` - `2025-08-03`	a year	crt.sh
servedby.flashtalking.com DigiCert TLS RSA SHA256 2020 CA1	`2024-07-17` - `2025-07-17`	a year	crt.sh
quantserve.com R11	`2024-08-23` - `2024-11-21`	3 months	crt.sh
*.sitescout.com GeoTrust TLS RSA CA G1	`2024-01-15` - `2025-02-01`	a year	crt.sh

This page contains 8 frames:

Primary Page: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
Frame ID: F4B677678DFEF07F100D145E5289C3BA
Requests: 103 HTTP requests in this frame

Frame: https://junipernetworks.demdex.net/dest5.html?d_nsid=0
Frame ID: 73B523922502A3C64E394EB143F27D07
Requests: 1 HTTP requests in this frame

Frame: https://3872718.fls.doubleclick.net/activityi;dc_pre=CKbl7siNwIgDFc0lBgAd5kcdcQ;src=3872718;type=gojpnet;cat=pagev0;u1=GAjbFqZo3E9zulJN7o9o964auDs4XXGu-1726236898;u2=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;u5=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6408994722392.097
Frame ID: ACAF70435C0F2B453F2AF1057EB3A864
Requests: 1 HTTP requests in this frame

Frame: https://s.company-target.com/s/sync?exc=lr
Frame ID: A24C50550572DC0E29AB5E818E94187B
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=ayvdycl&ref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&upid=6x1itd9&upv=1.1.0&paapi=1
Frame ID: 3F91B1DA92D18F897EF1674CEBE08AA4
Requests: 1 HTTP requests in this frame

Frame: https://11607354.fls.doubleclick.net/activityi;dc_pre=CPi668mNwIgDFTsqBgAd8Zwrvw;src=11607354;type=brand0;cat=junip00;ord=9426934887093;npa=1;auiddc=1616731516.1726236900;u1=en-us;u2=threat-labs-knowledge-base;u3=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;u5=null;u6=null;u7=null;u8=null;ps=1;pcor=1402475104;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;user_data_mode=a;gtm=45fe49b0v9189922125za200;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;tag_exp=0;epver=2;em=tv.1;~oref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware
Frame ID: ECDBED7F78315E60688A9568C56276EC
Requests: 1 HTTP requests in this frame

Frame: https://servedby.flashtalking.com/container/16396;116748;12367;iframe/?ftXRef=[%INSERT_TRANSACTION_ID_HERE%]&ftXValue=[%INSERT_TRANSACTION_VALUE_HERE%]&ftXType=[%INSERT_TRANSACTION_TYPE_HERE%]&ftXName=[%INSERT_TRANSACTION_NAME_HERE%]&ftXNumItems=[%INSERT_TRANSACTION_QUANTITY_HERE%]&ftXCurrency=[%INSERT_TRANSACTION_CURRENCY_HERE%]&U1=[%INSERT_U1_HERE%]&U2=[%INSERT_U2_HERE%]&U3=[%INSERT_U3_HERE%]&U4=[%INSERT_U4_HERE%]&U5=[%INSERT_U5_HERE%]&U6=[%INSERT_U6_HERE%]&U7=[%INSERT_U7_HERE%]&U8=[%INSERT_U8_HERE%]&U9=[%INSERT_U9_HERE%]&U10=[%INSERT_U10_HERE%]&U11=[%INSERT_U11_HERE%]&U12=[%INSERT_U12_HERE%]&U13=[%INSERT_U13_HERE%]&U14=[%INSERT_U14_HERE%]&U15=[%INSERT_U15_HERE%]&U16=[%INSERT_U16_HERE%]&U17=[%INSERT_U17_HERE%]&U18=[%INSERT_U18_HERE%]&U19=[%INSERT_U19_HERE%]&U20=[%INSERT_U20_HERE%]&ft_referrer=&ns=&cb=145392.03468133177
Frame ID: 06699D4B23FFEA332013F9D71C34480D
Requests: 1 HTTP requests in this frame

Frame: https://pixel-sync.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Frame ID: E9343F2BE85ABCF560895CBBEE21CC02
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Blackbyte Ransomware | Official Juniper Networks Blogs

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/
wp-embed\.min\.js\?ver=([\d.]+)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

110
Requests

95 %
HTTPS

25 %
IPv6

30
Domains

46
Subdomains

42
IPs

7
Countries

7520 kB
Transfer

8688 kB
Size

40
Cookies

100 Outgoing links

These are links going to different origins than the main page.

URL: https://www.juniper.net/us/en.html
Title: United States

Search URL Search Domain Scan URL

URL: https://www.juniper.net/br/pt.html
Title: Brazil - Brasil

Search URL Search Domain Scan URL

URL: https://www.juniper.net/cn/zh.html
Title: China - 中国

Search URL Search Domain Scan URL

URL: https://www.juniper.net/fr/fr.html
Title: France

Search URL Search Domain Scan URL

URL: https://www.juniper.net/de/de.html
Title: Germany - Deutschland

Search URL Search Domain Scan URL

URL: https://www.juniper.net/it/it.html
Title: Italy - Italia

Search URL Search Domain Scan URL

URL: https://www.juniper.net/jp/ja.html
Title: Japan - 日本

Search URL Search Domain Scan URL

URL: https://www.juniper.net/kr/ko.html
Title: Korea - 대한민국

Search URL Search Domain Scan URL

URL: https://www.juniper.net/mx/es.html
Title: Latin America

Search URL Search Domain Scan URL

URL: https://www.juniper.net/ru/ru.html
Title: Russia - Россия

Search URL Search Domain Scan URL

URL: https://www.juniper.net/es/es.html
Title: Spain - España

Search URL Search Domain Scan URL

URL: https://www.juniper.net/nl/nl.html
Title: The Netherlands

Search URL Search Domain Scan URL

URL: https://www.juniper.net/gb/en.html
Title: United Kingdom

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/company/contact-us.html
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.juniper.net/utils/secure/login.html
Title: Log In

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/company.html
Title: Why Juniper?

Search URL Search Domain Scan URL

URL: https://community.juniper.net/home
Title: Community

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/customers.html
Title: Customer Success

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/how-to-buy/form.html
Title: How to Buy

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/company/awards-and-industry-recognition.html
Title: Industry Recognition

Search URL Search Domain Scan URL

URL: https://summit.juniper.net/replay
Title: Juniper Summits

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/partners.html
Title: Partnership

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products.html
Title: Products & Solutions

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products/cloud-services.html
Title: Cloud Services

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products/network-automation.html
Title: Network Automation

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products/routers/mx-series/network-edge-services.html
Title: Network Edge Services

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products/network-operating-system.html
Title: Network Operating System

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products/packet-optical.html
Title: Packet Optical

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products/routers.html
Title: Routers

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products/sdn-and-orchestration.html
Title: SDN, Management & Operations

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products/security.html
Title: Security

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products/software.html
Title: Software

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products/switches.html
Title: Switches

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products/access-points.html
Title: Wireless Access Points

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products/products-a-to-z.html
Title: All Products A-Z

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/eol/
Title: End of Life

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions.html
Title: Solutions

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/it-networking.html
Title: Enterprise

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/cloud-operator.html
Title: Cloud Provider

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/service-provider.html
Title: Service Provider

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/400g.html
Title: 400G

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/artificial-intelligence-for-it-operations-aiops.html
Title: AI and Machine Learning

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/automation.html
Title: Automation

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/contact-tracing.html
Title: Contact Tracing

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/data-center.html
Title: Data Center

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/ip-transport-solution/metro.html
Title: Metro

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/sase.html
Title: SASE

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/sd-wan.html
Title: SD-WAN

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/security.html
Title: Security

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/automation/segment-routing.html
Title: Segment Routing

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/wireless-access.html
Title: Wired & Wireless Access

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/federal-government.html
Title: Federal Government

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/healthcare.html
Title: Healthcare

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/services.html
Title: Services

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/services/advisory-services.html
Title: Advisory Services

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/services/implementation-services.html
Title: Implementation Services

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/services/migration-services.html
Title: Migration Services

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/services/optimization-services.html
Title: Optimization Services

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/services/support-services.html
Title: Support Services

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/
Title: Support

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/up-and-running/
Title: Getting Started

Search URL Search Domain Scan URL

URL: https://supportportal.juniper.net/
Title: Juniper Support Portal

Search URL Search Domain Scan URL

URL: https://license.juniper.net/licensemanage/
Title: Product License Keys

Search URL Search Domain Scan URL

URL: https://entitlementsearch.juniper.net/entitlementsearch/
Title: Product Entitlement Search

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/requesting-support/
Title: Contact Support

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/downloads/
Title: Downloads

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/downloads/?f=ex
Title: EX Series

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/downloads/?f=mx
Title: MX Series

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/downloads/?f=ptx
Title: PTX Series

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/downloads/?f=qfx
Title: QFX Series

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/downloads/?f=srx
Title: SRX Series

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/downloads/?f=space
Title: Junos Space

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/downloads/?f=ssg
Title: SSG Series

Search URL Search Domain Scan URL

URL: https://kb.juniper.net/InfoCenter/index?page=home
Title: Knowledge Base

Search URL Search Domain Scan URL

URL: https://www.juniper.net/documentation/
Title: TechLibrary

Search URL Search Domain Scan URL

URL: https://prsearch.juniper.net/InfoCenter/index?page=prsearch
Title: Problem Report Search

Search URL Search Domain Scan URL

URL: https://apps.juniper.net/home/
Title: Pathfinder

Search URL Search Domain Scan URL

URL: https://forums.juniper.net/
Title: Community

Search URL Search Domain Scan URL

URL: https://threatlabs.juniper.net/home/search/#/list/ips?page_number=1&page_size=20
Title: Security Intelligence

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/report-a-security-vulnerability.html
Title: Report a Vulnerability

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/training.html
Title: Training

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/training/
Title: Training

Search URL Search Domain Scan URL

URL: https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=JUNIPER-TRAINING-SCHEDULE-HOME
Title: Schedule of Classes

Search URL Search Domain Scan URL

URL: https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=ALL-ACCESS-TRAINING-PASS-HOME
Title: All Access Training Pass

Search URL Search Domain Scan URL

URL: https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=JUNIPER-ONDEMAND-TRAINING-HOME
Title: On-demand Courses

Search URL Search Domain Scan URL

URL: https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=11478
Title: Open Learning

Search URL Search Domain Scan URL

URL: https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=JUNIPER-LEARNING-PATHS-HOME
Title: Learning Paths

Search URL Search Domain Scan URL

URL: https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=FREE-JUNIPER-TRAINING-HOME
Title: Getting Started

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/training/certification.html
Title: Certification

Search URL Search Domain Scan URL

URL: https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=JUNIPER-CERTIFICATION-PROGRAM-HOME
Title: Certification Resources

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/training/certification/recertification.html
Title: Recertification

Search URL Search Domain Scan URL

URL: https://www.certmetrics.com/juniper/login.aspx?ReturnUrl=%2fjuniper%2f
Title: Manage My Certs

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/forms/apstra-free-trial.html
Title: Offers and Trials

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/company/culture-careers.html
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/company/corporate-responsibility.html
Title: Corporate Responsibility

Search URL Search Domain Scan URL

URL: https://investor.juniper.net/investor-relations/default.aspx
Title: Investor Relations

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 41

https://cm.everesttech.net/cm/dd?d_uuid=13270214582154211113560130071355897251 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZuRI2AAAAIKI2wNe

Request Chain 51

https://3872718.fls.doubleclick.net/activityi;src=3872718;type=gojpnet;cat=pagev0;u1=GAjbFqZo3E9zulJN7o9o964auDs4XXGu-1726236898;u2=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;u5=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6408994722392.097 HTTP 302
https://3872718.fls.doubleclick.net/activityi;dc_pre=CKbl7siNwIgDFc0lBgAd5kcdcQ;src=3872718;type=gojpnet;cat=pagev0;u1=GAjbFqZo3E9zulJN7o9o964auDs4XXGu-1726236898;u2=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;u5=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6408994722392.097

Request Chain 54

https://s1229.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=1229&ref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&ref2=elqNone&tzo=-60&ms=194&optin=disabled HTTP 302
https://s1229.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=1229&ref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&ref2=elqNone&tzo=-60&ms=194&optin=disabled&elqCookie=1

Request Chain 58

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4751&time=1726236898316&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4751&time=1726236898316&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&e_ipv6=AQKSHLAyaZomywAAAZHrvLVkZz_w93NypTPPSdX3l0I5DXvPwGTTIMrFoweUOo08NQoFJ0fs6gcbCg

Request Chain 91

https://jelly.mdhv.io/v1/star.gif?pid=lL9ruUN6fSVYtuhdYDioOK6oziLQ&src=mh&evt=hi HTTP 307
https://jelly-v6.mdhv.io/v1/starV6.gif?evt=hi&pid=lL9ruUN6fSVYtuhdYDioOK6oziLQ&src=mh&tx=0065644d-4571-4afb-9b81-00f67153a917

Request Chain 92

https://11607354.fls.doubleclick.net/activityi;src=11607354;type=brand0;cat=junip00;ord=9426934887093;npa=1;auiddc=1616731516.1726236900;u1=en-us;u2=threat-labs-knowledge-base;u3=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;u5=null;u6=null;u7=null;u8=null;ps=1;pcor=1402475104;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;user_data_mode=a;gtm=45fe49b0v9189922125za200;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;tag_exp=0;epver=2;em=tv.1;~oref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware HTTP 302
https://11607354.fls.doubleclick.net/activityi;dc_pre=CPi668mNwIgDFTsqBgAd8Zwrvw;src=11607354;type=brand0;cat=junip00;ord=9426934887093;npa=1;auiddc=1616731516.1726236900;u1=en-us;u2=threat-labs-knowledge-base;u3=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;u5=null;u6=null;u7=null;u8=null;ps=1;pcor=1402475104;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;user_data_mode=a;gtm=45fe49b0v9189922125za200;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;tag_exp=0;epver=2;em=tv.1;~oref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware

Request Chain 103

https://cnv.event.prod.bidr.io/log/cnv?tag_id=7&buzz_key=demandworks&value=&segment_key=&account_id=2&order=[ORDER]&ord=[CACHEBUSTER] HTTP 303
https://cnv.event.prod.bidr.io/log/cnv?tag_id=7&buzz_key=demandworks&value=&segment_key=&account_id=2&order=%5BORDER%5D&ord=%5BCACHEBUSTER%5D&_bee_ppp=1

Request Chain 106

https://pixel-sync.sitescout.com/dmp/asyncPixelSync HTTP 302
https://pixel-sync.sitescout.com/dmp/asyncPixelSync?cookieQ=1

Request Chain 108

https://pixel.quantserve.com/pixel;r=1961586933;labels=_fp.event.Default;rf=0;a=p-12W2nEaTZGDpg;url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;uht=2;fpan=1;fpa=P0-884584826-1726236901536;pbc=;ns=0;ce=1;qjs=1;qv=15f23c9a-20240703164903;cm=;gdpr=0;ref=;d=juniper.net;dst=1;et=1726236901738;tzo=-120;ogl=locale.en_US%2Ctype.article%2Ctitle.Blackbyte%20Ransomware%20%7C%20Official%20Juniper%20Networks%20Blogs%2Cdescription.Threat%20Description%C2%A0%20%C2%A0Sha256%3A%201df11bc19aa52b623bdf15380e3fded56d8eb6fb7b53a224077%2Curl.https%3A%2F%2Fblogs%252Ejuniper%252Enet%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware%2Csite_name.Official%20Juniper%20Networks%20Blogs%2Cimage.https%3A%2F%2Fblogs%252Ejuniper%252Enet%2Fwp-content%2Fuploads%2F2022%2F03%2Fransom_note-1024x444%252Epng%2Curl.https%3A%2F%2Fblogs%252Ejuniper%252Enet%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware%2Ctitle.Blackbyte%20Ransomware;ses=e8dca33b-046b-437b-9e66-a7fef0e9aa67;mdl= HTTP 302
https://pixel-ssn.quantserve.com/pixel;r=1961586933;labels=_fp.event.Default;rf=0;a=p-12W2nEaTZGDpg;url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;uht=2;fpan=1;fpa=P0-884584826-1726236901536;pbc=;ns=0;ce=1;qjs=1;qv=15f23c9a-20240703164903;cm=;gdpr=0;ref=;d=juniper.net;dst=1;et=1726236901738;tzo=-120;ogl=locale.en_US%2Ctype.article%2Ctitle.Blackbyte%20Ransomware%20%7C%20Official%20Juniper%20Networks%20Blogs%2Cdescription.Threat%20Description%C2%A0%20%C2%A0Sha256%3A%201df11bc19aa52b623bdf15380e3fded56d8eb6fb7b53a224077%2Curl.https%3A%2F%2Fblogs%252Ejuniper%252Enet%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware%2Csite_name.Official%20Juniper%20Networks%20Blogs%2Cimage.https%3A%2F%2Fblogs%252Ejuniper%252Enet%2Fwp-content%2Fuploads%2F2022%2F03%2Fransom_note-1024x444%252Epng%2Curl.https%3A%2F%2Fblogs%252Ejuniper%252Enet%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware%2Ctitle.Blackbyte%20Ransomware;ses=e8dca33b-046b-437b-9e66-a7fef0e9aa67;mdl=;dip=2c5bb817-aef9-4139-9d22-53757813e4ba

110 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request blackbyte-ransomware Show response
blogs.juniper.net/en-us/threat-labs-knowledge-base/ 111 KB
112 KB 873ms
413ms Document
text/html 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 / PHP/7.4.24

Resource Hash

177017cb8a71dc724639c540e82f90a4c3af791ecffdbd8759c4eccba4a04f50

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cache-control: max-age=3, must-revalidate
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
content-type: text/html; charset=UTF-8
date: Fri, 13 Sep 2024 14:14:36 GMT
permissions-policy: geolocation=(self)
referrer-policy: strict-origin-when-cross-origin
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
strict-transport-security: max-age=31536000
vary: Accept-Encoding,Cookie
x-content-type-options: nosniff
x-powered-by: PHP/7.4.24
x-ua-compatible: IE=edge,chrome=1
x-xss-protection: 1; mode=block

GET
H2 200 dfd_icon_set.css
blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/fonts/dfd_icon_set/ 75 KB
76 KB 325ms
315ms Stylesheet
text/css 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/fonts/dfd_icon_set/dfd_icon_set.css?ver=5.8.10

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

89a733d708f3c1d4e9586f565282da135a31e93a9ad3da1611f64d1a112b457c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:37 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 16 Oct 2021 05:27:39 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "12dba-5ce7192036aaf"
vary: Accept-Encoding,Host
content-type: text/css
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 77242
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 style.min.css
blogs.juniper.net/wp-includes/css/dist/block-library/ 79 KB
79 KB 331ms
321ms Stylesheet
text/css 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-includes/css/dist/block-library/style.min.css?ver=5.8.10

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:37 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 16 Oct 2021 05:25:53 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "13abe-5ce718bae115c"
vary: Accept-Encoding,Host
content-type: text/css
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 80574
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 mobile-responsive.css
blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/css/ 106 KB
106 KB 331ms
321ms Stylesheet
text/css 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/css/mobile-responsive.css?ver=5.8.10

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

aaca7ef5b10dce82f9dd66e31815f073ef81677f6fc81c17ab6e688f2189fd20

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:37 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 16 Oct 2021 05:27:39 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "1a604-5ce7192035b0f"
vary: Accept-Encoding,Host
content-type: text/css
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 108036
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 global-nav.css
www.juniper.net/assets/styles/ 12 KB
13 KB 672ms
291ms Stylesheet
text/css 151.101.131.10
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.juniper.net/assets/styles/global-nav.css

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.131.10 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e253109e6d843fd0dd5887c79ec1340e56913d38ad179499aeb55163875de6a7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .juniper.net .junipercloud.net .mistsys.com .mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
Strict-Transport-Security	max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000, max-age=31536000; includeSubDomains
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net *.junipercloud.net *.mistsys.com *.mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
x-content-type-options: nosniff
date: Fri, 13 Sep 2024 14:14:37 GMT
x-cache: MISS
content-length: 12372
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1
x-served-by: cache-fra-etou8220134-FRA
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 07 May 2020 03:44:53 GMT
x-timer: S1726236877.461028,VS0,VS0,VE167
etag: "3054-5a506b411b740"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS, PUT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=259200, public
permissions-policy: geolocation=(self)
vary: Accept-Encoding
accept-ranges: bytes
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token

GET
H2 200 visual-composer.css
blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/css/ 613 KB
614 KB 334ms
324ms Stylesheet
text/css 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/css/visual-composer.css

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

4571e596020138c4fa269eabd1c5ae125d31c168c6d751aeb96d457f91ae9b45

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:37 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 16 Oct 2021 05:27:39 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "99534-5ce71920362df"
vary: Accept-Encoding,Host
content-type: text/css
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 628020
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 font.css
blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/ 3 KB
4 KB 322ms
313ms Stylesheet
text/css 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/font.css

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

0d959c38ce96d9eb0b03d81293e3bd3a9d4f7e82a760a67ee14e99cfa6ee601f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:37 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 04 Mar 2021 18:58:14 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "c7e-5bcba8cbe62c5"
vary: Accept-Encoding,Host
content-type: text/css
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 3198
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 app.css
blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/ 1 MB
1 MB 329ms
319ms Stylesheet
text/css 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/app.css

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

7af2c659d6f3451b1d60b59d07e71f8b6ddcba906f882bf363c5c8532b01f5ed

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:37 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 30 Jan 2020 08:55:32 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "138090-59d579e978900"
vary: Accept-Encoding,Host
content-type: text/css
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 1278096
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 jnpr.css
blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/ 18 KB
18 KB 330ms
320ms Stylesheet
text/css 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/jnpr.css?ver=1.0

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

3458646c92ebe1c0e71b5b65407f90227ccdbc073f8d7331f36c00847974032a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:37 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 09 Apr 2021 11:25:43 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "46d0-5bf886cb5b1ae"
vary: Accept-Encoding,Host
content-type: text/css
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 18128
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 mobile-responsive.css
blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/ 108 KB
108 KB 333ms
323ms Stylesheet
text/css 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/mobile-responsive.css

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

ed93f4b57dbafc1b959d886fcaba2d1fcfb4b94d390531cdcf8fcc079521a0e9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:37 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 17 Dec 2019 12:28:36 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "1ae53-599e5778f6500"
vary: Accept-Encoding,Host
content-type: text/css
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 110163
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 style.css
blogs.juniper.net/wp-content/themes/dfd-ronneby-child/ 669 B
1 KB 331ms
322ms Stylesheet
text/css 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/style.css

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

4d966ffbf39121ce17dca578684dda721702d20ee534cf9beeeb947b9a4cda12

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:37 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 24 Dec 2019 06:25:19 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "29d-59a6d353f31c0"
vary: Accept-Encoding,Host
content-type: text/css
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 669
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 css
fonts.googleapis.com/ 104 KB
4 KB 467ms
70ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%7CRaleway%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%7CDroid+Serif%3A400%2C700%2C400italic%2C700italic%7CLora%3A400%2C700%2C400italic%2C700italic%7CRoboto%3A100%2C300%2C400%2C500%2C700%2C900%2C100italic%2C300italic%2C400italic%2C500italic%2C700italic%2C900italic&subset=latin&ver=1581418109

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

31e44d0bc68ceafd76cf8ec85d54022021b0cb74856203e43e27359bb0a78123

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 13 Sep 2024 14:14:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 13 Sep 2024 14:14:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 13 Sep 2024 14:14:37 GMT

GET
H2 200 jquery.min.js Show response
blogs.juniper.net/wp-includes/js/jquery/ 87 KB
88 KB 323ms
320ms Script
application/javascript 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:37 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 16 Oct 2021 05:25:53 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "15db1-5ce718baf8470"
vary: Accept-Encoding,Host
content-type: application/javascript
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 89521
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 jquery-migrate.min.js Show response
blogs.juniper.net/wp-includes/js/jquery/ 11 KB
11 KB 702ms
700ms Script
application/javascript 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:37 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 16 Oct 2021 05:25:53 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "2bd8-5ce718baf8088"
vary: Accept-Encoding,Host
content-type: application/javascript
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 11224
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js Show response
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/ 716 KB
140 KB 316ms
32ms Script
application/x-javascript 2a02:26f0:480:f9d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f9d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 8bdeccca78a78d8bbc1dc284695d1ac41bfb790521c3470e7947fa28d76ef969

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:37 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:35 GMT
server: AkamaiNetStorage
etag: "42f093221d03cd83715cc188bbe5a846:1725908255.153705"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 143060
expires: Fri, 13 Sep 2024 15:14:37 GMT

GET
H2 200 wp-emoji-release.min.js Show response
blogs.juniper.net/wp-includes/js/ 18 KB
18 KB 2532ms
2527ms Script
application/javascript 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-includes/js/wp-emoji-release.min.js?ver=5.8.10

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:48 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 16 Oct 2021 05:25:53 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "4705-5ce718bb0093e"
vary: Accept-Encoding,Host
content-type: application/javascript
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 18181
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 p.css
p.typekit.net/ 5 B
173 B 450ms
73ms Stylesheet
text/css 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=xma4cpx&ht=tk&f=15701.15703.15705.15708&a=67798657&app=typekit&e=css
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/font.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:37 GMT
last-modified: Sun, 19 May 2024 12:57:48 GMT
server: nginx
etag: "6649f74c-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 agenttesla_original_website-900x600.png
blogs.juniper.net/wp-content/uploads/2022/03/ 540 KB
542 KB 635ms
634ms Image
image/png 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.juniper.net/wp-content/uploads/2022/03/agenttesla_original_website-900x600.png

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

e9714a993c290626c2ade96436f885448d5a87a79bfcbaf2f693b3009de9ffc1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:37 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 19 Apr 2022 23:58:25 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "871bb-5dd0aa70e660c"
vary: Accept-Encoding,Host
content-type: image/png
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 553403
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 Screen-Shot-2022-04-06-at-4.00.37-PM-1024x273-900x600.png
blogs.juniper.net/wp-content/uploads/2022/04/ 464 KB
465 KB 620ms
619ms Image
image/png 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.juniper.net/wp-content/uploads/2022/04/Screen-Shot-2022-04-06-at-4.00.37-PM-1024x273-900x600.png

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

1e5835bdeb64e527df1798a27b0ed61c8b6003759bd6dcd57e7b59e1e5aa3f99

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:37 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 19 Apr 2022 23:58:09 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "741c5-5dd0aa60fba98"
vary: Accept-Encoding,Host
content-type: image/png
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 475589
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 icon-900x600.png
blogs.juniper.net/wp-content/uploads/2022/04/ 65 KB
66 KB 1443ms
1443ms Image
image/png 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.juniper.net/wp-content/uploads/2022/04/icon-900x600.png

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

46f5a39d726c1bf2ab0352d162587be095ec976e7d0b07ac28de888054a7537a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:41 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 19 Apr 2022 23:56:41 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "10415-5dd0aa0dba327"
vary: Accept-Encoding,Host
content-type: image/png
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 66581
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 js_composer.min.css
blogs.juniper.net/wp-content/plugins/js_composer/assets/css/ 473 KB
475 KB 2687ms
2687ms Stylesheet
text/css 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.0.5

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

bf376bda577cabdec91f4e3f27597af77cb736bd548e87e987e1ee97e0549f1c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:45 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 10 Dec 2019 10:09:43 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "765f9-59956b5fc47c0"
vary: Accept-Encoding,Host
content-type: text/css
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 484857
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 utils.js Show response
blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/js/ 2 KB
2 KB 2533ms
2532ms Script
application/javascript 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/js/utils.js

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

e4ccf32b4d570f678ef818d0ab645defe462926db4e3a7eb1985430e25a71d96

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:48 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 03 Mar 2020 10:37:20 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "722-59ff0e3718f2d"
vary: Accept-Encoding,Host
content-type: application/javascript
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 1826
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 jquery.form.min.js Show response
blogs.juniper.net/wp-includes/js/jquery/ 16 KB
16 KB 2532ms
2532ms Script
application/javascript 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-includes/js/jquery/jquery.form.min.js?ver=4.3.0

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

7dcbd9ddb813cf06084d60b6158da5289b9e33ba3f9e7c463fd20e7ec8462014

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:48 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 16 Oct 2021 05:25:53 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "3ef4-5ce718baf7ca0"
vary: Accept-Encoding,Host
content-type: application/javascript
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 16116
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 global-nav.js Show response
www.juniper.net/assets/scripts/ 220 KB
221 KB 192ms
191ms Script
application/javascript 151.101.131.10
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.131.10 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

290c5b04153c8864dd5d33449f64898b350019dca6e852654c92e5b5b63117d9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .juniper.net .junipercloud.net .mistsys.com .mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
Strict-Transport-Security	max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000, max-age=31536000; includeSubDomains
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net *.junipercloud.net *.mistsys.com *.mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
x-content-type-options: nosniff
date: Fri, 13 Sep 2024 14:14:48 GMT
x-cache: MISS
content-length: 225168
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1
x-served-by: cache-fra-etou8220134-FRA
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 11 Nov 2020 18:10:33 GMT
x-timer: S1726236888.964067,VS0,VS0,VE166
etag: "36f90-5b3d8b619b840"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS, PUT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=259200, public
permissions-policy: geolocation=(self)
vary: Accept-Encoding
accept-ranges: bytes
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token

GET
H2 200 uncompresed.js Show response
blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/js_pub/ 721 KB
722 KB 2531ms
2531ms Script
application/javascript 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/js_pub/uncompresed.js

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

bbd96c67188ee6d1977bd7bfc382000eff01010cb8656023d6bdf8b77ab91c95

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:48 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 03 Mar 2020 10:34:32 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "b43eb-59ff0d9735fb1"
vary: Accept-Encoding,Host
content-type: application/javascript
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 738283
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 wp-embed.min.js Show response
blogs.juniper.net/wp-includes/js/ 1 KB
2 KB 2532ms
2532ms Script
application/javascript 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-includes/js/wp-embed.min.js?ver=5.8.10

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

6a482d2d94c0d1bc6937a1759389d01b475e6b28a0d9b5d7eaa3f9cc8f59f3cd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:48 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 16 May 2023 21:35:32 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "5c6-5fbd659d2378d"
vary: Accept-Encoding,Host
content-type: application/javascript
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 1478
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 js_composer_front.min.js Show response
blogs.juniper.net/wp-content/plugins/js_composer/assets/js/dist/ 20 KB
21 KB 2532ms
2532ms Script
application/javascript 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.0.5

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

43cdf46f331fec5ba92e402e3d5cad473099892cbdafca02e607cd03705104bf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:48 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 10 Dec 2019 10:09:44 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "5079-59956b60b8a00"
vary: Accept-Encoding,Host
content-type: application/javascript
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 20601
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 id Show response
dpm.demdex.net/ 602 B
1 KB 305ms
97ms XHR
application/json 52.17.26.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=D206123F524450F50A490D45%40AdobeOrg&d_nsid=0&ts=1726236887934

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.17.26.217 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-17-26-217.eu-west-1.compute.amazonaws.com

Software

Resource Hash

13c10e67f5cc58bf4d09e0d7e2e8dbcc11199b099c70cd3f25e6fed7b0f1e225

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

dcs: dcs-prod-irl1-2-v065-0ce9f7ae2.edge-irl1.demdex.com 3 ms
pragma: no-cache
date: Fri, 13 Sep 2024 14:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-tid: tMob8XZOQFE=
vary: Origin
content-type: application/json;charset=utf-8
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://blogs.juniper.net
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials: true
content-length: 446
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 EXa4b17e6a46f94e7eb3e0be11da647d34-libraryCode_source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 34 KB
13 KB 31ms
30ms Script
application/x-javascript 2a02:26f0:480:f9d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/EXa4b17e6a46f94e7eb3e0be11da647d34-libraryCode_source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f9d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a0017954d36e42d9f624ad09e6ea706e253683a036ccfae96137f6b487eeb2e6

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:47 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 12904
expires: Fri, 13 Sep 2024 15:14:47 GMT

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 3 KB
1 KB 297ms
115ms XHR
application/json 18.66.102.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?key=KPoJNUhqFN4BlhMgpIM033sl6wtdnfvyBcHrASKk&page=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&referrer=&page_title=Blackbyte%20Ransomware%20%7C%20Official%20Juniper%20Networks%20Blogs&src=adobelaunch
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-127.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: 0a752974eac0410c26ff4e782e29f8fefb23e25faad2772471b6981606aad3eb

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:48 GMT
content-encoding: gzip
identification-source: CENTRAL
via: 1.1 7ed0982309781d390a105a3ead66dbfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
x-cache: Miss from cloudfront
request-id: 9f367a52-32ea-429a-af10-95f406abccca
pragma: no-cache
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blogs.juniper.net
access-control-expose-headers: x-amz-cf-id
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
vary: Accept-Encoding, Origin
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: LymzznvSzWkR_RdRP36FzcSnNATYZJ6_Y_pgjZYhsszxzQmPQijF1A==
expires: Thu, 12 Sep 2024 14:14:48 GMT

GET
H2 200 Juniper-Networks-518251288-GREEN.jpg
blogs.juniper.net/wp-content/uploads/2020/01/ 397 KB
398 KB 2452ms
2452ms Image
image/jpeg 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.juniper.net/wp-content/uploads/2020/01/Juniper-Networks-518251288-GREEN.jpg

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

e140beffd54616292cdd8060a530be3bf2b03f0d8186233186474b8e267db1bb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:48 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 24 Jan 2020 07:09:48 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "6324f-59cdd71698700"
vary: Accept-Encoding,Host
content-type: image/jpeg
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 406095
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 search-icon.svg
blogs.juniper.net/assets/svg/ 445 B
950 B 2446ms
2446ms Image
image/svg+xml 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.juniper.net/assets/svg/search-icon.svg

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/jnpr.css?ver=1.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

2ad4e96fb2e21b58c32607429b7597950140dee740489604ba141308622b8929

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/jnpr.css?ver=1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:48 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 13 Feb 2020 10:18:32 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "1bd-59e7269338e00"
vary: Accept-Encoding,Host
content-type: image/svg+xml
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 445
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 dfd_icon_set.woff
blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/fonts/dfd_icon_set/ 573 KB
574 KB 2301ms
2301ms Font
application/font-woff 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/fonts/dfd_icon_set/dfd_icon_set.woff?t0y29j

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/fonts/dfd_icon_set/dfd_icon_set.css?ver=5.8.10

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

eb8b8bd903a4e388dca1baac5a72110f4eb1f479ee7b655ca53490081726680c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/fonts/dfd_icon_set/dfd_icon_set.css?ver=5.8.10
Origin: https://blogs.juniper.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:48 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 16 Oct 2021 05:27:39 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "8f374-5ce719203821f"
vary: Accept-Encoding,Host
content-type: application/font-woff
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 586612
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 l
use.typekit.net/af/180254/00000000000000000001522c/27/ 230 KB
230 KB 517ms
50ms Font
application/font-woff2 2.19.126.198
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/180254/00000000000000000001522c/27/l?primer=f592e0a4b9356877842506ce344308576437e4f677d7c9b78ca2162e6cad991a&fvd=n4&v=3
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/font.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.126.198 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-126-198.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a0f10ac61e20d25989eea5b54c5fcc43934853847f67054b401333413ac132d0

Request headers

Referer: https://blogs.juniper.net/
Origin: https://blogs.juniper.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:48 GMT
server: nginx
etag: "b368e5602e52f93ea8bb04f8e30b4af6a24b1c6d"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 235028

GET
H2 200 l
use.typekit.net/af/220823/000000000000000000015231/27/ 228 KB
228 KB 672ms
205ms Font
application/font-woff2 2.19.126.198
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/220823/000000000000000000015231/27/l?primer=f592e0a4b9356877842506ce344308576437e4f677d7c9b78ca2162e6cad991a&fvd=n7&v=3
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/font.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.126.198 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-126-198.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 8557ceef587615c421b7697a3a046e1b5605c514c6299787b89882797e97f120

Request headers

Referer: https://blogs.juniper.net/
Origin: https://blogs.juniper.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:48 GMT
server: nginx
etag: "a6d7ec334355c982af1029545363c128b8ebf3ec"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 233504

GET
H2 200 l
use.typekit.net/af/bdde80/00000000000000000001522d/27/ 247 KB
247 KB 723ms
261ms Font
application/font-woff2 2.19.126.198
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/bdde80/00000000000000000001522d/27/l?primer=f592e0a4b9356877842506ce344308576437e4f677d7c9b78ca2162e6cad991a&fvd=i4&v=3
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/font.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.126.198 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-126-198.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a2230e9dd7b979f89ff7b0af3aba00aa58f6ec169db58ce5dbc782d08371dd66

Request headers

Referer: https://blogs.juniper.net/
Origin: https://blogs.juniper.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:48 GMT
server: nginx
etag: "d62548ca39fe9b02351a1ca312096b30d863179d"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 252724

GET
H2 200 soc-icons.woff
blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/fonts/ 34 KB
35 KB 2295ms
2294ms Font
application/font-woff 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/fonts/soc-icons.woff

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/app.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

21ac17720285646169355f26dc7e527c20d2882a8d1de2a902e429dc94f9acd5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/app.css
Origin: https://blogs.juniper.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:48 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 10 Dec 2019 10:01:29 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "899c-59956988a7040"
vary: Accept-Encoding,Host
content-type: application/font-woff
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 35228
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 ransom_note-1024x444.png
blogs.juniper.net/wp-content/uploads/2022/03/ 236 KB
237 KB 2280ms
2280ms Image
image/png 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.juniper.net/wp-content/uploads/2022/03/ransom_note-1024x444.png

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

ac842a7d8f8ad92c6210375fbd8ed2373888ce7853659d61981d8372fe1c9eb8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:48 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 21 Mar 2022 06:50:41 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "3b16a-5dab4ea34f303"
vary: Accept-Encoding,Host
content-type: image/png
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 242026
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 blackbyte_static_properties.png
blogs.juniper.net/wp-content/uploads/2022/03/ 5 KB
5 KB 2279ms
2279ms Image
image/png 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.juniper.net/wp-content/uploads/2022/03/blackbyte_static_properties.png

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

45d726de893364cc8c294fbb28b94d03276325f6ec77cb0bcda6eddafc6119fe

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:48 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 21 Mar 2022 06:50:39 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "1287-5dab4ea129d9c"
vary: Accept-Encoding,Host
content-type: image/png
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 4743
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 blackbyte_functions.png
blogs.juniper.net/wp-content/uploads/2022/03/ 16 KB
17 KB 2279ms
2279ms Image
image/png 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.juniper.net/wp-content/uploads/2022/03/blackbyte_functions.png

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

dfad551a53c767e229da4a2f650e4b10d698f1b361b74e9f88a862dddaf64041

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:48 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 21 Mar 2022 06:50:38 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "419b-5dab4ea046cd2"
vary: Accept-Encoding,Host
content-type: image/png
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 16795
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 dest5.html
junipernetworks.demdex.net/ Frame 73B5 0
0 250ms
72ms Document
text/html 54.75.32.208
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://junipernetworks.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.75.32.208 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-75-32-208.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blogs.juniper.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Fri, 13 Sep 2024 14:14:48 GMT
dcs: dcs-prod-irl1-1-v065-0ffb6a59f.edge-irl1.demdex.com 0 ms
expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Mon, 19 Aug 2024 11:57:43 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
x-tid: GBwV90CsTEI=

GET
H2 200 id Show response
junipernetworks.d2.sc.omtrdc.net/ 2 B
268 B 279ms
81ms XHR
application/x-javascript 63.140.62.17
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://junipernetworks.d2.sc.omtrdc.net/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=D206123F524450F50A490D45%40AdobeOrg&mid=19852699730327790884075618067319934020&ts=1726236888274

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.17 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

ip-63-140-62-17.data.adobedc.net

Software

jag /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 13 Sep 2024 14:14:48 GMT
x-content-type-options: nosniff
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: https://blogs.juniper.net
p3p: CP="This is not a P3P policy"
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-length: 2
x-xss-protection: 1; mode=block

GET
H2

200

ibs:dpid=411&dpuuid=ZuRI2AAAAIKI2wNe
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=13270214582154211113560130071355897251
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZuRI2AAAAIKI2wNe

42 B
716 B

56ms
56ms

Image
image/gif

52.17.26.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZuRI2AAAAIKI2wNe

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Server

52.17.26.217 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-17-26-217.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

dcs: dcs-prod-irl1-2-v065-0af13a9b0.edge-irl1.demdex.com 6 ms
pragma: no-cache
date: Fri, 13 Sep 2024 14:14:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: F+CnnmyUSuw=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZuRI2AAAAIKI2wNe
Date: Fri, 13 Sep 2024 14:14:48 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 json Show response
junipernetworks.tt.omtrdc.net/m2/junipernetworks/mbox/ 537 B
945 B 357ms
123ms XHR
application/json 66.235.152.225
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://junipernetworks.tt.omtrdc.net/m2/junipernetworks/mbox/json?mbox=target-global-mbox&mboxSession=89d08c5a001343f0812d037bd2c1f0de&mboxPC=&mboxPage=4b8a2f9fa6534a1b9a8338b6e16eb773&mboxRid=be98a313fbea496f83a1f7d0c09ecf0b&mboxVersion=1.8.3&mboxCount=1&mboxTime=1726244088034&mboxHost=blogs.juniper.net&mboxURL=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&mboxReferrer=&browserHeight=1200&browserWidth=1600&browserTimeOffset=120&screenHeight=1200&screenWidth=1600&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&webGLRenderer=Intel%20Iris%20OpenGL%20Engine&at_property=731b0e75-98c0-3152-d94c-88331af4fd48&mboxMCSDID=2718FCB54124CBC1-75EB84991153ACAD&vst.trk=junipernetworks.d2.sc.omtrdc.net&vst.trks=junipernetworks.d2.sc.omtrdc.net&mboxMCGVID=19852699730327790884075618067319934020&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&mboxMCGLH=6

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.235.152.225 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

ip-66-235-152-225.data.adobedc.net

Software

jag /

Resource Hash

8293beebcc079e028da2da51dc237e13c8dbe30c36e5d7e9fb42f68a282ffd30

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 14:14:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
server: jag
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://blogs.juniper.net
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 537
x-xss-protection: 1; mode=block
x-request-id: be98a313fbea496f83a1f7d0c09ecf0b

GET
H2 200 jnpr-logo.svg Show response
www.juniper.net/assets/svg/ 3 KB
4 KB 297ms
196ms XHR
image/svg+xml 151.101.131.10
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.juniper.net/assets/svg/jnpr-logo.svg

Requested by

Host: www.juniper.net
URL: https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.131.10 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

57f53d1b65316e7362b02a42d2a07319fcd3a8d75f2dc91d0094caf98181c741

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .juniper.net .junipercloud.net .mistsys.com .mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
Strict-Transport-Security	max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000, max-age=31536000; includeSubDomains
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net *.junipercloud.net *.mistsys.com *.mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
x-content-type-options: nosniff
date: Fri, 13 Sep 2024 14:14:54 GMT
x-cache: MISS
content-length: 3131
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1
x-served-by: cache-fra-etou8220051-FRA
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 02 Nov 2018 05:55:25 GMT
x-timer: S1726236894.100783,VS0,VS0,VE167
etag: "c3b-579a82e7d8d40"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS, PUT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=259200, public
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token

GET
H2 200 jnpr-social-icon_blog.svg Show response
www.juniper.net/assets/icons/social/ 3 KB
4 KB 298ms
197ms XHR
image/svg+xml 151.101.131.10
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.juniper.net/assets/icons/social/jnpr-social-icon_blog.svg

Requested by

Host: www.juniper.net
URL: https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.131.10 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4ac6f3f96ba95b41a75dace029d6f460e9721949d91b2680723394f1c8ecce29

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .juniper.net .junipercloud.net .mistsys.com .mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
Strict-Transport-Security	max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000, max-age=31536000; includeSubDomains
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net *.junipercloud.net *.mistsys.com *.mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
x-content-type-options: nosniff
date: Fri, 13 Sep 2024 14:14:54 GMT
x-cache: MISS
content-length: 3560
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1
x-served-by: cache-fra-etou8220051-FRA
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 19 Feb 2020 09:37:43 GMT
x-timer: S1726236894.100720,VS0,VS0,VE170
etag: "de8-59eea8a4707c0"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS, PUT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=259200, public
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token

GET
H2 200 jnpr-social-icon_facebook.svg Show response
www.juniper.net/assets/icons/social/ 366 B
890 B 334ms
233ms XHR
image/svg+xml 151.101.131.10
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.juniper.net/assets/icons/social/jnpr-social-icon_facebook.svg

Requested by

Host: www.juniper.net
URL: https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.131.10 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

7ff5a2ce1b7603d6e9f61f85587efe96cbed61d71ace91bcc6ca7d0bc07cc7ce

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .juniper.net .junipercloud.net .mistsys.com .mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
Strict-Transport-Security	max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000, max-age=31536000; includeSubDomains
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net *.junipercloud.net *.mistsys.com *.mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
x-content-type-options: nosniff
date: Fri, 13 Sep 2024 14:14:54 GMT
x-cache: MISS
content-length: 366
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1
x-served-by: cache-fra-etou8220051-FRA
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 25 Sep 2018 21:30:52 GMT
x-timer: S1726236894.100671,VS0,VS0,VE170
etag: "16e-576b8d1f35b00"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS, PUT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=259200, public
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token

GET
H2 200 jnpr-social-icon_twitter.svg Show response
www.juniper.net/assets/icons/social/ 582 B
2 KB 381ms
280ms XHR
image/svg+xml 151.101.131.10
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.juniper.net/assets/icons/social/jnpr-social-icon_twitter.svg

Requested by

Host: www.juniper.net
URL: https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.131.10 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

15c14a35beeabe632f718ce14189ade1b8b6760b977e1e8149b5e1211d3efde5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .juniper.net .junipercloud.net .mistsys.com .mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
Strict-Transport-Security	max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000, max-age=31536000; includeSubDomains
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net *.junipercloud.net *.mistsys.com *.mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
x-content-type-options: nosniff
date: Fri, 13 Sep 2024 14:14:54 GMT
x-cache: MISS
content-length: 582
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1
x-served-by: cache-fra-etou8220051-FRA
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 25 Sep 2018 21:30:52 GMT
x-timer: S1726236894.100710,VS0,VS0,VE228
etag: "246-576b8d1f35b00"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS, PUT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=259200, public
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token

GET
H2 200 jnpr-social-icon_youtube.svg Show response
www.juniper.net/assets/icons/social/ 451 B
2 KB 295ms
193ms XHR
image/svg+xml 151.101.131.10
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.juniper.net/assets/icons/social/jnpr-social-icon_youtube.svg

Requested by

Host: www.juniper.net
URL: https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.131.10 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c6846556479addb85175eb801d75cd64485ccec53b42fac54441fef1895c0408

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .juniper.net .junipercloud.net .mistsys.com .mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
Strict-Transport-Security	max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000, max-age=31536000; includeSubDomains
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net *.junipercloud.net *.mistsys.com *.mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
x-content-type-options: nosniff
date: Fri, 13 Sep 2024 14:14:54 GMT
x-cache: MISS
content-length: 451
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1
x-served-by: cache-fra-etou8220051-FRA
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 25 Sep 2018 21:30:52 GMT
x-timer: S1726236894.101481,VS0,VS0,VE165
etag: "1c3-576b8d1f35b00"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS, PUT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=259200, public
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token

GET
H2 200 jnpr-social-icon_linkedin.svg Show response
www.juniper.net/assets/icons/social/ 724 B
1 KB 306ms
205ms XHR
image/svg+xml 151.101.131.10
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.juniper.net/assets/icons/social/jnpr-social-icon_linkedin.svg

Requested by

Host: www.juniper.net
URL: https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.131.10 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

70349fe86be7c6dcd4062011d02d91185a4a45b60e2826f05985d67f8ae43bd3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .juniper.net .junipercloud.net .mistsys.com .mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
Strict-Transport-Security	max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000, max-age=31536000; includeSubDomains
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net *.junipercloud.net *.mistsys.com *.mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
x-content-type-options: nosniff
date: Fri, 13 Sep 2024 14:14:54 GMT
x-cache: MISS
content-length: 724
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1
x-served-by: cache-fra-etou8220051-FRA
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 25 Sep 2018 21:30:52 GMT
x-timer: S1726236894.101626,VS0,VS0,VE165
etag: "2d4-576b8d1f35b00"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS, PUT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=259200, public
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token

GET
H2 200 jnpr-social-icon_instgram.svg Show response
www.juniper.net/assets/icons/social/ 1 KB
2 KB 297ms
198ms XHR
image/svg+xml 151.101.131.10
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.juniper.net/assets/icons/social/jnpr-social-icon_instgram.svg

Requested by

Host: www.juniper.net
URL: https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.131.10 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e8d5b01af589f68a0f2da663d3efc472fabb22d9ede91a7ffcf74d21e6295506

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .juniper.net .junipercloud.net .mistsys.com .mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
Strict-Transport-Security	max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000, max-age=31536000; includeSubDomains
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net *.junipercloud.net *.mistsys.com *.mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
x-content-type-options: nosniff
date: Fri, 13 Sep 2024 14:14:54 GMT
x-cache: MISS
content-length: 1037
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1
x-served-by: cache-fra-etou8220051-FRA
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 03 Dec 2018 20:00:23 GMT
x-timer: S1726236894.101295,VS0,VS0,VE166
etag: "40d-57c23996843c0"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS, PUT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=259200, public
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 247ms
115ms Script
application/javascript 2a02:26f0:3500:10::210:a9a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:10::210:a9a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 22 Aug 2024 10:43:55 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=33934
accept-ranges: bytes
content-length: 14628

GET
H2

200

activityi;dc_pre=CKbl7siNwIgDFc0lBgAd5kcdcQ;src=3872718;type=gojpnet;cat=pagev0;u1=GAjbFqZo3E9zulJN7o9o964auDs4XXGu-1726236898;u2=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-bas...
3872718.fls.doubleclick.net/ Frame ACAF
Redirect Chain

https://3872718.fls.doubleclick.net/activityi;src=3872718;type=gojpnet;cat=pagev0;u1=GAjbFqZo3E9zulJN7o9o964auDs4XXGu-1726236898;u2=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-b...
https://3872718.fls.doubleclick.net/activityi;dc_pre=CKbl7siNwIgDFc0lBgAd5kcdcQ;src=3872718;type=gojpnet;cat=pagev0;u1=GAjbFqZo3E9zulJN7o9o964auDs4XXGu-1726236898;u2=https%3A%2F%2Fblogs.juniper.net...

0
0

52ms
51ms

Document
text/html

172.217.23.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3872718.fls.doubleclick.net/activityi;dc_pre=CKbl7siNwIgDFc0lBgAd5kcdcQ;src=3872718;type=gojpnet;cat=pagev0;u1=GAjbFqZo3E9zulJN7o9o964auDs4XXGu-1726236898;u2=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;u5=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6408994722392.097?

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 1094
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Sep 2024 14:14:58 GMT
expires: Fri, 13 Sep 2024 14:14:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Sep 2024 14:14:58 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://3872718.fls.doubleclick.net/activityi;dc_pre=CKbl7siNwIgDFc0lBgAd5kcdcQ;src=3872718;type=gojpnet;cat=pagev0;u1=GAjbFqZo3E9zulJN7o9o964auDs4XXGu-1726236898;u2=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;u5=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6408994722392.097?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 conversion.js Show response
www.googleadservices.com/pagead/ 56 KB
20 KB 133ms
44ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

0ab523c8b0ad80c8faca797a4b006becc110fddd8a3376314d362dd2441b2be0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20846
x-xss-protection: 0
server: cafe
etag: 6212416040377652709
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 13 Sep 2024 14:14:58 GMT

GET
H/1.1 200
OK elqCfg.min.js Show response
img.en25.com/i/ 6 KB
3 KB 194ms
63ms Script
application/x-javascript 184.25.216.9
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://img.en25.com/i/elqCfg.min.js

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.25.216.9 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-25-216-9.deploy.static.akamaitechnologies.com

Software

Resource Hash

3346de8e2ae1bfde250c7ac5c06f79a0a60c7faef8e5e08a2c9e8fbf5ec2c9e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Fri, 13 Sep 2024 14:14:58 GMT
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Connection: keep-alive
Content-Length: 2183
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Fri, 12 Jul 2024 05:36:33 GMT
ETag: "5fbd42741dd4da1:0"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: no-store
Accept-Ranges: bytes
X-Robots-Tag: noindex, nofollow
Expires: Fri, 13 Sep 2024 14:14:58 GMT

GET
H/1.1

200
OK

svrGP.aspx
s1229.t.eloqua.com/visitor/v200/
Redirect Chain

https://s1229.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=1229&ref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&ref2=elqNone&tzo=-60&ms=194&optin=dis...
https://s1229.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=1229&ref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&ref2=elqNone&tzo=-60&ms=194&opti...

49 B
448 B

151ms
151ms

Image
image/gif

192.29.67.231
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1229.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=1229&ref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&ref2=elqNone&tzo=-60&ms=194&optin=disabled&elqCookie=1

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

HTTP/1.1

Server

192.29.67.231 Toronto, Canada, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

Resource Hash

f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Fri, 13 Sep 2024 14:14:58 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: no-store
X-Robots-Tag: noindex, nofollow
Content-Length: 49
X-Xss-Protection: 1; mode=block
Expires: -1

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Fri, 13 Sep 2024 14:14:58 GMT
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=utf-8
Location: https://s1229.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=1229&ref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&ref2=elqNone&tzo=-60&ms=194&optin=disabled&elqCookie=1
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: no-store
X-Robots-Tag: noindex, nofollow
Content-Length: 364
X-Xss-Protection: 1; mode=block
Expires: -1

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/956680084/ 43 B
60 B 126ms
40ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/956680084/?random=1726236898245&cv=9&fst=1726236898245&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260%2C466465925%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&tiba=Blackbyte%20Ransomware%20%7C%20Official%20Juniper%20Networks%20Blogs&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 14:14:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 RC818ad63b83d845bf86e25bc68d85042a-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 1022 B
755 B 46ms
45ms Script
application/x-javascript 2a02:26f0:480:f9d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC818ad63b83d845bf86e25bc68d85042a-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f9d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 99f112114fdf68a2c9913bbdff0f0ec524243ce621aa8b46f6275620695fb208

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:58 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 498
expires: Fri, 13 Sep 2024 15:14:58 GMT

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
815 B 372ms
128ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=4751&time=1726236898316&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept: *
Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:58 GMT
content-encoding: gzip
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: D76949F7F0E94051B5FB2BAD9FAB6E8E Ref B: DUS30EDGE0318 Ref C: 2024-09-13T14:14:58Z
access-control-allow-methods: GET, OPTIONS
x-li-fabric: prod-lva1
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
content-type: application/json
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYiANkj+3XxW2h1Dcy2oA==
x-fs-uuid: 00062200d923fb75f15b68750dccb6a0

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4751&time=1726236898316&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4751&time=1726236898316&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&e_ipv6=AQKSHLAyaZomywAAAZ...

0
264 B

264ms
201ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4751&time=1726236898316&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&e_ipv6=AQKSHLAyaZomywAAAZHrvLVkZz_w93NypTPPSdX3l0I5DXvPwGTTIMrFoweUOo08NQoFJ0fs6gcbCg
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:58 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 2B0541A1653649508A854D93414B3F5E Ref B: FRAEDGE1109 Ref C: 2024-09-13T14:14:58Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYiANko4J/bNSX4PvP6eA==

Redirect headers

date: Fri, 13 Sep 2024 14:14:58 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 12784BDB4D94493AB5F58DAA8C270BC0 Ref B: FRAEDGE1207 Ref C: 2024-09-13T14:14:58Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4751&time=1726236898316&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&e_ipv6=AQKSHLAyaZomywAAAZHrvLVkZz_w93NypTPPSdX3l0I5DXvPwGTTIMrFoweUOo08NQoFJ0fs6gcbCg
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYiANkkcrEmk+rq2pqwbg==

GET
H2 200 RC2950651f62ef416783ad5b44afec1390-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 592 B
631 B 42ms
40ms Script
application/x-javascript 2a02:26f0:480:f9d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC2950651f62ef416783ad5b44afec1390-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f9d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 47d50114dccf7494ae9299fec825f1eae1aabfb94154b5f8ab9923754104e3f0

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:58 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 374
expires: Fri, 13 Sep 2024 15:14:58 GMT

GET
H2 200 s6805182720839
junipernetworks.d2.sc.omtrdc.net/b/ss/jnprod/1/JS-2.12.0-LEWM/ 43 B
223 B 60ms
56ms Image
image/gif 63.140.62.17
OMNITURE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://junipernetworks.d2.sc.omtrdc.net/b/ss/jnprod/1/JS-2.12.0-LEWM/s6805182720839?AQB=1&ndh=1&pf=1&t=13%2F8%2F2024%2016%3A14%3A58%205%20-120&sdid=2718FCB54124CBC1-75EB84991153ACAD&mid=19852699730327790884075618067319934020&aamlh=6&ce=UTF-8&pageName=blogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&g=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&cc=USD&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=blogs.juniper.net&v5=GAjbFqZo3E9zulJN7o9o964auDs4XXGu-1726236898&v6=D%3Dmid&v15=D%3DpageName&v19=uzleuven.be&v20=%28Unavailable%29%22&v25=8011&v26=620000&v27=5377&v28=500000000&v29=BE&v30=%22122799124&v31=%28Non-Target%20Account%29&v32=%28Non-Target%20Account%29&v33=%28Non-Target%20Account%29&v34=Uz%20Leuven&v35=Uz%20Leuven&v36=Healthcare%20%26%20Medical&v37=Providers%22&v38=%22%24500M%20-%20%241B&v39=Enterprise&v40=Gasthuisberg&v41=Leuven&v42=%28Unavailable%29&v43=3000&v44=Belgium&v45=Mid-Market%20Business%22&v46=%22Healthcare%20%26%20Medical&v80=blackbyte-ransomware&v84=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=D206123F524450F50A490D45%40AdobeOrg&AQE=1

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.17 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

ip-63-140-62-17.data.adobedc.net

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 14:14:58 GMT
x-content-type-options: nosniff
last-modified: Sat, 14 Sep 2024 14:14:58 GMT
server: jag
etag: 3707065511518994432-4618573227743351331
vary: *
p3p: CP="This is not a P3P policy"
access-control-allow-origin: *
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0, no-transform, private
content-length: 43
x-xss-protection: 1; mode=block
expires: Thu, 12 Sep 2024 14:14:58 GMT

GET
H2 200 wRPiG49f.min.js Show response
scripts.demandbase.com/ 63 KB
18 KB 227ms
38ms Script
application/javascript 13.32.27.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://scripts.demandbase.com/wRPiG49f.min.js

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.65 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-65.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

8d652933fc07439cc510cffb3133311ee07f6f424d2964cb7f4ef3eb4e2b2793

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: 9A6IZpdegZk_aH6qZQV_nTcBMeEATLlq
content-encoding: gzip
via: 1.1 7d3c59ee1b45f72158a8cbce053c8978.cloudfront.net (CloudFront)
date: Fri, 13 Sep 2024 13:43:17 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA56-C2
age: 1914
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 27 Aug 2024 19:15:01 GMT
server: AmazonS3
etag: W/"59f7314e86d7f85ab0bc9bea5d9ea05e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
x-amz-cf-id: -zDW_gdP53ymNT7N7Lymkng8YWudbvr83MwE8A09aB5pWBkB6scxdg==

GET
H2 200 sync
s.company-target.com/s/ Frame A24C 0
0 258ms
136ms Document
text/html 34.96.71.22
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.company-target.com/s/sync?exc=lr
Requested by: Host: scripts.demandbase.com
URL: https://scripts.demandbase.com/wRPiG49f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.71.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 22.71.96.34.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Referer: https://blogs.juniper.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-methods: GET,OPTIONS
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 634
content-type: text/html; charset=UTF-8
date: Fri, 13 Sep 2024 14:14:58 GMT
via: 1.1 google

GET
H2 451 464526.gif
id.rlcdn.com/ 0
98 B 123ms
39ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/464526.gif
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:58 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H2 200 ip.json Show response
api.company-target.com/api/v3/ 3 KB
2 KB 114ms
113ms XHR
application/json 18.66.102.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v3/ip.json?referrer=&page=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&page_title=Blackbyte%20Ransomware%20%7C%20Official%20Juniper%20Networks%20Blogs
Requested by: Host: scripts.demandbase.com
URL: https://scripts.demandbase.com/wRPiG49f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.102.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-102-127.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: 2fb9c4440fc20fe0be63e4d6c9ef4c34441e08184f8d97e70ae1b201b812f73a

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 13 Sep 2024 14:14:58 GMT
content-encoding: gzip
identification-source: CENTRAL
via: 1.1 7ed0982309781d390a105a3ead66dbfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
x-cache: Miss from cloudfront
request-id: af997da2-4c1e-4b93-8d15-8ec3d7b35bba
pragma: no-cache
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blogs.juniper.net
access-control-expose-headers: x-amz-cf-id
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
vary: Accept-Encoding, Origin
api-version: v3
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: HKWmLPtrk4H--yz5CdthChWqBksL9iIWRswTnzfv9ktqTKsKfVZwOQ==
expires: Thu, 12 Sep 2024 14:14:58 GMT

GET
H2 200 bg9s Show response
tag-logger.demandbase.com/ 0
418 B 438ms
365ms XHR
text/html 2600:9000:2724:3c00:1d:8d6d:3b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag-logger.demandbase.com/bg9s?x-amz-cf-id=HKWmLPtrk4H--yz5CdthChWqBksL9iIWRswTnzfv9ktqTKsKfVZwOQ==&api-version=v3
Requested by: Host: scripts.demandbase.com
URL: https://scripts.demandbase.com/wRPiG49f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2724:3c00:1d:8d6d:3b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: 8SdDCdpJvGjkSiMFPv08XcVSgwOMVVmH
date: Fri, 13 Sep 2024 06:51:08 GMT
via: 1.1 8c1c3a8ed856f5c19ce3b4158bff94a8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P12
age: 26631
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 0
last-modified: Tue, 07 Mar 2023 20:47:02 GMT
server: AmazonS3
etag: "d41d8cd98f00b204e9800998ecf8427e"
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: cYINxoUqD3kFxqEmn5c-lh5QMEYnWcSVaQ5ZMw3bTNB4mCnDBvbKUg==

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
195 B 224ms
223ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 13 Sep 2024 14:14:58 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 094E9512988749D8A2FFF6B194C05473 Ref B: FRAEDGE1207 Ref C: 2024-09-13T14:14:59Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
access-control-allow-origin: https://blogs.juniper.net
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYiANkr6pNiEKMAcuSLpQ==

GET
H2 200 RCa7fb60ad9a5747ea9dd5b02061f0f551-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 514 B
573 B 21ms
21ms Script
application/x-javascript 2a02:26f0:480:f9d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RCa7fb60ad9a5747ea9dd5b02061f0f551-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f9d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 6e568d43eff272dd73b9bd6fe8e5ca55c71583f238e7648353ea19c4ceb261b0

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:59 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 316
expires: Fri, 13 Sep 2024 15:14:59 GMT

GET
H2 200 favicon.ico
www.juniper.net/ 10 KB
10 KB 23ms
23ms Other
image/x-icon 151.101.131.10
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.juniper.net/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.131.10 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e0291270eacaaeea992dddc8c314fa3a9a3c2c06e3aacb14f971b4f794200a2b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .juniper.net .junipercloud.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com https://courses.mist.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net *.junipercloud.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com https://courses.mist.com
date: Fri, 13 Sep 2024 14:14:59 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
content-md5: 2F6SbJ6KQmix49Eze+3WvQ==
age: 563777
x-vhost: juniper-publish
x-cache: HIT
content-disposition: attachment; filename="favicon.ico"; filename*=UTF-8''favicon.ico
content-length: 9854
x-xss-protection: 1; mode=block
x-served-by: cache-fra-etou8220134-FRA
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 08 May 2024 08:21:26 GMT
x-timer: S1726236899.394474,VS0,VS0,VE2
etag: "0x8DC6F37DAD67723"
x-frame-options: SAMEORIGIN
content-type: image/x-icon
access-control-allow-origin: *
cache-control: max-age=604800, public
permissions-policy: geolocation=(self)
accept-ranges: bytes

GET
H2 200 RCcf9a61f85a714672a0e883a73e8658d3-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 774 B
651 B 30ms
30ms Script
application/x-javascript 2a02:26f0:480:f9d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RCcf9a61f85a714672a0e883a73e8658d3-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f9d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 46703bc4a3c94e65c92173441a572f55539bad28e898b8eaab2714408272f947

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:59 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 394
expires: Fri, 13 Sep 2024 15:14:59 GMT

GET
H2 200 favicon.ico
blogs.juniper.net/wp-content/uploads/2020/01/ 42 KB
42 KB 207ms
206ms Other
image/vnd.microsoft.icon 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/uploads/2020/01/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

454b39bc48bb4276bfbbfd066ae2e5fb777dc34b8339dbd5f3526e3f96cbcb82

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:59 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 24 Jan 2020 11:25:45 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "a63e-59ce104c2c040"
vary: Accept-Encoding,Host
content-type: image/vnd.microsoft.icon
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 42558
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 14 KB
6 KB 175ms
45ms Script
application/x-javascript 18.172.103.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.172.103.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-172-103-101.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 71d18af9ee879a36717e1ea3367b669031e3f6b12cb0aa1373fd200d278c4e6a

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Fri, 13 Sep 2024 06:34:38 GMT
Content-Encoding: gzip
Via: 1.1 7011da69940360ddebc87f61490ffecc.cloudfront.net (CloudFront)
Last-Modified: Thu, 29 Aug 2024 18:19:06 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P8
Age: 27622
x-amz-server-side-encryption: AES256
ETag: W/"0a898f6edf2d77595f7378557dd8fb96"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: _PIbLuI18Tycz9AM_dNcOAmhpBJB2Onhv8m8GWLa4nbBMapvPvYbjA==

GET
H2 200 RC5c3737b4f0b346d3b8381d5ab790c103-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 737 B
713 B 21ms
21ms Script
application/x-javascript 2a02:26f0:480:f9d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC5c3737b4f0b346d3b8381d5ab790c103-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f9d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: ac6b7a946ec79473fad9578bdeeeb0d7b8065236a2441c5ecf425a509d3afb4d

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:59 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 456
expires: Fri, 13 Sep 2024 15:14:59 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 49 KB
14 KB 199ms
53ms Script
application/javascript 2620:1ec:33:3::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:3::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

60ed45fe20ede817f77c4e774e77fd9a9a4f4046c67456f1442eac2095918438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Fri, 13 Sep 2024 14:14:59 GMT
last-modified: Fri, 06 Sep 2024 21:17:16 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 36DEBE986D544A66956EA267E0A02E9E Ref B: LON212050701033 Ref C: 2024-09-13T14:14:59Z
etag: "016326a20db1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 14305

GET
H2 200 RC1eb9572d42e14899ba30ba82754f1f5f-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 702 B
668 B 42ms
42ms Script
application/x-javascript 2a02:26f0:480:f9d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC1eb9572d42e14899ba30ba82754f1f5f-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f9d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 301acbee50a7f8f6f6c1936ecde0a24817cf92af70dfd5fabda6c0615f0ae51d

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:59 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 412
expires: Fri, 13 Sep 2024 15:14:59 GMT

GET
H2 200 up
insight.adsrvr.org/track/ Frame 3F91 0
0 182ms
53ms Document
text/html 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=ayvdycl&ref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&upid=6x1itd9&upv=1.1.0&paapi=1
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash

Request headers

Referer: https://blogs.juniper.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-length: 0
content-type: text/html
date: Fri, 13 Sep 2024 14:14:59 GMT
server: Kestrel

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 269 KB
93 KB 141ms
48ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10817909393

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0ef05791b6903e02cccafcca34734fe00a68dbd20b39dd877e985fa90f408eb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 94770
x-xss-protection: 0
last-modified: Fri, 13 Sep 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 13 Sep 2024 14:14:59 GMT

GET
H2 200 RC0319207ef260453c9e9138e5c53d6383-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 1 KB
826 B 45ms
45ms Script
application/x-javascript 2a02:26f0:480:f9d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC0319207ef260453c9e9138e5c53d6383-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f9d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c5f15a70092ec3d2df51f031acc448833369721750b2a8a291fc4e89b8890059

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:59 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 569
expires: Fri, 13 Sep 2024 15:14:59 GMT

GET
H2 200 RC5d254212e1d341e091e323f690883dba-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 2 KB
1 KB 41ms
41ms Script
application/x-javascript 2a02:26f0:480:f9d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC5d254212e1d341e091e323f690883dba-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f9d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 346d20eb0f3800ef6bb0f2d0641be87380603da567edccd1b23e10cd67e068a3

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:59 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 1099
expires: Fri, 13 Sep 2024 15:14:59 GMT

GET
H2 200 RC907cb723b33e43c6be777d1a58315393-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 392 B
521 B 45ms
44ms Script
application/x-javascript 2a02:26f0:480:f9d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC907cb723b33e43c6be777d1a58315393-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f9d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 5030a5190ea5bcfb12e186233d1a10b8470897223e6ec5fb6cdce857c915acf9

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:59 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 264
expires: Fri, 13 Sep 2024 15:14:59 GMT

GET
H2 200 RC79b0852125f5494f9e00ff9e66f6f584-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 358 B
484 B 43ms
43ms Script
application/x-javascript 2a02:26f0:480:f9d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC79b0852125f5494f9e00ff9e66f6f584-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f9d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 50b4976fb3abca7428ce7c060cfd9d1c370f442fb465a7b117424b39e9dc8854

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:59 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 228
expires: Fri, 13 Sep 2024 15:14:59 GMT

GET
H2 200 56185393.js Show response
bat.bing.com/p/action/ 370 B
421 B 66ms
65ms Script
application/javascript 2620:1ec:33:3::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/56185393.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:3::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a791796f72eea3c5febcbe84acc17e5e8e434e71036ea481b168dc4f41f12a9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Fri, 13 Sep 2024 14:14:59 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D4393FE086354464937B23DF12DC9BD5 Ref B: LON212050701033 Ref C: 2024-09-13T14:14:59Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=1800

GET
H2 200 RCc7e9ad68f84344aeb32e287defa49d77-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 1 KB
768 B 36ms
34ms Script
application/x-javascript 2a02:26f0:480:f9d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RCc7e9ad68f84344aeb32e287defa49d77-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f9d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: da94c16c4331bdda0f80784ad7c2c31713bf3aee6c6c4ddec1606d0ba077f4dd

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:59 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 512
expires: Fri, 13 Sep 2024 15:14:59 GMT

GET
H2 204 0
bat.bing.com/action/ 0
180 B 52ms
52ms Image
text/plain 2620:1ec:33:3::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=56185393&Ver=2&mid=ddd005f6-d91a-4bf6-8630-3de5ba6a69e8&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=Blackbyte%20Ransomware%20%7C%20Official%20Juniper%20Networks%20Blogs&p=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&r=&lt=23321&evt=pageLoad&sv=1&asc=D&cdb=AQAY&rn=312999

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:3::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 13 Sep 2024 14:14:59 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9B34F2792B4F43D4BDB2B98B59B6C218 Ref B: LON212050701033 Ref C: 2024-09-13T14:14:59Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 RC509ece53612f4cbdb740b0685cd41ee3-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 464 B
546 B 28ms
28ms Script
application/x-javascript 2a02:26f0:480:f9d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC509ece53612f4cbdb740b0685cd41ee3-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f9d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 96f6e313bffe4d3b6c1018cd4257c1d3e1e6ee5b151f5c876637d027cf12cef9

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:59 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 290
expires: Fri, 13 Sep 2024 15:14:59 GMT

POST
H3 204 10817909393
google.com/ccm/form-data/ 0
17 B 160ms
39ms Ping
text/plain 142.250.186.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google.com/ccm/form-data/10817909393?gtm=45be49b0v9174497920za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=0&npa=1&frm=0&pscdl=noapi&auid=1616731516.1726236900&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10817909393
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s07-in-f14.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 14:15:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blogs.juniper.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 220 KB
79 KB 37ms
37ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-11607354

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7916afc4c8127841ebdb3bf93e53537b270d0e308c0002074b8a3f3316362a07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:59 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 80308
x-xss-protection: 0
last-modified: Fri, 13 Sep 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 13 Sep 2024 14:14:59 GMT

GET
H2 200 RC14926df3f6d744689db84e66f6c16762-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 410 B
516 B 26ms
26ms Script
application/x-javascript 2a02:26f0:480:f9d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC14926df3f6d744689db84e66f6c16762-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f9d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: b5534f9b8235574a84a3e5b39394435f69872050496532d1b274cd7f2996ebd3

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:59 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 259
expires: Fri, 13 Sep 2024 15:14:59 GMT

GET
H2 200 RC9129fa1efe5247489b0b813e6c7bd6e0-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 558 B
624 B 55ms
52ms Script
application/x-javascript 2a02:26f0:480:f9d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC9129fa1efe5247489b0b813e6c7bd6e0-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f9d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 8fb803a264e369f926808ada4799693ea7aee214f1f3c8006510f10c4273e78f

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:59 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 367
expires: Fri, 13 Sep 2024 15:14:59 GMT

GET
H2 200 RCdcabda4eb1c746eeb40a07be07898d91-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 3 KB
1 KB 34ms
26ms Script
application/x-javascript 2a02:26f0:480:f9d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RCdcabda4eb1c746eeb40a07be07898d91-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f9d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 25cc9d09d9ccea303a325189dac41d865b8f74229b33a5754da6031aef42a185

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:15:00 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 1196
expires: Fri, 13 Sep 2024 15:15:00 GMT

GET
H2 200 twin.js Show response
twin-iq.kickfire.com/ 424 B
696 B 879ms
178ms Script
application/javascript 54.188.203.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://twin-iq.kickfire.com/twin.js?15530

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.188.203.142 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-188-203-142.us-west-2.compute.amazonaws.com

Software

Apache/2.4.58 () /

Resource Hash

034acd3ced0cf00cdfcb684283fdc624a48c2dc8dcddeb55e09412f92971056d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:15:00 GMT
content-security-policy: frame-ancestors 'none';
x-content-type-options: nosniff
last-modified: Thu, 06 Jan 2022 20:12:30 GMT
server: Apache/2.4.58 ()
etag: "1a8-5d4ef7d746e6f"
x-frame-options: DENY
content-type: application/javascript
accept-ranges: bytes
content-length: 424
x-xss-protection: 1; mode=block

GET
H2

200

starV6.gif
jelly-v6.mdhv.io/v1/
Redirect Chain

https://jelly.mdhv.io/v1/star.gif?pid=lL9ruUN6fSVYtuhdYDioOK6oziLQ&src=mh&evt=hi
https://jelly-v6.mdhv.io/v1/starV6.gif?evt=hi&pid=lL9ruUN6fSVYtuhdYDioOK6oziLQ&src=mh&tx=0065644d-4571-4afb-9b81-00f67153a917

43 B
235 B

290ms
143ms

Image
image/gif

2001:4860:4802:38::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jelly-v6.mdhv.io/v1/starV6.gif?evt=hi&pid=lL9ruUN6fSVYtuhdYDioOK6oziLQ&src=mh&tx=0065644d-4571-4afb-9b81-00f67153a917
Protocol: H2
Server: 2001:4860:4802:38::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 14:15:00 GMT
server: Google Frontend
content-type: image/gif
x-cloud-trace-context: cf420f5b6a0d70ce6842f76afa6e484e
cache-control: no-store,no-cache,must-revalidate,max-age=0,post-check=0,pre-check=0
content-length: 43
expires: -1

Redirect headers

location: https://jelly-v6.mdhv.io/v1/starV6.gif?evt=hi&pid=lL9ruUN6fSVYtuhdYDioOK6oziLQ&src=mh&tx=0065644d-4571-4afb-9b81-00f67153a917
x-cloud-trace-context: fc13be8a07b39e1cca4f035411cdc2c0
date: Fri, 13 Sep 2024 14:15:00 GMT
server: Google Frontend
content-length: 173
content-type: text/html; charset=utf-8

GET
H3

200

activityi;dc_pre=CPi668mNwIgDFTsqBgAd8Zwrvw;src=11607354;type=brand0;cat=junip00;ord=9426934887093;npa=1;auiddc=1616731516.1726236900;u1=en-us;u2=threat-labs-knowledge-base;u3=https%3A%2F%2Fblogs.j...
11607354.fls.doubleclick.net/ Frame ECDB
Redirect Chain

https://11607354.fls.doubleclick.net/activityi;src=11607354;type=brand0;cat=junip00;ord=9426934887093;npa=1;auiddc=1616731516.1726236900;u1=en-us;u2=threat-labs-knowledge-base;u3=https%3A%2F%2Fblog...
https://11607354.fls.doubleclick.net/activityi;dc_pre=CPi668mNwIgDFTsqBgAd8Zwrvw;src=11607354;type=brand0;cat=junip00;ord=9426934887093;npa=1;auiddc=1616731516.1726236900;u1=en-us;u2=threat-labs-kn...

0
0

60ms
60ms

Document
text/html

172.217.23.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://11607354.fls.doubleclick.net/activityi;dc_pre=CPi668mNwIgDFTsqBgAd8Zwrvw;src=11607354;type=brand0;cat=junip00;ord=9426934887093;npa=1;auiddc=1616731516.1726236900;u1=en-us;u2=threat-labs-knowledge-base;u3=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;u5=null;u6=null;u7=null;u8=null;ps=1;pcor=1402475104;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;user_data_mode=a;gtm=45fe49b0v9189922125za200;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;tag_exp=0;epver=2;em=tv.1;~oref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-11607354

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 420
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Sep 2024 14:15:00 GMT
expires: Fri, 13 Sep 2024 14:15:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Sep 2024 14:15:00 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://11607354.fls.doubleclick.net/activityi;dc_pre=CPi668mNwIgDFTsqBgAd8Zwrvw;src=11607354;type=brand0;cat=junip00;ord=9426934887093;npa=1;auiddc=1616731516.1726236900;u1=en-us;u2=threat-labs-knowledge-base;u3=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;u5=null;u6=null;u7=null;u8=null;ps=1;pcor=1402475104;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;user_data_mode=a;gtm=45fe49b0v9189922125za200;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;tag_exp=0;epver=2;em=tv.1;~oref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 activity;register_conversion=1;src=11607354;type=brand0;cat=junip00;ord=9426934887093;npa=1;auiddc=1616731516.1726236900;u1=en-us;u2=threat-labs-knowledge-base;u3=https%3A%2F%2Fblogs.juniper.net%2F...
ad.doubleclick.net/ 0
22 B 110ms
75ms Image
image/png 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/activity;register_conversion=1;src=11607354;type=brand0;cat=junip00;ord=9426934887093;npa=1;auiddc=1616731516.1726236900;u1=en-us;u2=threat-labs-knowledge-base;u3=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;u5=null;u6=null;u7=null;u8=null;ps=1;pcor=1402475104;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;user_data_mode=a;gtm=45fe49b0v9189922125za200;gcd=13l3l3l2l1l1;dma_cps=syphamo;dma=1;tag_exp=0;epver=2;em=tv.1;~oref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware?

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 14:15:00 GMT
attribution-reporting-register-trigger: {"aggregatable_deduplication_keys":[{"deduplication_key":"3132865737552098827"}],"aggregatable_trigger_data":[{"filters":[{"14":["12656578"]}],"key_piece":"0x2fe2a09f489bf310","source_keys":["12","13","14","15","16","17","18","19","20","21","16772804","16772805","16772806","16772807","20511968","20511969","20511970","20511971","638547196","638547197","638547198","638547199","640975976","640975977","640975978","640975979","900013960","900013961","900013962","900013963","900136808","900136809","900136810","900136811"]},{"key_piece":"0xbe49d1bc8fd42553","not_filters":{"14":["12656578"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","16772804","16772805","16772806","16772807","20511968","20511969","20511970","20511971","638547196","638547197","638547198","638547199","640975976","640975977","640975978","640975979","900013960","900013961","900013962","900013963","900136808","900136809","900136810","900136811"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"16772804":36,"16772805":36,"16772806":36,"16772807":3530,"17":65,"18":6356,"19":65,"20":65,"20511968":65,"20511969":65,"20511970":65,"20511971":6356,"21":6356,"638547196":40,"638547197":40,"638547198":40,"638547199":3973,"640975976":32,"640975977":32,"640975978":32,"640975979":3177,"900013960":218,"900013961":218,"900013962":218,"900013963":21189,"900136808":72,"900136809":72,"900136810":72,"900136811":7062},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"4309016045497546655","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"3132865737552098827","filters":[{"14":["12656578"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"3132865737552098827","filters":[{"14":["12656578"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"3132865737552098827","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"3132865737552098827","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["11607354"]}}
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 RC523dad21147b431dba5e923b678e8d52-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 914 B
756 B 24ms
23ms Script
application/x-javascript 2a02:26f0:480:f9d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC523dad21147b431dba5e923b678e8d52-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f9d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: eb60df77e978752bd08be68bb7bbd09c84b4d4f472ddac1f7107518194051e3b

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:15:00 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 499
expires: Fri, 13 Sep 2024 15:15:00 GMT

GET
H2 200 RC7470316f91bd443b9d778475ef48d1bd-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 891 B
706 B 23ms
23ms Script
application/x-javascript 2a02:26f0:480:f9d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC7470316f91bd443b9d778475ef48d1bd-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f9d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: f5b595408d533b5c2ab830811bd19711f4b9407d7b20a8772b94f3251cfb5083

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:15:00 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 449
expires: Fri, 13 Sep 2024 15:15:00 GMT

GET
H2 200 twin.php
twin-iq.kickfire.com/ 95 B
365 B 187ms
186ms Image
image/png 54.188.203.142
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://twin-iq.kickfire.com/twin.php?TWIQ=15530&kftwiqpg=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&Hst=blogs.juniper.net&r=0.2932001487666396

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.188.203.142 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-188-203-142.us-west-2.compute.amazonaws.com

Software

Apache/2.4.58 () / PHP/7.2.34

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:15:01 GMT
content-security-policy: frame-ancestors 'none';
x-content-type-options: nosniff
server: Apache/2.4.58 ()
x-powered-by: PHP/7.2.34
x-frame-options: DENY
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/png
x-xss-protection: 1; mode=block

GET
H2 200 pixel.js Show response
tracker.pixeltracker.co/ 16 KB
5 KB 124ms
35ms Script
application/javascript 104.18.20.104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracker.pixeltracker.co/pixel.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.20.104 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df724f74070c9f7d427aa98f9b2e8c95262b1948da1997951c86f9431dbe7f15

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:15:01 GMT
content-encoding: gzip
cf-cache-status: HIT
x-goog-meta-goog-reserved-file-mtime: 1699445830
age: 1508847
x-guploader-uploadid: ABPtcPoF8wb5IZGnpgvoYPdgtdNRTT0LJP4077BqX6-lDby5CNiziky-3d9TemShLsm0TqzXIU2MyRmt0g
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
last-modified: Wed, 08 Nov 2023 12:17:13 GMT
server: cloudflare
etag: W/"c310953f3323fe59557d930a372307a8"
vary: Accept-Encoding
x-goog-generation: 1699445832975217
content-type: application/javascript
x-goog-hash: crc32c=+GBbkQ==, md5=wxCVPzMj/llVfZMKNyMHqA==
cache-control: public, max-age=14400
x-goog-stored-content-length: 16833
cf-ray: 8c28bf37a8c51ca9-FRA
expires: Fri, 13 Sep 2024 18:15:01 GMT

GET
H2 200 up.js Show response
cdn01.basis.net/assets/ 4 KB
2 KB 106ms
21ms Script
application/javascript 41.63.96.130
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn01.basis.net/assets/up.js?um=1
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 41.63.96.130 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS: https-41-63-96-130.hhn.llnw.net
Software: AC1.1 /
Resource Hash: 64f79d2b82f30e45a0f64e55d407500f68dd1de845dac688084e88cc4bfff4e4

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:15:01 GMT
content-encoding: gzip
last-modified: Tue, 02 Apr 2024 15:41:58 GMT
server: AC1.1
age: 75225
vary: accept-encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 1714
x-llid: bbfdc12798a463b6d0e62703569806bb

GET
H2 200 / Show response
pixel.veritone-ce.com/ 1 KB
873 B 192ms
23ms Script
text/javascript 108.138.26.63
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.veritone-ce.com/
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.26.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-26-63.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c00190e30cbb6e0ce4ca18e3bdda48da3d86e7ed819d231ecdb7a858ea9b559a

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 07:14:36 GMT
content-encoding: gzip
via: 1.1 8dc3ccc34d68ee81173fff2a80f72bde.cloudfront.net (CloudFront)
last-modified: Fri, 06 Sep 2024 00:12:18 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P7
age: 44340
x-amz-server-side-encryption: AES256
etag: W/"16ec03509624e05586b03d423dfa180b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: 3NdDx1zsf_xQVhjHYyWonMwsc1aWrZWF830Xh1rXMMqEEn13anEHgw==

GET
H2 200 05bcf15a-3bdd-4b63-b81c-dd7882f974f1
p.veritone-ce.com/ 43 B
137 B 409ms
167ms Image
image/gif 52.204.237.3
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.veritone-ce.com/05bcf15a-3bdd-4b63-b81c-dd7882f974f1?ts=1726236901410&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&ref=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.204.237.3 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-237-3.compute-1.amazonaws.com
Software: /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:15:01 GMT
content-length: 43
apigw-requestid: eDBT8hXCIAMEYDw=
content-type: image/gif

GET
H/1.1 200
OK /
servedby.flashtalking.com/container/16396;116748;12367;iframe/ Frame 0669 0
0 80ms
27ms Document
text/html 23.197.128.137
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://servedby.flashtalking.com/container/16396;116748;12367;iframe/?ftXRef=[%INSERT_TRANSACTION_ID_HERE%]&ftXValue=[%INSERT_TRANSACTION_VALUE_HERE%]&ftXType=[%INSERT_TRANSACTION_TYPE_HERE%]&ftXName=[%INSERT_TRANSACTION_NAME_HERE%]&ftXNumItems=[%INSERT_TRANSACTION_QUANTITY_HERE%]&ftXCurrency=[%INSERT_TRANSACTION_CURRENCY_HERE%]&U1=[%INSERT_U1_HERE%]&U2=[%INSERT_U2_HERE%]&U3=[%INSERT_U3_HERE%]&U4=[%INSERT_U4_HERE%]&U5=[%INSERT_U5_HERE%]&U6=[%INSERT_U6_HERE%]&U7=[%INSERT_U7_HERE%]&U8=[%INSERT_U8_HERE%]&U9=[%INSERT_U9_HERE%]&U10=[%INSERT_U10_HERE%]&U11=[%INSERT_U11_HERE%]&U12=[%INSERT_U12_HERE%]&U13=[%INSERT_U13_HERE%]&U14=[%INSERT_U14_HERE%]&U15=[%INSERT_U15_HERE%]&U16=[%INSERT_U16_HERE%]&U17=[%INSERT_U17_HERE%]&U18=[%INSERT_U18_HERE%]&U19=[%INSERT_U19_HERE%]&U20=[%INSERT_U20_HERE%]&ft_referrer=&ns=&cb=145392.03468133177

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.197.128.137 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-128-137.deploy.static.akamaitechnologies.com

Software

prod-xre-app12.frk11 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://blogs.juniper.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Allow-Fenced-Frame-Automatic-Beacons: true
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 952
Content-Type: text/html
Date: Fri, 13 Sep 2024 14:15:01 GMT
Expires: Fri, 13 Sep 2024 14:15:01 GMT
Pragma: no-cache
Server: prod-xre-app12.frk11
Strict-Transport-Security: max-age=86400
Vary: Accept-Encoding

GET
H2 200 quant.js Show response
secure.quantserve.com/ 23 KB
10 KB 105ms
29ms Script
application/javascript 2620:116:800d:21:ef75:8280:f209:5ba1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:ef75:8280:f209:5ba1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 76c46df9a6ba94318fafe8023e3f52e28b1b9a1eaf16dcd4d7ce95ab6942859b

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:15:01 GMT
content-encoding: gzip
etag: "tIg8n6xaLBY4WwNLLw9OGA=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Fri, 20 Sep 2024 14:15:01 GMT

GET
H/1.1

200
OK

cnv
cnv.event.prod.bidr.io/log/
Redirect Chain

https://cnv.event.prod.bidr.io/log/cnv?tag_id=7&buzz_key=demandworks&value=&segment_key=&account_id=2&order=[ORDER]&ord=[CACHEBUSTER]
https://cnv.event.prod.bidr.io/log/cnv?tag_id=7&buzz_key=demandworks&value=&segment_key=&account_id=2&order=%5BORDER%5D&ord=%5BCACHEBUSTER%5D&_bee_ppp=1

43 B
796 B

50ms
50ms

Image
image/gif

52.19.101.219
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cnv.event.prod.bidr.io/log/cnv?tag_id=7&buzz_key=demandworks&value=&segment_key=&account_id=2&order=%5BORDER%5D&ord=%5BCACHEBUSTER%5D&_bee_ppp=1

Protocol

HTTP/1.1

Server

52.19.101.219 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-101-219.eu-west-1.compute.amazonaws.com

Software

gunicorn /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
Date: Fri, 13 Sep 2024 14:15:01 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
content-type: image/gif
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cnv.event.prod.bidr.io/log/cnv?tag_id=7&buzz_key=demandworks&value=&segment_key=&account_id=2&order=%5BORDER%5D&ord=%5BCACHEBUSTER%5D&_bee_ppp=1
Date: Fri, 13 Sep 2024 14:15:01 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

GET
H2 200 RCfdf8ffc36ef44bec9aaafc383e9d9a76-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 625 B
636 B 20ms
20ms Script
application/x-javascript 2a02:26f0:480:f9d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RCfdf8ffc36ef44bec9aaafc383e9d9a76-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f9d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 5bed28fd0d04dc891e931c1be98ee7b011942f62d6ccc03a9c2176bcb321499a

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:15:01 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 379
expires: Fri, 13 Sep 2024 15:15:01 GMT

GET
H2 200 rules-p-12W2nEaTZGDpg.js Show response
rules.quantcount.com/ 7 KB
2 KB 173ms
56ms Script
application/javascript 2600:9000:223c:8e00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-12W2nEaTZGDpg.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:8e00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fdc089e666329e01b4322658ffe1d489c1e3d0eaeec077b29f24d7f9598925f9

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 13:46:18 GMT
content-encoding: gzip
via: 1.1 3a3c1dcacd115187f53f40028ae4bd24.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 1746
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
last-modified: Fri, 14 Oct 2022 06:30:45 GMT
server: AmazonS3
etag: W/"6963f9f4b999d73547da0b0bd09ca464"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
x-amz-cf-id: DxK_-85UbazbgS_7ejbnVZ-_97UkNguBuBPccc3PAa7_pjJCc0Mhqg==

GET
H2

200

asyncPixelSync
pixel-sync.sitescout.com/dmp/ Frame E934
Redirect Chain

https://pixel-sync.sitescout.com/dmp/asyncPixelSync
https://pixel-sync.sitescout.com/dmp/asyncPixelSync?cookieQ=1

0
0

36ms
33ms

Document
text/html

34.36.216.150
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-sync.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.36.216.150 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 150.216.36.34.bc.googleusercontent.com
Software: A /
Resource Hash

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: max-age=0,no-cache,no-store
content-length: 1174
content-type: text/html;charset=UTF-8
date: Fri, 13 Sep 2024 14:15:01 GMT
expires: Tue, 11 Oct 1977 12:34:56 GMT
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
server: A
via: 1.1 google

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Fri, 13 Sep 2024 14:15:01 GMT
location: https://pixel-sync.sitescout.com/dmp/asyncPixelSync?cookieQ=1
server: A
via: 1.1 google

GET
H2 200 2fb4a0900fc1ab67
pixel.sitescout.com/up/ 43 B
259 B 139ms
42ms Image
image/gif 98.98.135.24
ZEN-ECN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sitescout.com/up/2fb4a0900fc1ab67?cntr_url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 98.98.135.24 Riyadh, Saudi Arabia, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: AC1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 14:15:01 GMT
server: AC1.1
content-type: image/gif
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
cache-control: max-age=0,no-cache,no-store
content-length: 43
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

pixel;r=1961586933;labels=_fp.event.Default;rf=0;a=p-12W2nEaTZGDpg;url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;uht=2;fpan=1;fpa=P0-884584826-1726...
pixel-ssn.quantserve.com/
Redirect Chain

https://pixel.quantserve.com/pixel;r=1961586933;labels=_fp.event.Default;rf=0;a=p-12W2nEaTZGDpg;url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;uht=2...
https://pixel-ssn.quantserve.com/pixel;r=1961586933;labels=_fp.event.Default;rf=0;a=p-12W2nEaTZGDpg;url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;u...

35 B
356 B

114ms
26ms

Image
image/gif

91.228.74.159
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel-ssn.quantserve.com/pixel;r=1961586933;labels=_fp.event.Default;rf=0;a=p-12W2nEaTZGDpg;url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;uht=2;fpan=1;fpa=P0-884584826-1726236901536;pbc=;ns=0;ce=1;qjs=1;qv=15f23c9a-20240703164903;cm=;gdpr=0;ref=;d=juniper.net;dst=1;et=1726236901738;tzo=-120;ogl=locale.en_US%2Ctype.article%2Ctitle.Blackbyte%20Ransomware%20%7C%20Official%20Juniper%20Networks%20Blogs%2Cdescription.Threat%20Description%C2%A0%20%C2%A0Sha256%3A%201df11bc19aa52b623bdf15380e3fded56d8eb6fb7b53a224077%2Curl.https%3A%2F%2Fblogs%252Ejuniper%252Enet%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware%2Csite_name.Official%20Juniper%20Networks%20Blogs%2Cimage.https%3A%2F%2Fblogs%252Ejuniper%252Enet%2Fwp-content%2Fuploads%2F2022%2F03%2Fransom_note-1024x444%252Epng%2Curl.https%3A%2F%2Fblogs%252Ejuniper%252Enet%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware%2Ctitle.Blackbyte%20Ransomware;ses=e8dca33b-046b-437b-9e66-a7fef0e9aa67;mdl=;dip=2c5bb817-aef9-4139-9d22-53757813e4ba

Protocol

Server

91.228.74.159 , United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 14:15:01 GMT
attribution-reporting-register-trigger: {"event_trigger_data":[{"filters":[{"label":["XIs9cXuHhiR3L4rY6hRZdQ=="],"pcode":["p-12W2nEaTZGDpg"]}],"trigger_data":"1"}]}
strict-transport-security: max-age=86400
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 13 Sep 2024 14:15:01 GMT
attribution-reporting-register-trigger: {"event_trigger_data":[{"filters":[{"label":["XIs9cXuHhiR3L4rY6hRZdQ=="],"pcode":["p-12W2nEaTZGDpg"]}],"trigger_data":"1"}]}
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://pixel-ssn.quantserve.com/pixel;r=1961586933;labels=_fp.event.Default;rf=0;a=p-12W2nEaTZGDpg;url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;uht=2;fpan=1;fpa=P0-884584826-1726236901536;pbc=;ns=0;ce=1;qjs=1;qv=15f23c9a-20240703164903;cm=;gdpr=0;ref=;d=juniper.net;dst=1;et=1726236901738;tzo=-120;ogl=locale.en_US%2Ctype.article%2Ctitle.Blackbyte%20Ransomware%20%7C%20Official%20Juniper%20Networks%20Blogs%2Cdescription.Threat%20Description%C2%A0%20%C2%A0Sha256%3A%201df11bc19aa52b623bdf15380e3fded56d8eb6fb7b53a224077%2Curl.https%3A%2F%2Fblogs%252Ejuniper%252Enet%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware%2Csite_name.Official%20Juniper%20Networks%20Blogs%2Cimage.https%3A%2F%2Fblogs%252Ejuniper%252Enet%2Fwp-content%2Fuploads%2F2022%2F03%2Fransom_note-1024x444%252Epng%2Curl.https%3A%2F%2Fblogs%252Ejuniper%252Enet%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware%2Ctitle.Blackbyte%20Ransomware;ses=e8dca33b-046b-437b-9e66-a7fef0e9aa67;mdl=;dip=2c5bb817-aef9-4139-9d22-53757813e4ba
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

Verdicts & Comments Add Verdict or Comment

207 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

40 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.juniper.net/	1970-01-20 23:40:41	Name: AWSALBAPP-0 Value: _remove_
www.juniper.net/	1970-01-20 23:40:41	Name: AWSALBAPP-1 Value: _remove_
www.juniper.net/	1970-01-20 23:40:41	Name: AWSALBAPP-2 Value: _remove_
www.juniper.net/	1970-01-20 23:40:41	Name: AWSALBAPP-3 Value: _remove_
.juniper.net/	1969-12-31 23:59:59	Name: at_check Value: true
www.juniper.net/	1970-01-20 23:40:41	Name: AWSALBTG Value: vgkZXK3Dg70QyGroD0hLGivazj1MvGos9a5FwD/KnVD8/2qSmDmY4j3SAFxHY3/7ENBDv3bcSPl1a9/KGfrSg5xvlPDtQmTzdiU88P8NbAc60I0x78BpXzXvGkQzXVQHXrFM9lQ+UXt/MFxJRYhxHNODe4hoYzWPeDsa2hBk8bLEbL0rM/Y=
www.juniper.net/	1970-01-20 23:40:41	Name: AWSALBTGCORS Value: vgkZXK3Dg70QyGroD0hLGivazj1MvGos9a5FwD/KnVD8/2qSmDmY4j3SAFxHY3/7ENBDv3bcSPl1a9/KGfrSg5xvlPDtQmTzdiU88P8NbAc60I0x78BpXzXvGkQzXVQHXrFM9lQ+UXt/MFxJRYhxHNODe4hoYzWPeDsa2hBk8bLEbL0rM/Y=
.demdex.net/	1970-01-21 03:49:48	Name: demdex Value: 13270214582154211113560130071355897251
.juniper.net/	1969-12-31 23:59:59	Name: AMCVS_D206123F524450F50A490D45%40AdobeOrg Value: 1
.demdex.net/	1970-01-21 03:49:48	Name: dextp Value: 771-1-1726236888642
.juniper.net/	1970-01-21 09:06:36	Name: mbox Value: session#89d08c5a001343f0812d037bd2c1f0de#1726238749\|PC#89d08c5a001343f0812d037bd2c1f0de.37_0#1789481689
.dpm.demdex.net/	1970-01-21 03:49:48	Name: dpm Value: 13270214582154211113560130071355897251
.juniper.net/	1970-01-21 09:06:36	Name: AMCV_D206123F524450F50A490D45%40AdobeOrg Value: 179643557%7CMCIDTS%7C19980%7CMCMID%7C19852699730327790884075618067319934020%7CMCAAMLH-1726841688%7C6%7CMCAAMB-1726841688%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1726244088s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19987%7CvVersion%7C5.5.0
.doubleclick.net/	1970-01-21 08:52:12	Name: IDE Value: AHWqTUkTO-Mnl5LQcxEx5UZFKW_S0jjZoAneuxTHzdHp-HulUGl7nXNUBUj0G_wE8es
blogs.juniper.net/	1969-12-31 23:59:59	Name: jnpr_vID Value: GAjbFqZo3E9zulJN7o9o964auDs4XXGu-1726236898
.doubleclick.net/	1970-01-21 03:49:48	Name: receive-cookie-deprecation Value: 1
.doubleclick.net/	1970-01-21 00:13:48	Name: ar_debug Value: 1
.juniper.net/	1969-12-31 23:59:59	Name: s_cc Value: true
.eloqua.com/	1970-01-21 08:59:24	Name: ELOQUA Value: GUID=5CD01EBC683041E4A32AB7BD7FFE2353
.eloqua.com/	1970-01-21 08:59:24	Name: ELQSTATUS Value: OK
.linkedin.com/	1970-01-21 08:16:12	Name: bcookie Value: "v=2&846ce2f2-38fb-4b31-88e1-281dc1fbe831"
.linkedin.com/	1970-01-21 03:49:48	Name: li_gc Value: MTswOzE3MjYyMzY4OTg7MjswMjHu0g+PYUvtWED/aKH6yxpBqnBlynwAoy/ihKWV3hU16A==
.linkedin.com/	1970-01-20 23:32:03	Name: lidc Value: "b=OGST02:s=O:r=O:a=O:p=O:g=3345:u=1:x=1:i=1726236898:t=1726323298:v=2:sig=AQEC5hAJLj1oyGJcefI_IIdqctYUphk-"
.company-target.com/	1970-01-21 09:06:36	Name: tuuid Value: f44f1cef-7e8b-40c8-9430-66b7f540a31b
.company-target.com/	1970-01-21 09:06:36	Name: tuuid_lu Value: 1726236898\|ix:0\|mctv:0\|rp:0
.casalemedia.com/	1970-01-21 08:16:12	Name: CMID Value: ZuRI41VbLXoAAE-lAIdyeAAA
.casalemedia.com/	1970-01-21 01:40:12	Name: CMPS Value: 5208
.casalemedia.com/	1970-01-21 01:40:12	Name: CMPRO Value: 5208
.tremorhub.com/	1970-01-21 08:16:33	Name: tvid Value: 0520831903bc4a3e944b9a546e841212
.tremorhub.com/	1970-01-21 09:06:36	Name: tv_UIDM Value: f44f1cef-7e8b-40c8-9430-66b7f540a31b
.juniper.net/	1970-01-21 01:40:12	Name: _gcl_au Value: 1.1.1616731516.1726236900
.quantserve.com/	1970-01-21 09:00:51	Name: mc Value: 66e448e5-bd3d8-9d3bf-4ccdd
.bidr.io/	1970-01-21 08:59:10	Name: bito Value: AAIlQU7NyJIADOGs5tYWFg
.bidr.io/	1970-01-21 08:59:10	Name: bitoIsSecure Value: ok
.sitescout.com/	1970-01-21 08:16:12	Name: ssi Value: 3ae67450-18c1-4870-8286-5cbdeaa0e23a#1726236901822
.sitescout.com/	1970-01-21 00:13:48	Name: _ssuma Value: eyIyIjoxNzI2MjM2OTAxODU2LCI0IjoxNzI2MjM2OTAxODU2LCIzOSI6MTcyNjIzNjkwMTg1NiwiNyI6MTcyNjIzNjkwMTg1NiwiOCI6MTcyNjIzNjkwMTg1Nn0
.juniper.net/	1970-01-21 08:55:05	Name: __qca Value: P0-884584826-1726236901536
.tapad.com/	1970-01-21 00:57:00	Name: TapAd_TS Value: 1726236901965
.tapad.com/	1970-01-21 00:57:00	Name: TapAd_DID Value: e9e03ee7-677e-4992-8271-b62a1b9cbac6
.tapad.com/	1970-01-21 00:57:00	Name: TapAd_3WAY_SYNCS Value:

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://id.rlcdn.com/464526.gif Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

11607354.fls.doubleclick.net
3872718.fls.doubleclick.net
ad.doubleclick.net
api.company-target.com
assets.adobedtm.com
bat.bing.com
blogs.juniper.net
cdn01.basis.net
cm.everesttech.net
cnv.event.prod.bidr.io
dpm.demdex.net
fonts.googleapis.com
google.com
googleads.g.doubleclick.net
id.rlcdn.com
img.en25.com
insight.adsrvr.org
jelly-v6.mdhv.io
jelly.mdhv.io
js.adsrvr.org
junipernetworks.d2.sc.omtrdc.net
junipernetworks.demdex.net
junipernetworks.tt.omtrdc.net
p.typekit.net
p.veritone-ce.com
pixel-ssn.quantserve.com
pixel-sync.sitescout.com
pixel.quantserve.com
pixel.sitescout.com
pixel.veritone-ce.com
px.ads.linkedin.com
px4.ads.linkedin.com
rules.quantcount.com
s.company-target.com
s1229.t.eloqua.com
scripts.demandbase.com
secure.quantserve.com
servedby.flashtalking.com
snap.licdn.com
tag-logger.demandbase.com
tracker.pixeltracker.co
twin-iq.kickfire.com
use.typekit.net
www.googleadservices.com
www.googletagmanager.com
www.juniper.net
104.18.20.104
108.138.26.63
13.107.42.14
13.32.27.65
142.250.185.226
142.250.186.134
142.250.186.142
142.250.186.162
151.101.131.10
172.217.23.102
18.172.103.101
18.66.102.127
184.25.216.9
192.29.67.231
2.19.126.198
2001:4860:4802:38::15
216.239.36.21
23.197.128.137
2600:9000:223c:8e00:6:44e3:f8c0:93a1
2600:9000:2724:3c00:1d:8d6d:3b40:93a1
2620:116:800d:21:ef75:8280:f209:5ba1
2620:1ec:21::14
2620:1ec:33:3::10
2a00:1450:4001:81c::2008
2a00:1450:4001:831::200a
2a02:26f0:3500:10::210:a9a
2a02:26f0:3500:16::215:1495
2a02:26f0:480:f9d::1e80
34.36.216.150
34.96.71.22
35.244.174.68
35.71.131.137
41.63.96.130
44.233.31.59
52.17.26.217
52.19.101.219
52.204.237.3
54.188.203.142
54.220.77.37
54.75.32.208
63.140.62.17
66.235.152.225
91.228.74.159
98.98.135.24
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
034acd3ced0cf00cdfcb684283fdc624a48c2dc8dcddeb55e09412f92971056d
0a752974eac0410c26ff4e782e29f8fefb23e25faad2772471b6981606aad3eb
0ab523c8b0ad80c8faca797a4b006becc110fddd8a3376314d362dd2441b2be0
0d959c38ce96d9eb0b03d81293e3bd3a9d4f7e82a760a67ee14e99cfa6ee601f
0ef05791b6903e02cccafcca34734fe00a68dbd20b39dd877e985fa90f408eb7
13c10e67f5cc58bf4d09e0d7e2e8dbcc11199b099c70cd3f25e6fed7b0f1e225
15c14a35beeabe632f718ce14189ade1b8b6760b977e1e8149b5e1211d3efde5
177017cb8a71dc724639c540e82f90a4c3af791ecffdbd8759c4eccba4a04f50
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1e5835bdeb64e527df1798a27b0ed61c8b6003759bd6dcd57e7b59e1e5aa3f99
21ac17720285646169355f26dc7e527c20d2882a8d1de2a902e429dc94f9acd5
25cc9d09d9ccea303a325189dac41d865b8f74229b33a5754da6031aef42a185
290c5b04153c8864dd5d33449f64898b350019dca6e852654c92e5b5b63117d9
2ad4e96fb2e21b58c32607429b7597950140dee740489604ba141308622b8929
2fb9c4440fc20fe0be63e4d6c9ef4c34441e08184f8d97e70ae1b201b812f73a
301acbee50a7f8f6f6c1936ecde0a24817cf92af70dfd5fabda6c0615f0ae51d
31e44d0bc68ceafd76cf8ec85d54022021b0cb74856203e43e27359bb0a78123
3346de8e2ae1bfde250c7ac5c06f79a0a60c7faef8e5e08a2c9e8fbf5ec2c9e8
3458646c92ebe1c0e71b5b65407f90227ccdbc073f8d7331f36c00847974032a
346d20eb0f3800ef6bb0f2d0641be87380603da567edccd1b23e10cd67e068a3
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
43cdf46f331fec5ba92e402e3d5cad473099892cbdafca02e607cd03705104bf
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
454b39bc48bb4276bfbbfd066ae2e5fb777dc34b8339dbd5f3526e3f96cbcb82
4571e596020138c4fa269eabd1c5ae125d31c168c6d751aeb96d457f91ae9b45
45d726de893364cc8c294fbb28b94d03276325f6ec77cb0bcda6eddafc6119fe
46703bc4a3c94e65c92173441a572f55539bad28e898b8eaab2714408272f947
46f5a39d726c1bf2ab0352d162587be095ec976e7d0b07ac28de888054a7537a
47d50114dccf7494ae9299fec825f1eae1aabfb94154b5f8ab9923754104e3f0
4ac6f3f96ba95b41a75dace029d6f460e9721949d91b2680723394f1c8ecce29
4d966ffbf39121ce17dca578684dda721702d20ee534cf9beeeb947b9a4cda12
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5030a5190ea5bcfb12e186233d1a10b8470897223e6ec5fb6cdce857c915acf9
50b4976fb3abca7428ce7c060cfd9d1c370f442fb465a7b117424b39e9dc8854
57f53d1b65316e7362b02a42d2a07319fcd3a8d75f2dc91d0094caf98181c741
5bed28fd0d04dc891e931c1be98ee7b011942f62d6ccc03a9c2176bcb321499a
60ed45fe20ede817f77c4e774e77fd9a9a4f4046c67456f1442eac2095918438
64f79d2b82f30e45a0f64e55d407500f68dd1de845dac688084e88cc4bfff4e4
6a482d2d94c0d1bc6937a1759389d01b475e6b28a0d9b5d7eaa3f9cc8f59f3cd
6e568d43eff272dd73b9bd6fe8e5ca55c71583f238e7648353ea19c4ceb261b0
70349fe86be7c6dcd4062011d02d91185a4a45b60e2826f05985d67f8ae43bd3
71d18af9ee879a36717e1ea3367b669031e3f6b12cb0aa1373fd200d278c4e6a
76c46df9a6ba94318fafe8023e3f52e28b1b9a1eaf16dcd4d7ce95ab6942859b
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
7916afc4c8127841ebdb3bf93e53537b270d0e308c0002074b8a3f3316362a07
7af2c659d6f3451b1d60b59d07e71f8b6ddcba906f882bf363c5c8532b01f5ed
7dcbd9ddb813cf06084d60b6158da5289b9e33ba3f9e7c463fd20e7ec8462014
7ff5a2ce1b7603d6e9f61f85587efe96cbed61d71ace91bcc6ca7d0bc07cc7ce
8293beebcc079e028da2da51dc237e13c8dbe30c36e5d7e9fb42f68a282ffd30
8557ceef587615c421b7697a3a046e1b5605c514c6299787b89882797e97f120
89a733d708f3c1d4e9586f565282da135a31e93a9ad3da1611f64d1a112b457c
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
8bdeccca78a78d8bbc1dc284695d1ac41bfb790521c3470e7947fa28d76ef969
8d652933fc07439cc510cffb3133311ee07f6f424d2964cb7f4ef3eb4e2b2793
8fb803a264e369f926808ada4799693ea7aee214f1f3c8006510f10c4273e78f
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
96f6e313bffe4d3b6c1018cd4257c1d3e1e6ee5b151f5c876637d027cf12cef9
99f112114fdf68a2c9913bbdff0f0ec524243ce621aa8b46f6275620695fb208
a0017954d36e42d9f624ad09e6ea706e253683a036ccfae96137f6b487eeb2e6
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0f10ac61e20d25989eea5b54c5fcc43934853847f67054b401333413ac132d0
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2230e9dd7b979f89ff7b0af3aba00aa58f6ec169db58ce5dbc782d08371dd66
a791796f72eea3c5febcbe84acc17e5e8e434e71036ea481b168dc4f41f12a9c
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
aaca7ef5b10dce82f9dd66e31815f073ef81677f6fc81c17ab6e688f2189fd20
ac6b7a946ec79473fad9578bdeeeb0d7b8065236a2441c5ecf425a509d3afb4d
ac842a7d8f8ad92c6210375fbd8ed2373888ce7853659d61981d8372fe1c9eb8
b5534f9b8235574a84a3e5b39394435f69872050496532d1b274cd7f2996ebd3
bbd96c67188ee6d1977bd7bfc382000eff01010cb8656023d6bdf8b77ab91c95
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bf376bda577cabdec91f4e3f27597af77cb736bd548e87e987e1ee97e0549f1c
c00190e30cbb6e0ce4ca18e3bdda48da3d86e7ed819d231ecdb7a858ea9b559a
c5f15a70092ec3d2df51f031acc448833369721750b2a8a291fc4e89b8890059
c6846556479addb85175eb801d75cd64485ccec53b42fac54441fef1895c0408
da94c16c4331bdda0f80784ad7c2c31713bf3aee6c6c4ddec1606d0ba077f4dd
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
df724f74070c9f7d427aa98f9b2e8c95262b1948da1997951c86f9431dbe7f15
dfad551a53c767e229da4a2f650e4b10d698f1b361b74e9f88a862dddaf64041
e0291270eacaaeea992dddc8c314fa3a9a3c2c06e3aacb14f971b4f794200a2b
e140beffd54616292cdd8060a530be3bf2b03f0d8186233186474b8e267db1bb
e253109e6d843fd0dd5887c79ec1340e56913d38ad179499aeb55163875de6a7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4ccf32b4d570f678ef818d0ab645defe462926db4e3a7eb1985430e25a71d96
e8d5b01af589f68a0f2da663d3efc472fabb22d9ede91a7ffcf74d21e6295506
e9714a993c290626c2ade96436f885448d5a87a79bfcbaf2f693b3009de9ffc1
eb60df77e978752bd08be68bb7bbd09c84b4d4f472ddac1f7107518194051e3b
eb8b8bd903a4e388dca1baac5a72110f4eb1f479ee7b655ca53490081726680c
ed93f4b57dbafc1b959d886fcaba2d1fcfb4b94d390531cdcf8fcc079521a0e9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab
f5b595408d533b5c2ab830811bd19711f4b9407d7b20a8772b94f3251cfb5083
fdc089e666329e01b4322658ffe1d489c1e3d0eaeec077b29f24d7f9598925f9

blogs.juniper.net Open in urlscan Pro 44.233.31.59 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

110 Requests

95 %HTTPS

25 %IPv6

30 Domains

46 Subdomains

42 IPs

7 Countries

7520 kBTransfer

8688 kBSize

40 Cookies

100 Outgoing links

Redirected requests

110 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

blogs.juniper.net Open in urlscan Pro
44.233.31.59 Public Scan

Screenshot
Live screenshot

Full Image

110
Requests

95 %
HTTPS

25 %
IPv6

30
Domains

46
Subdomains

42
IPs

7
Countries

7520 kB
Transfer

8688 kB
Size

40
Cookies

110 HTTP transactions
0 data transactions