www.sangfor.com Open in urlscan Pro
2a04:4e42:200::645 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Submission: On October 10 via api (October 10th 2024, 12:42:02 pm UTC) from IN — Scanned from US

Summary HTTP 131 Redirects Links 40 Behaviour Indicators

Summary

This website contacted 27 IPs in 3 countries across 17 domains to perform 131 HTTP transactions. The main IP is 2a04:4e42:200::645, located in United States and belongs to FASTLY, US. The main domain is www.sangfor.com. The Cisco Umbrella rank of the primary domain is 947920.
TLS certificate: Issued by Certainly Intermediate R1 on September 27th 2024. Valid for: a month.

This is the only time www.sangfor.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
64	2a04:4e42:200... 2a04:4e42:200::645	54113 (FASTLY) (FASTLY)
2	2600:141b:1c0... 2600:141b:1c00:16::17c4:309	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
10	2607:f8b0:400... 2607:f8b0:4006:81f::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:f5cb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:81e::2004	15169 (GOOGLE) (GOOGLE)
1	23.201.179.45 23.201.179.45	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2607:3f40:ff0... 2607:3f40:ff03::2e	54994 (ML-1432-5...) (ML-1432-54994)
1	172.217.165.131 172.217.165.131	15169 (GOOGLE) (GOOGLE)
1 4	192.29.201.57 192.29.201.57	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1	2600:141b:1c0... 2600:141b:1c00:2588::f09	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2600:141b:1c0... 2600:141b:1c00:258b::f09	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2001:4860:480... 2001:4860:4802:36::178	15169 (GOOGLE) (GOOGLE)
4	31.13.71.7 31.13.71.7	32934 (FACEBOOK) (FACEBOOK)
2	2600:141b:1c0... 2600:141b:1c00:6::17df:d120	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	142.250.80.36 142.250.80.36	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:36::181	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4004:c19::9a	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:81e::2002	15169 (GOOGLE) (GOOGLE)
4	142.251.40.194 142.251.40.194	15169 (GOOGLE) (GOOGLE)
1	216.239.36.178 216.239.36.178	15169 (GOOGLE) (GOOGLE)
4 6	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a03:2880:f11... 2a03:2880:f112:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700:20:... 2606:4700:20::681a:82c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	69.164.193.241 69.164.193.241	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
1	23.44.201.9 23.44.201.9	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
131	27

64 2a04:4e42:200::645 (United States)

ASN54113 (FASTLY, US)

www.sangfor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:141b:1c00:16::17c4:309 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

consent.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2607:f8b0:4006:81f::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:f5cb (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81e::2004 (United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.201.179.45 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-201-179-45.deploy.static.akamaitechnologies.com

img06.en25.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:3f40:ff03::2e (Canada)

ASN54994 (ML-1432-54994, CA)

download.sangfor.com.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.165.131 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s70-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.29.201.57 (Amsterdam, Netherlands) 1 redirects

ASN31898 (ORACLE-BMC-31898, US)

s757079.t.eloqua.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:1c00:2588::f09 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

consentcdn.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:141b:1c00:258b::f09 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

consentcdn.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
imgsct.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:36::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 31.13.71.7 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-lga3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:141b:1c00:6::17df:d120 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.80.36 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s34-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:36::181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c19::9a (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:81e::2002 (United States)

ASN15169 (GOOGLE, US)

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.40.194 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s38-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.36.178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f112:83:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:82c (United States)

ASN13335 (CLOUDFLARENET, US)

ipapi.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 69.164.193.241 (Richardson, United States)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 69-164-193-241.ip.linodeusercontent.com

wa.arounddeal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.44.201.9 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-44-201-9.deploy.static.akamaitechnologies.com

images.sangfor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
65	sangfor.com www.sangfor.com — Cisco Umbrella Rank: 947920 images.sangfor.com	2 MB
10	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 136 td.doubleclick.net — Cisco Umbrella Rank: 192 Failed googleads.g.doubleclick.net — Cisco Umbrella Rank: 42	10 KB
10	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	587 KB
8	google.com www.google.com — Cisco Umbrella Rank: 3 analytics.google.com — Cisco Umbrella Rank: 147	2 KB
7	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 321 www.linkedin.com — Cisco Umbrella Rank: 646 px4.ads.linkedin.com — Cisco Umbrella Rank: 6828	5 KB
5	arounddeal.com wa.arounddeal.com	2 KB
5	cookiebot.com consent.cookiebot.com — Cisco Umbrella Rank: 4618 consentcdn.cookiebot.com — Cisco Umbrella Rank: 5320 imgsct.cookiebot.com — Cisco Umbrella Rank: 5372	139 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 180	72 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 34	22 KB
4	eloqua.com 1 redirects s757079.t.eloqua.com	3 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 113	3 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 784	14 KB
1	ipapi.co ipapi.co — Cisco Umbrella Rank: 16407	941 B
1	gstatic.com www.gstatic.com	216 KB
1	sangfor.com.cn download.sangfor.com.cn — Cisco Umbrella Rank: 957441	10 KB
1	en25.com img06.en25.com — Cisco Umbrella Rank: 66886	14 KB
1	unpkg.com unpkg.com — Cisco Umbrella Rank: 797	3 KB
131	17

	Domain	Requested by
64	www.sangfor.com	www.sangfor.com
10	www.googletagmanager.com	www.sangfor.com www.googletagmanager.com consent.cookiebot.com
6	www.google.com	www.sangfor.com www.gstatic.com consent.cookiebot.com
5	wa.arounddeal.com	www.sangfor.com wa.arounddeal.com
5	px.ads.linkedin.com	3 redirects snap.licdn.com
4	googleads.g.doubleclick.net	www.googletagmanager.com consent.cookiebot.com
4	td.doubleclick.net	www.googletagmanager.com consent.cookiebot.com
4	connect.facebook.net	www.sangfor.com connect.facebook.net consent.cookiebot.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com consent.cookiebot.com
4	s757079.t.eloqua.com	1 redirects www.sangfor.com
2	www.facebook.com	www.sangfor.com
2	stats.g.doubleclick.net	www.googletagmanager.com
2	analytics.google.com	www.googletagmanager.com
2	snap.licdn.com	www.sangfor.com
2	consentcdn.cookiebot.com	consent.cookiebot.com
2	consent.cookiebot.com	www.sangfor.com consent.cookiebot.com
1	images.sangfor.com	www.sangfor.com
1	imgsct.cookiebot.com
1	ipapi.co	www.sangfor.com
1	px4.ads.linkedin.com	www.sangfor.com
1	www.linkedin.com	1 redirects
1	www.gstatic.com	www.google.com
1	download.sangfor.com.cn	www.sangfor.com
1	img06.en25.com	www.sangfor.com
1	unpkg.com	www.sangfor.com
131	25

This site contains links to these domains. Also see Links.

Domain
www.cookiebot.com
www.gartner.com
business.safety.google
www.linkedin.com
www.spreaker.com
www.statista.com
www.surveymonkey.co.uk
www.hotjar.com
newrelic.com
www.facebook.com
www.oracle.com
www.sangfor.com.cn
sangfor.co.kr
sangfor.es
sangfor.it
sangfor.co.th
sangfor.id
sangfor.com.tr
community.sangfor.com
supportportal.sangfor.com
direct.lc.chat
partnerportal.sangfor.com
active.sangfor.com
connect.sangfor.com
twitter.com
www.youtube.com
www.instagram.com

Subject Issuer	Validity	Valid
*.sangfor.com Certainly Intermediate R1	`2024-09-27` - `2024-10-27`	a month	crt.sh
consent.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2024-02-28` - `2025-02-27`	a year	crt.sh
*.google-analytics.com WR2	`2024-09-24` - `2024-12-17`	3 months	crt.sh
unpkg.com WE1	`2024-09-25` - `2024-12-24`	3 months	crt.sh
www.google.com WR2	`2024-09-24` - `2024-12-17`	3 months	crt.sh
*.en25.com DigiCert TLS RSA SHA256 2020 CA1	`2024-07-30` - `2025-07-29`	a year	crt.sh
*.sangfor.com.cn GeoTrust CN RSA CA G1	`2024-01-24` - `2025-02-23`	a year	crt.sh
*.gstatic.com WR2	`2024-09-24` - `2024-12-17`	3 months	crt.sh
*.t.eloqua.com DigiCert TLS RSA SHA256 2020 CA1	`2024-03-26` - `2025-04-10`	a year	crt.sh
*.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2024-02-26` - `2025-02-26`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-07-19` - `2024-10-17`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
*.google.com WR2	`2024-09-24` - `2024-12-17`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-09-24` - `2024-12-17`	3 months	crt.sh
*.doubleclick.net WR2	`2024-09-24` - `2024-12-17`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-09-11` - `2025-03-11`	6 months	crt.sh
ipapi.co WE1	`2024-09-02` - `2024-12-01`	3 months	crt.sh
wa.arounddeal.com E6	`2024-10-08` - `2025-01-06`	3 months	crt.sh
images.sangfor.com Go Daddy Secure Certificate Authority - G2	`2024-04-23` - `2025-05-21`	a year	crt.sh

This page contains 8 frames:

Primary Page: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Frame ID: 30B96A82D19CC759708978759C1817F4
Requests: 121 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: 99C1160CC4D7E69722CE71573109279B
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LczTogeAAAAAA5eA9bXICZ0-6LDyr2C5kFjBakY&co=aHR0cHM6Ly93d3cuc2FuZ2Zvci5jb206NDQz&hl=en&v=aR-zv8WjtWx4lAw-tRCA-zca&size=invisible&cb=vljq0dcu40lx
Frame ID: 1A07B58139662C3CEA85E322C23136C6
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LczTogeAAAAAA5eA9bXICZ0-6LDyr2C5kFjBakY&co=aHR0cHM6Ly93d3cuc2FuZ2Zvci5jb206NDQz&hl=en&v=aR-zv8WjtWx4lAw-tRCA-zca&size=invisible&cb=vljq0dcu40lx
Frame ID: 33B63570B69569514A7C04E129FC1045
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-21N5DLV7PF&gacid=1356314022.1728564116&gtm=45je4a70v894187644za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101529666~101671035~101686685&z=944713237
Frame ID: FCEE1C84230509CD0E02F7EED1799B56
Requests: 2 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/658559639?random=1728564116176&cv=11&fst=1728564116176&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a70v888876710z8834067541za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&npa=0&us_privacy=1YNY&pscdl=noapi&auid=792902792.1728564116&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: AB7C039E21E82EEB0BC77AD3D7E7542D
Requests: 2 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-SS797RGCZV&gacid=1356314022.1728564116&gtm=45be4a70v888876710z8834067541za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101671035~101686685&z=2107041512
Frame ID: DB6128963374EEDB3020AAC907999B3A
Requests: 2 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/11481739312?random=1728564116303&cv=11&fst=1728564116303&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a70v9176098020za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&did=dMDhkMT&gdid=dMDhkMT&npa=0&us_privacy=1YNY&pscdl=noapi&auid=792902792.1728564116&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config%3Bpage_placeholder%3DPLACEHOLDER_page_location
Frame ID: 1AE6DEC18EFDBEE165917C8480DAE3C4
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

New RCRU64 Ransomware Variant Discovered by Sangfor FarSight Labs | Sangfor

Detected technologies

Alpine.js (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

/alpine(?:\.min)?\.js

Cookiebot (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

consent\.cookiebot\.com

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

131
Requests

95 %
HTTPS

62 %
IPv6

17
Domains

25
Subdomains

27
IPs

3
Countries

3142 kB
Transfer

7680 kB
Size

17
Cookies

40 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cookiebot.com/en/what-is-behind-powered-by-cookiebot/

Search URL Search Domain Scan URL

URL: https://www.cookiebot.com/goto/privacy-policy/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.gartner.com/en/about/policies/privacy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://business.safety.google/privacy/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/legal/privacy-policy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.spreaker.com/privacy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.statista.com/imprint/#privacy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.surveymonkey.co.uk/mp/legal/privacy-policy/?ut_source=footer
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.hotjar.com/legal/policies/privacy/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://newrelic.com/termsandconditions/privacy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.facebook.com/policy.php/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.oracle.com/legal/privacy/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.cookiebot.com/
Title: Cookiebot

Search URL Search Domain Scan URL

URL: https://www.sangfor.com.cn/
Title: ● Chinese (中文)

Search URL Search Domain Scan URL

URL: https://sangfor.co.kr/
Title: ● Korean (한국어)

Search URL Search Domain Scan URL

URL: https://sangfor.es/
Title: ● Spanish (Español)

Search URL Search Domain Scan URL

URL: https://sangfor.it/
Title: ● Italy (Italiano)

Search URL Search Domain Scan URL

URL: https://sangfor.co.th/
Title: ● Thai (ไทย)

Search URL Search Domain Scan URL

URL: https://sangfor.id/
Title: ● Indonesian (Bahasa ID)

Search URL Search Domain Scan URL

URL: https://sangfor.com.tr/
Title: ● Turkish (Türkiye)

Search URL Search Domain Scan URL

URL: https://community.sangfor.com/
Title: Sangfor Support Community

Search URL Search Domain Scan URL

URL: https://supportportal.sangfor.com/#/login
Title: Open a Support Ticket

Search URL Search Domain Scan URL

URL: https://community.sangfor.com/plugin.php?id=sangfor_databases%3Aindex
Title: Sangfor Technical Documents

Search URL Search Domain Scan URL

URL: https://direct.lc.chat/9691255/1
Title: Sangfor Live Chat

Search URL Search Domain Scan URL

URL: https://partnerportal.sangfor.com/securePartner/
Title: Sangfor Partner Portal

Search URL Search Domain Scan URL

URL: https://community.sangfor.com/member.php?mod=logging&action=login&from=elearning
Title: Partner e-Learning

Search URL Search Domain Scan URL

URL: https://active.sangfor.com/feedback-and-complaint
Title: Submit a Feedback

Search URL Search Domain Scan URL

URL: https://connect.sangfor.com/cyberratings-enterprise-firewall-test-2024?utm_source=Website&utm_medium=Sangfor
Title: DOWNLOAD THE REPORT

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant&title=new-rcru64-ransomware-variant&summary=new-rcru64-ransomware-variant&source=https://www.sangfor.com

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Sangfor

Search URL Search Domain Scan URL

URL: https://twitter.com/SANGFOR

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/sangfor-technologies

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/SangforTechnologies

Search URL Search Domain Scan URL

URL: https://www.instagram.com/sangfortechnologies

Search URL Search Domain Scan URL

URL: https://partnerportal.sangfor.com/securePartner/#/login
Title: Sangfor Partner Portal

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Sangfor/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCeCn-ronoA24BDRtzAvjuaQ?sub_confirmation=1

Search URL Search Domain Scan URL

URL: https://www.instagram.com/sangfortechnologies/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 101

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728564116399&li_adsId=a64f50d6-83e9-4fb0-bce8-bc637c747512&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728564116399&li_adsId=a64f50d6-83e9-4fb0-bce8-bc637c747512&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D701411%26time%3D1728564116399%26li_adsId%3Da64f50d6-83e9-4fb0-bce8-bc637c747512%26url%3Dhttps%253A%252F%252Fwww.sangfor.com%252Ffarsight-labs-threat-intelligence%252Fcybersecurity%252Fnew-rcru64-ransomware-variant%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728564116399&li_adsId=a64f50d6-83e9-4fb0-bce8-bc637c747512&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728564116399&li_adsId=a64f50d6-83e9-4fb0-bce8-bc637c747512&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&cookiesTest=true&liSync=true&e_ipv6=AQK54P7KhdBzbQAAAZJ2cz8-1Ad5jVC7HzripC9vaqlbLSasBnI4iWz_xAh8h13sQgTVEA

Request Chain 132

https://s757079.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=757079&ref2=elqNone&tzo=600&ms=536&optin=disabled HTTP 302
https://s757079.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=757079&ref2=elqNone&tzo=600&ms=536&optin=disabled&elqCookie=1

131 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request new-rcru64-ransomware-variant Show response
www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/ 283 KB
53 KB 1021ms
572ms Document
text/html 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

b8eb5aa49efc632c5ea4db0f1104d5f63448c63516704ca065c0fb5704129675

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 21516
cache-control: max-age=21600, public
content-encoding: gzip
content-language: en
content-length: 53482
content-type: text/html; charset=UTF-8
date: Thu, 10 Oct 2024 12:41:54 GMT
etag: W/"1728542597"
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Thu, 10 Oct 2024 06:43:17 GMT
link: <https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant>; rel="canonical"
permissions-policy: interest-cohort=()
server: nginx
strict-transport-security: max-age=300
vary: Accept-Encoding, Cookie, Cookie, Cookie
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: HIT, MISS, MISS
x-cache-hits: 6, 0, 0
x-content-type-options: nosniff
x-drupal-cache: MISS
x-drupal-dynamic-cache: MISS
x-frame-options: SAMEORIGIN
x-generator: Drupal 9 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-hh9nd
x-served-by: cache-ams21062-AMS, cache-lax-kwhp1940116-LAX, cache-lax-kwhp1940135-LAX
x-styx-req-id: ee9dbea6-86d2-11ef-8218-3208fd4d7f88
x-timer: S1728564114.942073,VS0,VE499
x-ua-compatible: IE=edge

GET
H2 200 uc.js Show response
consent.cookiebot.com/ 110 KB
34 KB 592ms
291ms Script
application/javascript 2600:141b:1c00:16::17c4:309
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/uc.js
Requested by: Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:16::17c4:309 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: b30b70e2067e407e427ac15a978091acb030d9b2db360ea2a3ce3eec6ef474e5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

access-control-expose-headers: Request-Context
cache-control: public, max-age=427
content-encoding: gzip
etag: "42d4c62e8219db1:0"
cross-origin-resource-policy: cross-origin
request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
expires: Thu, 10 Oct 2024 12:49:01 GMT
accept-ranges: bytes
content-length: 34515
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 13:01:25 GMT
vary: Accept-Encoding

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 208 KB
75 KB 887ms
605ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-15510522-1

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

791039d1e1d70d879ee2f7f5b818d2e8207cd99f6b5655b11db8c9a4c8b9c907

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 10 Oct 2024 12:41:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 10 Oct 2024 12:41:55 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 76595
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 css_9m8-tA3IQf8ThlLQYTTZUyEweCvyR908Tg0XCbKYOfY.css
www.sangfor.com/sites/default/files/css/ 7 KB
2 KB 84ms
81ms Stylesheet
text/css 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/sites/default/files/css/css_9m8-tA3IQf8ThlLQYTTZUyEweCvyR908Tg0XCbKYOfY.css

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

f66f3eb40dc841ff138652d06134d9532130782bf247dd3c4e0d1709b29839f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-59f96d5596-thd5g
content-encoding: gzip
etag: W/"66e3ad6f-1b00"
age: 38268
expires: Tue, 23 Sep 2025 00:47:15 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: text/css
last-modified: Fri, 13 Sep 2024 03:11:43 GMT
x-served-by: cache-ams21040-AMS, cache-lax-kwhp1940098-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 34, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.524796,VS0,VE7
x-styx-req-id: 363489ad-787c-11ef-9be8-dad7acecdb5d
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 2153
server: nginx

GET
H2 200 css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css
www.sangfor.com/sites/default/files/css/ 254 KB
45 KB 85ms
82ms Stylesheet
text/css 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ca976922a5bc02835846fc4b6243e2f110320afe24279c3dc022d4df3c24a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5644f9474c-t5trq
content-encoding: gzip
etag: W/"66f56a4e-3f7a5"
age: 38268
expires: Sat, 27 Sep 2025 14:06:07 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: text/css
last-modified: Thu, 26 Sep 2024 14:06:06 GMT
x-served-by: cache-ams21022-AMS, cache-lax-kwhp1940034-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 55, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.524767,VS0,VE8
x-styx-req-id: 799712e0-7c10-11ef-ae48-9e12fbb5ed48
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 46063
server: nginx

GET
H2 200 js_DnvkTEg3ZbpAvbj7eRQvcDWT9BHsE4-MJYsCXEbFg8A.js Show response
www.sangfor.com/sites/default/files/js/ 9 KB
3 KB 79ms
77ms Script
application/x-javascript 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/sites/default/files/js/js_DnvkTEg3ZbpAvbj7eRQvcDWT9BHsE4-MJYsCXEbFg8A.js

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

0e7be44c483765ba40bdb8fb79142f703593f411ec138f8c258b025c46c583c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-86bbdf8544-5szxp
content-encoding: gzip
etag: W/"66f0ca9b-259c"
age: 38268
expires: Sat, 27 Sep 2025 01:12:22 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: application/x-javascript
last-modified: Mon, 23 Sep 2024 01:55:39 GMT
x-served-by: cache-ams2100091-AMS, cache-lax-kwhp1940020-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 3, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.525241,VS0,VE6
x-styx-req-id: 6215a1cf-7ba4-11ef-8987-c21f800a9ee7
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 3185
server: nginx

GET
H2 200 min.js Show response
unpkg.com/@ungap/url-search-params@0.2.2/ 4 KB
3 KB 251ms
94ms Script
application/javascript 2606:4700::6811:f5cb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/@ungap/url-search-params@0.2.2/min.js

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:f5cb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65caebd5a0a65049f5509277b50ec0b57e5b087c08ca8ba7c65e2a4643f7a08a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "112b-YrUV36eppRXZgpD0iI7NtWvmFK0"
age: 17770624
x-content-type-options: nosniff
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HS9KSZWFYDYKXGS1S5NSY842-lax
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000
via: 1.1 fly.io
cf-ray: 8d06aff4beab2f7f-LAX
access-control-allow-origin: *
server: cloudflare

GET
H2 200 js_yBWa1rtNCgnUGgvuctTEhrLMfO_6qC-cCY7JJAoD2ig.js Show response
www.sangfor.com/sites/default/files/js/ 2 KB
941 B 83ms
81ms Script
application/x-javascript 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/sites/default/files/js/js_yBWa1rtNCgnUGgvuctTEhrLMfO_6qC-cCY7JJAoD2ig.js

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c8159ad6bb4d0a09d41a0bee72d4c486b2cc7ceffaa82f9c098ec9240a03da28

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-c65c4c55-9tcfg
content-encoding: gzip
etag: W/"66f0ca9b-721"
age: 38268
expires: Thu, 25 Sep 2025 06:43:54 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: application/x-javascript
last-modified: Mon, 23 Sep 2024 01:55:39 GMT
x-served-by: cache-ams21070-AMS, cache-lax-kwhp1940145-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.525164,VS0,VE6
x-styx-req-id: 5e2ca6cd-7a40-11ef-927a-1a02874bc4b6
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 711
server: nginx

GET
H2 200 languages.png
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/ 168 B
539 B 74ms
73ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/languages.png

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

19ba61e585dc696f1222273bb4dea2f9ea0475e7e587fc41f09a9f6a5d0100e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-796985df48-m7flh
fastly-io-info: ifsz=341 idim=16x16 ifmt=png ofsz=168 odim=16x16 ofmt=webp
etag: "Orb1dmJDFtP/N6yT675aKKOa6zcmdgPShBSZpcNIYOo"
age: 1985028
expires: Sun, 07 Sep 2025 19:36:18 GMT
x-cache: MISS, MISS, HIT, HIT
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams2100109-AMS, cache-chi-klot8100067-CHI, cache-chi-kigq8000104-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 971, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.525155,VS0,VE1
x-styx-req-id: 497a19d6-6c87-11ef-bc6c-0ab8f0a9d395
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 168
fastly-io-served-by: vpop-kiad7010210
server: nginx

GET
H2 200 languages-sticky.png
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/ 216 B
675 B 73ms
72ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/languages-sticky.png

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

284aa1609b16851463de01ab149eb88b09375632c13713e662e0830abddf8bec

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-5f576dcdd9-cw48b
fastly-io-info: ifsz=496 idim=16x16 ifmt=png ofsz=216 odim=16x16 ofmt=webp
etag: "dO9oA19TM1eYAGDkkCUlSCnaB/KGW6gs2NTNH83AEaw"
age: 2912737
expires: Sun, 07 Sep 2025 19:32:29 GMT
x-cache: HIT, MISS, HIT, HIT
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams2100089-AMS, cache-chi-kigq8000084-CHI, cache-chi-klot8100097-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 506, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.525106,VS0,VE1
x-styx-req-id: c0f43d7f-6c86-11ef-b380-c656f0ebc924
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 216
fastly-io-served-by: vpop-kiad7010211
server: nginx

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 346 KB
111 KB 895ms
870ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MCTHSDB

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

734190fa5b8be45729201c5b52530a9beab034b5e6cfb05dc2010ee17836f9f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Thu, 10 Oct 2024 12:41:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 10 Oct 2024 12:41:55 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 10 Oct 2024 12:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 113758
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 New%20RCRU64%20Ransomware%20Variant4074.jpg
www.sangfor.com/sites/default/files/inline-images/ 39 KB
39 KB 133ms
132ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant4074.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

8c861ea0c6c43eb8839b5dcbb171bc584c342268fcb203ab9c45d339fd7f400e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-5f576dcdd9-xxc59
fastly-io-info: ifsz=74401 idim=830x512 ifmt=jpeg ofsz=39704 odim=830x512 ofmt=webp
etag: "vPRJY3tyG0wUr0caBLNxjgQn8TjEXxhY9SyEHv8aZaw"
age: 685091
expires: Fri, 15 Aug 2025 13:09:01 GMT
x-cache: MISS, HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams21070-AMS, cache-chi-klot8100129-CHI, cache-chi-kigq8000130-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 5, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.599968,VS0,VE59
x-styx-req-id: 5fcecb27-5a3e-11ef-8652-da0a288f74ff
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 39704
fastly-io-served-by: vpop-kiad7010211
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant4134.jpg
www.sangfor.com/sites/default/files/inline-images/ 25 KB
25 KB 268ms
255ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant4134.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

30b0f26470c915ef09c50d127690c860685641df1f66409f0aec3d260186d388

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-5f576dcdd9-kc686
fastly-io-info: ifsz=54446 idim=831x431 ifmt=jpeg ofsz=25392 odim=831x431 ofmt=webp
etag: "P7QTR8TyVfDk+j1pWwH7J1BlajfY/wzSoGkOQ+g33io"
age: 1478837
expires: Tue, 26 Aug 2025 03:57:06 GMT
x-cache: MISS, HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams21060-AMS, cache-chi-klot8100068-CHI, cache-chi-klot8100068-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 8, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.790366,VS0,VE62
x-styx-req-id: 1894c842-6296-11ef-a932-3a5fb9dd45f7
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 25392
fastly-io-served-by: vpop-kiad7010217
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant4171.jpg
www.sangfor.com/sites/default/files/inline-images/ 33 KB
33 KB 304ms
292ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant4171.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

43a82cd8f2c063b414db0ad551d1c7a2ec384f4347d300609e5b490b4c8c40a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-86bbdf8544-w54cj
fastly-io-info: ifsz=62172 idim=831x242 ifmt=jpeg ofsz=33796 odim=831x242 ofmt=webp
etag: "c2G0NlxLVy/fGyp2Obg7AYzArew1O0MAJyU7C4OvAwI"
age: 893359
expires: Wed, 01 Oct 2025 04:32:35 GMT
x-cache: HIT, MISS, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams2100108-AMS, cache-chi-klot8100120-CHI, cache-chi-klot8100090-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 3, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.791165,VS0,VE63
x-styx-req-id: 042829b3-7ee5-11ef-980d-c25078f00740
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 33796
fastly-io-served-by: vpop-kiad7010249
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant4571.jpg
www.sangfor.com/sites/default/files/inline-images/ 40 KB
41 KB 554ms
542ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant4571.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cc639c62a725f411cbfa123171585ae887e67acbfc7cec1aadb033eeb4c998a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-c65c4c55-lpzvk
fastly-io-info: ifsz=81306 idim=831x484 ifmt=jpeg ofsz=41406 odim=831x484 ofmt=webp
etag: "GGEwZRoISTnJoPukjMTxcNlZHt9u4oZ6/SHfmJyIsqw"
age: 254003
expires: Sun, 14 Sep 2025 18:39:14 GMT
x-cache: MISS, HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams21042-AMS, cache-chi-kigq8000114-CHI, cache-chi-klot8100153-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 3, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.791136,VS0,VE98
x-styx-req-id: 798aeb40-71ff-11ef-9e40-5a355862b94c
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 41406
fastly-io-served-by: img06-us-east4
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant4798.jpg
www.sangfor.com/sites/default/files/inline-images/ 12 KB
12 KB 366ms
354ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant4798.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c7e56b6438ce7b0803d9c06b7ee1c8ce6db280dac58e0f8f56490336c2bec194

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-84d775db57-6h676
fastly-io-info: ifsz=24948 idim=830x200 ifmt=jpeg ofsz=12140 odim=830x200 ofmt=webp
etag: "C09xH7m9zhhbkyAVmMrUt++pwRn0MxhMLt4I+a7V7Js"
age: 254003
expires: Wed, 08 Oct 2025 14:08:31 GMT
x-cache: MISS, MISS, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams21082-AMS, cache-chi-kigq8000041-CHI, cache-chi-klot8100051-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 2, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.791102,VS0,VE66
x-styx-req-id: a25f22bf-84b5-11ef-918d-de3234677e8a
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 12140
fastly-io-served-by: vpop-kiad7010229
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant4881.jpg
www.sangfor.com/sites/default/files/inline-images/ 23 KB
23 KB 179ms
168ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant4881.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

1dae51845d58e1f038ca809955fa1f4a3b2114a05d9071a06ffe5f3e2d2dc816

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-5f576dcdd9-7thdz
fastly-io-info: ifsz=46360 idim=731x499 ifmt=jpeg ofsz=23552 odim=731x499 ofmt=webp
etag: "OibGN3fOnaBskhGe1Byo3OdrqTiuP1PF1dLfdykJOgQ"
age: 1478837
expires: Fri, 15 Aug 2025 13:09:01 GMT
x-cache: MISS, MISS, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams21048-AMS, cache-chi-kigq8000101-CHI, cache-chi-kigq8000164-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 9, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.791078,VS0,VE58
x-styx-req-id: 5fea3c14-5a3e-11ef-8bfb-8e36a993e3a1
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 23552
fastly-io-served-by: vpop-kiad7010215
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant5081.jpg
www.sangfor.com/sites/default/files/inline-images/ 12 KB
12 KB 303ms
291ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant5081.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

1ab18b6349502e2ff94ae18400f17f3e453a7f14dd3ba45f88751e78ddc47a0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5644f9474c-2sw7v
fastly-io-info: ifsz=21824 idim=820x94 ifmt=jpeg ofsz=12388 odim=820x94 ofmt=webp
etag: "jrQJMi5d8tKYSCSSfmbam95QUrEjXBhlzSIj3xLhajM"
age: 893359
expires: Wed, 01 Oct 2025 04:32:35 GMT
x-cache: HIT, MISS, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams2100105-AMS, cache-chi-klot8100148-CHI, cache-chi-klot8100127-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 3, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.791036,VS0,VE63
x-styx-req-id: 0427de6f-7ee5-11ef-8cee-12ad23927ad3
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 12388
fastly-io-served-by: vpop-kiad7010231
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant5263.jpg
www.sangfor.com/sites/default/files/inline-images/ 30 KB
30 KB 178ms
167ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant5263.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

6e8ea35cfdff4770e3e0d3c98e9e78f8818f4c5f44561274dca027fd1e3fe41b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-c65c4c55-z6qqz
fastly-io-info: ifsz=55526 idim=831x286 ifmt=jpeg ofsz=30618 odim=831x286 ofmt=webp
etag: "Io2bOiL68s5uO9ipMHXRrlv2V3UJ2LcQUeubzpjH7i0"
age: 1478837
expires: Wed, 17 Sep 2025 08:25:56 GMT
x-cache: HIT, HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams21031-AMS, cache-chi-kigq8000048-CHI, cache-chi-kigq8000048-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 8, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.790973,VS0,VE58
x-styx-req-id: 4bcb0056-7405-11ef-88a4-6237ede9c4d6
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 30618
fastly-io-served-by: vpop-kiad7010213
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant5647.jpg
www.sangfor.com/sites/default/files/inline-images/ 43 KB
44 KB 266ms
255ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant5647.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

acc56b2df173f77e03fbd422205fa16c2067e01f996313c37d301146f12d67cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-796985df48-p55wm
fastly-io-info: ifsz=79416 idim=831x397 ifmt=jpeg ofsz=44428 odim=831x397 ofmt=webp
etag: "iOZqCxWV7xxYn+vnL5F/Yfq8hwWrvZUg1h/U+4if7jU"
age: 1478837
expires: Wed, 03 Sep 2025 03:59:38 GMT
x-cache: MISS, MISS, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams21063-AMS, cache-chi-klot8100161-CHI, cache-chi-kigq8000164-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 10, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.790936,VS0,VE59
x-styx-req-id: c6856691-68df-11ef-8016-76ae21b829dd
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 44428
fastly-io-served-by: vpop-kiad7010214
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant5977.jpg
www.sangfor.com/sites/default/files/inline-images/ 14 KB
15 KB 177ms
166ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant5977.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

76383787d84ba9588f39fa845cfd80b0d645719f3f9ac32be4fc92b18b1d148c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5b9775c78-49rqw
fastly-io-info: ifsz=23076 idim=830x64 ifmt=jpeg ofsz=14556 odim=830x64 ofmt=webp
etag: "Zexde0HuUaT2CwLLb7LdM3qMjjkQ8BcwCCLpy5PZ4gE"
age: 254003
expires: Wed, 08 Oct 2025 14:08:32 GMT
x-cache: MISS, MISS, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams2100097-AMS, cache-chi-klot8100111-CHI, cache-chi-kigq8000020-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 2, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.791797,VS0,VE57
x-styx-req-id: a260db97-84b5-11ef-991b-de16ede6e430
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 14556
fastly-io-served-by: vpop-kiad7010250
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant6104.jpg
www.sangfor.com/sites/default/files/inline-images/ 31 KB
31 KB 266ms
255ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant6104.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

9e337c7f8bc51113fb2f0eb2585f03a7b3b0588f3661a2f51c4025d4b17d2a40

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5644f9474c-2sw7v
fastly-io-info: ifsz=56532 idim=831x316 ifmt=jpeg ofsz=31590 odim=831x316 ofmt=webp
etag: "ke4re1m6hv/HbPouLNvhu1imkl737YF0ZGemlLz7TVU"
age: 893359
expires: Wed, 01 Oct 2025 04:32:35 GMT
x-cache: HIT, MISS, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams21075-AMS, cache-chi-klot8100062-CHI, cache-chi-klot8100147-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 2, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.791754,VS0,VE62
x-styx-req-id: 0427f13c-7ee5-11ef-8cee-12ad23927ad3
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 31590
fastly-io-served-by: vpop-kiad7010212
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant6371.jpg
www.sangfor.com/sites/default/files/inline-images/ 13 KB
13 KB 554ms
544ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant6371.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

6fbbf1e444fd365c5c0d4c96461eee486e5a33784b3f199d92fe69567e932770

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-796985df48-m7flh
fastly-io-info: ifsz=29122 idim=830x180 ifmt=jpeg ofsz=12948 odim=830x180 ofmt=webp
etag: "Qeby48NyJPPXHAxu5JE2sRFoEgoQYlbscAIciKOJBgg"
age: 1478837
expires: Mon, 01 Sep 2025 21:56:56 GMT
x-cache: MISS, MISS, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams2100145-AMS, cache-chi-klot8100153-CHI, cache-chi-kigq8000148-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 10, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.860685,VS0,VE60
x-styx-req-id: f072e77a-67e3-11ef-bc6c-0ab8f0a9d395
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 12948
fastly-io-served-by: vpop-kiad7010250
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant6539.jpg
www.sangfor.com/sites/default/files/inline-images/ 11 KB
12 KB 552ms
542ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant6539.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3c3b0fdb91418f8c6538ec2a686c6d49b619494effc576611c2ccdb1440e7b2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-c65c4c55-9tcfg
fastly-io-info: ifsz=24600 idim=831x124 ifmt=jpeg ofsz=11728 odim=831x124 ofmt=webp
etag: "FcRwIJhQo/stYvJ8o0FIOctQlq63PyuC/+0xLvM8CWY"
age: 254003
expires: Sun, 14 Sep 2025 18:39:14 GMT
x-cache: MISS, HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams2100105-AMS, cache-chi-kigq8000119-CHI, cache-chi-kigq8000093-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 2, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.860664,VS0,VE57
x-styx-req-id: 799847db-71ff-11ef-927a-1a02874bc4b6
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 11728
fastly-io-served-by: vpop-kiad7010214
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant7581.jpg
www.sangfor.com/sites/default/files/inline-images/ 23 KB
23 KB 552ms
542ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant7581.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

dd33484b1c193c68f5616a406865d1754ca67353899a46ce65400470a7dd084c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-c65c4c55-7skd9
fastly-io-info: ifsz=36874 idim=830x169 ifmt=jpeg ofsz=23290 odim=830x169 ofmt=webp
etag: "Lt8vLYHkDb4MjZ51SnSuHZFBL5TCVoSpT4YaWIkZoqU"
age: 1478837
expires: Wed, 17 Sep 2025 08:25:57 GMT
x-cache: HIT, HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams2100087-AMS, cache-chi-kigq8000104-CHI, cache-chi-kigq8000104-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 8, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.860646,VS0,VE56
x-styx-req-id: 4c21346c-7405-11ef-aa69-a6bd2d28ddea
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 23290
fastly-io-served-by: vpop-kiad7010247
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant7855.jpg
www.sangfor.com/sites/default/files/inline-images/ 46 KB
46 KB 555ms
545ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant7855.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

a8342a4c16e3fddd19edb61bdf17e984a875a520d408e9ff24f989d8ee4b4021

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5b9775c78-s5hrd
fastly-io-info: ifsz=72346 idim=830x246 ifmt=jpeg ofsz=46668 odim=830x246 ofmt=webp
etag: "Q2FYjyjc1deswf5p73lKHRQPeCqY8ptIylcg4v7IC9k"
age: 540998
expires: Sun, 05 Oct 2025 06:25:17 GMT
x-cache: MISS, MISS, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams2100147-AMS, cache-chi-kigq8000136-CHI, cache-chi-klot8100153-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 2, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.860628,VS0,VE80
x-styx-req-id: 6c2c45c0-8219-11ef-af2b-0af51c2c7f7c
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 46668
fastly-io-served-by: vpop-kiad7010231
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant8022.jpg
www.sangfor.com/sites/default/files/inline-images/ 19 KB
19 KB 552ms
542ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant8022.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5b63874935b493559810133aff35028591cd64ce758994e710d8347a4b0d401d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5644f9474c-h4wt2
fastly-io-info: ifsz=35298 idim=830x240 ifmt=jpeg ofsz=19248 odim=830x240 ofmt=webp
etag: "8muIL594oCMAqUuUyQ/82J6BPDxkKi0Qout42YRZV5s"
age: 893359
expires: Wed, 01 Oct 2025 04:32:35 GMT
x-cache: HIT, MISS, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams21067-AMS, cache-chi-klot8100046-CHI, cache-chi-kigq8000155-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 3, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.860612,VS0,VE57
x-styx-req-id: 04278146-7ee5-11ef-9df6-bef268001cb5
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 19248
fastly-io-served-by: vpop-kiad7010213
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant8432.jpg
www.sangfor.com/sites/default/files/inline-images/ 15 KB
15 KB 553ms
544ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant8432.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5b34b175179a2b7207902dfb82f3bd5ddcecffed15372771abc7ac81941a89a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-59f96d5596-qrghr
fastly-io-info: ifsz=28264 idim=831x232 ifmt=jpeg ofsz=15324 odim=831x232 ofmt=webp
etag: "lIuWvobaZIDyAC5buxJLShklxVLXTMVp55hqZSNrM3E"
age: 684034
expires: Sun, 14 Sep 2025 18:39:14 GMT
x-cache: HIT, MISS, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams2100109-AMS, cache-chi-klot8100022-CHI, cache-chi-kigq8000083-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 3, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.860588,VS0,VE62
x-styx-req-id: 799a2be2-71ff-11ef-9d35-86258012481b
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 15324
fastly-io-served-by: vpop-kiad7010248
server: nginx

GET
H2 200 image%201_0_0.png
www.sangfor.com/sites/default/files/inline-images/ 120 KB
121 KB 553ms
544ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/image%201_0_0.png

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

ebaccbb59ffac8f54448f61dae2a3cca80036be36348f2e116d25056d83a7e76

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-7d6684fc85-mvp8s
fastly-io-info: ifsz=133580 idim=723x785 ifmt=png ofsz=122622 odim=723x785 ofmt=webp
etag: "gDqVcMmzx4aBADq1m1o8KL+mIEKwUJzf0J5x5V6FMLg"
age: 684034
expires: Fri, 03 Oct 2025 14:41:20 GMT
x-cache: MISS, MISS, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams21045-AMS, cache-chi-klot8100099-CHI, cache-chi-klot8100118-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 3, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.860569,VS0,VE65
x-styx-req-id: 63955fb0-80cc-11ef-876a-32120c29c299
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 122622
fastly-io-served-by: vpop-kiad7010217
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant15503.jpg
www.sangfor.com/sites/default/files/inline-images/ 27 KB
27 KB 552ms
543ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant15503.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

42fcc2e1fa91f2656f4fe39ab0ce936e6358d9ea1a3847baa4abaeb30fc6340e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-6995bc9c6b-vbkmq
fastly-io-info: ifsz=51293 idim=807x663 ifmt=jpeg ofsz=27248 odim=807x663 ofmt=webp
etag: "7oYqFKix13JQrRx6N1tLlMUjUgeU4mkX2nn7pJMAOmo"
age: 1478837
expires: Thu, 07 Aug 2025 11:12:57 GMT
x-cache: MISS, MISS, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams2100093-AMS, cache-chi-klot8100045-CHI, cache-chi-kigq8000092-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 9, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.860546,VS0,VE60
x-styx-req-id: d5938363-53e4-11ef-aca7-42e95ec37499
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 27248
fastly-io-served-by: vpop-kiad7010211
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant16236_1.jpg
www.sangfor.com/sites/default/files/inline-images/ 44 KB
44 KB 553ms
545ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant16236_1.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

4ef8764b15fc01e7dab43f9b379996e763ecee58df1115f69142d4db17194cbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-5f576dcdd9-zz8fm
fastly-io-info: ifsz=83145 idim=831x924 ifmt=jpeg ofsz=44732 odim=831x924 ofmt=webp
etag: "tTpGMS/2xK9gWgck5klJhzw2BvYTtt8cBeInq86lOh4"
age: 685091
expires: Fri, 05 Sep 2025 14:37:03 GMT
x-cache: MISS, HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams2100141-AMS, cache-chi-klot8100049-CHI, cache-chi-klot8100058-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 4, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.860522,VS0,VE66
x-styx-req-id: 270040e7-6acb-11ef-bcc9-e60246f3375c
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 44732
fastly-io-served-by: vpop-kiad7010229
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant16834.jpg
www.sangfor.com/sites/default/files/inline-images/ 85 KB
85 KB 554ms
545ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant16834.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

a9794eb161a19e97283a6b27ad43932837f5638f85a3cf08cec9ef6a9cd9c721

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-c65c4c55-z6qqz
fastly-io-info: ifsz=141119 idim=830x600 ifmt=jpeg ofsz=86580 odim=830x600 ofmt=webp
etag: "x9tzINiSFzkUDyQK2HpStDcz4U6ZE17j80w23GmY8Cg"
age: 2088955
expires: Wed, 17 Sep 2025 08:25:58 GMT
x-cache: HIT, MISS, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams2100091-AMS, cache-chi-klot8100154-CHI, cache-chi-klot8100089-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 7, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.860514,VS0,VE82
x-styx-req-id: 4cef31c4-7405-11ef-88a4-6237ede9c4d6
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 86580
fastly-io-served-by: vpop-kiad7010214
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant16895.jpg
www.sangfor.com/sites/default/files/inline-images/ 72 KB
73 KB 552ms
544ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant16895.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cedb71958c703923a2df24aff20e6250b7d506e60c5f8931f5f4a82ff3f8cef4

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-59f96d5596-5kz6f
fastly-io-info: ifsz=128436 idim=830x1006 ifmt=jpeg ofsz=73896 odim=830x1006 ofmt=webp
etag: "+hFf3vdZnXdr57/p5mLpKZ7/RofFj06bn9/MLZ7KbjE"
age: 684034
expires: Wed, 24 Sep 2025 09:54:37 GMT
x-cache: MISS, HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams2100103-AMS, cache-chi-klot8100153-CHI, cache-chi-klot8100114-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 3, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.860495,VS0,VE62
x-styx-req-id: d8577c20-7991-11ef-904b-2a95c218e6a7
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 73896
fastly-io-served-by: vpop-kiad7010217
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant18132.jpg
www.sangfor.com/sites/default/files/inline-images/ 67 KB
67 KB 551ms
543ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant18132.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

eafbdcc4eab9ccd535cebb16f2f960eecc341496cc3edede446bf5d90321660b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-59f96d5596-qrghr
fastly-io-info: ifsz=110828 idim=831x355 ifmt=jpeg ofsz=68464 odim=831x355 ofmt=webp
etag: "jCs1QW0BsNX9awyoU5s8yLfnIGSxvWr/qlWl4SWlAXo"
age: 774513
expires: Wed, 24 Sep 2025 09:54:37 GMT
x-cache: MISS, HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams2100117-AMS, cache-chi-klot8100155-CHI, cache-chi-kigq8000160-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 4, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862885,VS0,VE59
x-styx-req-id: d857f080-7991-11ef-9d35-86258012481b
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 68464
fastly-io-served-by: vpop-kiad7010210
server: nginx

GET
H2 200 2.4%20Sangfor%20Solution.jpg
www.sangfor.com/sites/default/files/inline-images/ 91 KB
92 KB 553ms
545ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/2.4%20Sangfor%20Solution.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

ec1637554b155c6bec0d5c076d76866f2e584c17d2dbd4c55f7cc13c6477b210

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-c65c4c55-9tcfg
fastly-io-info: ifsz=101788 idim=1000x903 ifmt=jpeg ofsz=93364 odim=1000x903 ofmt=webp
etag: "PEHlSlbLdB49DZRbsrcpOFMDCeLSmyeT7shOibnnM/Y"
age: 774513
expires: Wed, 24 Sep 2025 09:54:37 GMT
x-cache: MISS, HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams2100085-AMS, cache-chi-klot8100056-CHI, cache-chi-kigq8000094-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 5, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862859,VS0,VE116
x-styx-req-id: d856ab5d-7991-11ef-927a-1a02874bc4b6
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 93364
fastly-io-served-by: vpop-kiad7010212
server: nginx

GET
H2 200 sangfor_building.jpg
www.sangfor.com/sites/default/files/2022-10/ 61 KB
62 KB 540ms
532ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/2022-10/sangfor_building.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

6e0170382d3f256542b6c8142434ace9fe7821d68a10d0be5c4c1e75d4537f76

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-6995bc9c6b-vbkmq
fastly-io-info: ifsz=88048 idim=757x800 ifmt=jpeg ofsz=62830 odim=757x800 ofmt=webp
etag: "sZLorcIigNjolIy2hfswV6k0GHDnNXMotdQ5kW+yg9g"
age: 1285540
expires: Thu, 07 Aug 2025 06:53:40 GMT
x-cache: HIT, HIT, HIT, HIT
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams21073-AMS, cache-chi-klot8100092-CHI, cache-chi-kigq8000109-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 82, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862840,VS0,VE3
x-styx-req-id: 9cf99483-53c0-11ef-aca7-42e95ec37499
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 62830
fastly-io-served-by: vpop-kiad7010227
server: nginx

GET
H2 200 logo-fb.svg
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/ 397 B
534 B 546ms
539ms Image
image/svg+xml 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/logo-fb.svg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

aac00b0dd1b83a91bb40a96104b60a1a76bbf7887ecdc78f824a751533f8d9f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-mqsgn
content-encoding: gzip
etag: W/"670661a5-18d"
age: 38268
expires: Sat, 11 Oct 2025 02:04:07 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/svg+xml
last-modified: Wed, 09 Oct 2024 10:57:41 GMT
x-served-by: cache-ams2100125-AMS, cache-lax-kwhp1940032-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 26, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862829,VS0,VE6
x-styx-req-id: ee89cbf9-86ab-11ef-bce7-5a768933f673
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 275
server: nginx

GET
H2 200 logo-twitter.svg
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/ 596 B
713 B 547ms
540ms Image
image/svg+xml 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/logo-twitter.svg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

fbb8fad500a2857ce80ec8fb10d2d9bcf96becf86d9cbafad061aceae07c2f53

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-hh9nd
content-encoding: gzip
etag: W/"67064b29-254"
age: 38267
expires: Sat, 11 Oct 2025 02:04:06 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/svg+xml
last-modified: Wed, 09 Oct 2024 09:21:45 GMT
x-served-by: cache-ams21025-AMS, cache-lax-kwhp1940131-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 26, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862809,VS0,VE9
x-styx-req-id: ee564509-86ab-11ef-8218-3208fd4d7f88
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 387
server: nginx

GET
H2 200 logo-linkedin.svg
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/ 683 B
599 B 547ms
540ms Image
image/svg+xml 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/logo-linkedin.svg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5a399207c12d45df8892cffc11528a6666e85d182999f90c97f654c1f7b4d5b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-m7f6g
content-encoding: gzip
etag: W/"67064b29-2ab"
age: 38269
expires: Sat, 11 Oct 2025 02:04:06 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/svg+xml
last-modified: Wed, 09 Oct 2024 09:21:45 GMT
x-served-by: cache-ams21029-AMS, cache-lax-kwhp1940038-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 27, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862780,VS0,VE10
x-styx-req-id: ee56dd07-86ab-11ef-9a09-52e503d7f733
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 368
server: nginx

GET
H2 200 icon-youtube-author.svg
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/ 925 B
735 B 543ms
537ms Image
image/svg+xml 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/icon-youtube-author.svg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

818f9cbde752ad72e51413c9230dd1526c1f6ea916c034d597d551ce979f831f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-hh9nd
content-encoding: gzip
etag: W/"670661a5-39d"
age: 38269
expires: Sat, 11 Oct 2025 02:04:06 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/svg+xml
last-modified: Wed, 09 Oct 2024 10:57:41 GMT
x-served-by: cache-ams21067-AMS, cache-lax-kwhp1940074-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 27, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862745,VS0,VE6
x-styx-req-id: ee576341-86ab-11ef-8218-3208fd4d7f88
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 506
server: nginx

GET
H2 200 logo-ig-author.svg
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/ 2 KB
1 KB 544ms
538ms Image
image/svg+xml 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/logo-ig-author.svg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

83bd6fedd1fe68e130019dcc9ac407bc349c9f6f36874716c7e73be94dc9e462

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-m7f6g
content-encoding: gzip
etag: W/"6706f903-7e7"
age: 38268
expires: Sat, 11 Oct 2025 02:04:06 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/svg+xml
last-modified: Wed, 09 Oct 2024 21:43:31 GMT
x-served-by: cache-ams2100126-AMS, cache-lax-kwhp1940041-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 26, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862741,VS0,VE6
x-styx-req-id: ee57e7c0-86ab-11ef-9a09-52e503d7f733
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1017
server: nginx

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 1 KB
1 KB 443ms
162ms Script
text/javascript 2607:f8b0:4006:81e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LczTogeAAAAAA5eA9bXICZ0-6LDyr2C5kFjBakY

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2ef14706d7ea03c01ea58bc28980cd3c345b2814e38d9fa9051d3cccf245bbd8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: private, max-age=300
content-encoding: gzip
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options: nosniff
expires: Thu, 10 Oct 2024 12:41:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date: Thu, 10 Oct 2024 12:41:54 GMT
x-xss-protection: 0
content-type: text/javascript; charset=utf-8
server: ESF
x-frame-options: SAMEORIGIN

GET
H/1.1 200
OK livevalidation_standalone.compressed.js Show response
img06.en25.com/i/ 13 KB
14 KB 451ms
147ms Script
application/x-javascript 23.201.179.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://img06.en25.com/i/livevalidation_standalone.compressed.js

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.201.179.45 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-201-179-45.deploy.static.akamaitechnologies.com

Software

Resource Hash

36ef1cf6246ce3d596a572d7b0e947a7088eefb1af6373f1a0669c9189a6728e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Robots-Tag: noindex, nofollow
Cache-Control: no-store
Pragma: no-cache
ETag: "32e442741dd4da1:0"
Connection: keep-alive
X-Content-Type-Options: nosniff
Expires: Thu, 10 Oct 2024 12:41:55 GMT
Accept-Ranges: bytes
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Length: 13723
X-XSS-Protection: 1; mode=block
Date: Thu, 10 Oct 2024 12:41:55 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 12 Jul 2024 05:36:33 GMT

GET
H/1.1 200
OK c19159723c724342a4382da50f1f4b57.gif
download.sangfor.com.cn/ 9 KB
10 KB 1810ms
146ms Image
image/gif 2607:3f40:ff03::2e
ML-1432-54994

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://download.sangfor.com.cn/c19159723c724342a4382da50f1f4b57.gif?la=zh-CN&rev=a25ec929e048423290e67e4d0fc251ac&hash=D70C6C0954BDC063F85CC911025BBEF0
Requested by: Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2607:3f40:ff03::2e , Canada, ASN54994 (ML-1432-54994, CA),
Reverse DNS
Software: WS-web-server /
Resource Hash: 6879f6200421154baabd4682320d1a1ff600830520ff73697f61c1c8759a6a3f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

X-Reqid: 202126410028724620240525233153S8ofBVwhsampled
x-ws-request-id: 6707cb94_PS-BOS-01zeI38_33241-8758
x-via: 1.1 dianxun58:10 (Cdn Cache Server V2.0), 1.1 hexi29:2 (Cdn Cache Server V2.0), 1.1 PS-BOS-01zeI38:8 (Cdn Cache Server V2.0)
ETag: "Fvo1Tz1ZcS0MNBtuJBgE-dYZksmL"
Age: 759819
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 9481
Date: Thu, 10 Oct 2024 12:41:56 GMT
Content-Type: image/gif;charset=UTF-8
Last-Modified: Wed, 31 Aug 2022 03:37:37 GMT
Server: WS-web-server

GET
H2 200 eloqua.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/eloqua_js/ 5 KB
2 KB 544ms
539ms Script
application/x-javascript 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/eloqua_js/eloqua.js

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

6fe067bf4e83889b5dc2d32f88835854a7e5ee95fec799ba1558a20cfb5e6f3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-wzbxl
content-encoding: gzip
etag: W/"67064b29-1539"
age: 38268
expires: Sat, 11 Oct 2025 02:04:06 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: application/x-javascript
last-modified: Wed, 09 Oct 2024 09:21:45 GMT
x-served-by: cache-ams21033-AMS, cache-lax-kwhp1940064-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 41, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862700,VS0,VE6
x-styx-req-id: ee570b88-86ab-11ef-b87b-7eaec3dbcd23
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 1856
server: nginx

GET
H2 200 HeroBanner.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/widgets/ 1 KB
790 B 539ms
534ms Script
application/x-javascript 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/widgets/HeroBanner.js?v=2.7

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

7434fc40a30edaa357cb3873be0c68e0e6ac7bce734c4b3a458368d0865d9205

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-wzbxl
content-encoding: gzip
etag: W/"67064b29-435"
age: 38268
expires: Sat, 11 Oct 2025 02:04:06 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: application/x-javascript
last-modified: Wed, 09 Oct 2024 09:21:45 GMT
x-served-by: cache-ams21076-AMS, cache-lax-kwhp1940124-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 40, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862714,VS0,VE6
x-styx-req-id: ee56d327-86ab-11ef-b87b-7eaec3dbcd23
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 580
server: nginx

GET
H2 200 header.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/pages/ 5 KB
2 KB 541ms
536ms Script
application/x-javascript 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/pages/header.js?v=2.7

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

098fc51c00b27479bf9564ff913f642e836ac863b346c43819f09a80936ec0a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-j2fs9
content-encoding: gzip
etag: W/"670661a5-141f"
age: 38268
expires: Sat, 11 Oct 2025 02:04:06 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: application/x-javascript
last-modified: Wed, 09 Oct 2024 10:57:41 GMT
x-served-by: cache-ams21026-AMS, cache-lax-kwhp1940055-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 40, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862674,VS0,VE6
x-styx-req-id: ee56ec43-86ab-11ef-b947-c6e297b52812
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 1521
server: nginx

GET
H2 200 runtime.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/ 3 KB
2 KB 540ms
536ms Script
application/x-javascript 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/runtime.js?v=2.7

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

41a49f5e2794f7440f5a4cca9a3384eeec0505922b2f21b6dfd1299bc275ef95

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-pcz5l
content-encoding: gzip
etag: W/"6706e9c6-cec"
age: 38268
expires: Sat, 11 Oct 2025 02:04:06 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: application/x-javascript
last-modified: Wed, 09 Oct 2024 20:38:30 GMT
x-served-by: cache-ams21081-AMS, cache-lax-kwhp1940100-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 40, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862653,VS0,VE6
x-styx-req-id: ee5b5193-86ab-11ef-806f-86327059ab4c
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 1750
server: nginx

GET
H2 200 main.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/ 3 KB
1 KB 538ms
534ms Script
application/x-javascript 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/main.js?v=2.7

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

873798cf5a9cc4cd81e7fc20017683455be4e1bbf14553aa56182e1f05a6bfd5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-rkcnz
content-encoding: gzip
etag: W/"6706f903-b65"
age: 38268
expires: Sat, 11 Oct 2025 02:04:06 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: application/x-javascript
last-modified: Wed, 09 Oct 2024 21:43:31 GMT
x-served-by: cache-ams2100147-AMS, cache-lax-kwhp1940129-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 40, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862613,VS0,VE4
x-styx-req-id: ee566021-86ab-11ef-b957-86ae226cd428
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 1010
server: nginx

GET
H2 200 vendor-main.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/ 418 KB
145 KB 542ms
538ms Script
application/x-javascript 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/vendor-main.js?v=2.7

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

125917e83a2fdc404792d691b5f572c72408a1fbc6bea8c8c5ea76efc952f8b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-j2fs9
content-encoding: gzip
etag: W/"67064b29-689f2"
age: 38268
expires: Sat, 11 Oct 2025 02:04:06 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: application/x-javascript
last-modified: Wed, 09 Oct 2024 09:21:45 GMT
x-served-by: cache-ams21079-AMS, cache-lax-kwhp1940136-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 2, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862596,VS0,VE6
x-styx-req-id: ee57471e-86ab-11ef-b947-c6e297b52812
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 148414
server: nginx

GET
H2 200 footer.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/pages/ 12 KB
5 KB 540ms
536ms Script
application/x-javascript 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/pages/footer.js?v=2.7

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5e6e5066c2153c8e15f1bb3051b8dfd7dfd1e5b947a80e0ec16c266b5ab50369

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-rkcnz
content-encoding: gzip
etag: W/"67064b29-2f05"
age: 38268
expires: Sat, 11 Oct 2025 02:04:06 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: application/x-javascript
last-modified: Wed, 09 Oct 2024 09:21:45 GMT
x-served-by: cache-ams2100104-AMS, cache-lax-kwhp1940076-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 40, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862575,VS0,VE6
x-styx-req-id: ee56ed19-86ab-11ef-b957-86ae226cd428
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 4485
server: nginx

GET
H2 200 article.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/widgets/ 17 KB
6 KB 541ms
537ms Script
application/x-javascript 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/widgets/article.js?v=2.7

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

14054a79120f273f1fe554b4d62296e779e36fa70da6f9a159919b533b808443

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-wzbxl
content-encoding: gzip
etag: W/"670661a5-42c0"
age: 38268
expires: Sat, 11 Oct 2025 02:04:06 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: application/x-javascript
last-modified: Wed, 09 Oct 2024 10:57:41 GMT
x-served-by: cache-ams21060-AMS, cache-lax-kwhp1940100-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 30, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862569,VS0,VE6
x-styx-req-id: ee56b7bc-86ab-11ef-b87b-7eaec3dbcd23
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 5707
server: nginx

GET
H2 200 js_2KlXA4Z5El1IQFVPxDN1aX5mIoMSFWGv3vwsP77K9yk.js Show response
www.sangfor.com/sites/default/files/js/ 2 B
388 B 90ms
76ms Script
application/x-javascript 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/sites/default/files/js/js_2KlXA4Z5El1IQFVPxDN1aX5mIoMSFWGv3vwsP77K9yk.js

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

d8a957038679125d4840554fc43375697e662283121561afdefc2c3fbecaf729

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-86bbdf8544-ld56d
content-encoding: gzip
etag: "66e3ad6a-2"
age: 38321
expires: Sat, 27 Sep 2025 01:12:22 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: application/x-javascript
last-modified: Fri, 13 Sep 2024 03:11:38 GMT
x-served-by: cache-ams21052-AMS, cache-lax-kwhp1940114-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.789663,VS0,VE6
x-styx-req-id: 622f74ce-7ba4-11ef-acde-3a7638cbe1f7
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 22
server: nginx

GET
H2 200 alpine.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/vendor/ 38 KB
16 KB 543ms
540ms Script
application/x-javascript 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/vendor/alpine.js?v=2.7

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

01b80650d5df17eac7605ba1d5feac89fdba2a6496ceedf58ba0eb3ee5d8dbe9

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-hh9nd
content-encoding: gzip
etag: W/"6706e9c6-9658"
age: 38268
expires: Sat, 11 Oct 2025 02:04:06 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: application/x-javascript
last-modified: Wed, 09 Oct 2024 20:38:30 GMT
x-served-by: cache-ams21077-AMS, cache-lax-kwhp1940027-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 40, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862562,VS0,VE7
x-styx-req-id: ee569894-86ab-11ef-8218-3208fd4d7f88
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 16064
server: nginx

GET
H2 200 js_bzB0iLngivU62X37QpI6Gpz7k3EkyXaTOnQh7orgZbo.js Show response
www.sangfor.com/sites/default/files/js/ 96 KB
38 KB 90ms
77ms Script
application/x-javascript 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/sites/default/files/js/js_bzB0iLngivU62X37QpI6Gpz7k3EkyXaTOnQh7orgZbo.js

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

6f307488b9e08af53ad97dfb42923a1a9cfb937124c976933a7421ee8ae065ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5644f9474c-6xpb6
content-encoding: gzip
etag: W/"66f56a4c-17ec1"
age: 38269
expires: Sat, 27 Sep 2025 14:06:05 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: application/x-javascript
last-modified: Thu, 26 Sep 2024 14:06:04 GMT
x-served-by: cache-ams2100114-AMS, cache-lax-kwhp1940127-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 45, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.790397,VS0,VE7
x-styx-req-id: 785ad187-7c10-11ef-82ce-3a60d385be04
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 38682
server: nginx

GET
H2 200 unsplash_BfrQnKBulYQ.png
www.sangfor.com/sites/default/files/2022-02/ 487 KB
489 KB 391ms
391ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/2022-02/unsplash_BfrQnKBulYQ.png

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

63b453b89d75749a81e7f18fb1cca757d22e400a69fce0c8e69a6042c9cc15f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-5f576dcdd9-fcgbv
fastly-io-info: ifsz=556361 idim=1440x560 ifmt=png ofsz=498328 odim=1440x560 ofmt=webp
etag: "BmixjBk6r2CaDPHbd07RF3zAtRo2QicCEydEzQ0xNIA"
age: 2585003
expires: Thu, 14 Aug 2025 21:00:15 GMT
x-cache: HIT, MISS, HIT, HIT
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams21055-AMS, cache-chi-kigq8000164-CHI, cache-chi-klot8100035-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 5, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862523,VS0,VE1
x-styx-req-id: 0a13c1a2-59b7-11ef-a8f9-6a24832c26e0
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 498328
fastly-io-served-by: vpop-kiad7010230
server: nginx

GET
H2 200 RedHatDisplay-SemiBold.woff2
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/ 19 KB
20 KB 512ms
509ms Font
font/woff2 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/RedHatDisplay-SemiBold.woff2

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

effa68298eeabf7434140c33108e997e9ac91a3d03d81398cdf471172ee50a7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.sangfor.com
Referer: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-hh9nd
etag: "6706e9c5-4d10"
age: 38267
expires: Sat, 11 Oct 2025 02:04:07 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: font/woff2
last-modified: Wed, 09 Oct 2024 20:38:29 GMT
x-served-by: cache-ams2100139-AMS, cache-lax-kwhp1940045-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 35, 0, 0
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862502,VS0,VE6
x-styx-req-id: eeffacf3-86ab-11ef-8218-3208fd4d7f88
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19728
server: nginx

GET
H2 200 RedHatDisplay-Bold.woff2
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/ 19 KB
20 KB 516ms
514ms Font
font/woff2 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/RedHatDisplay-Bold.woff2

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

2632350150729e5432013ca98c01588c89c707f4dcf359076ce8b90cbf369dc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.sangfor.com
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-pcz5l
etag: "6706e9c5-4ce8"
age: 38268
expires: Sat, 11 Oct 2025 02:04:06 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: font/woff2
last-modified: Wed, 09 Oct 2024 20:38:29 GMT
x-served-by: cache-ams2100136-AMS, cache-lax-kwhp1940059-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 34, 0, 0
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862471,VS0,VE7
x-styx-req-id: ee5ef105-86ab-11ef-806f-86327059ab4c
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19688
server: nginx

GET
H2 200 flaticon.ttf
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/ 16 KB
10 KB 510ms
508ms Font
application/x-font-ttf 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/flaticon.ttf

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

1c04a80bf1f07f432ebf3f677b015e854b58efd124649588ea04f136e3eb3554

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.sangfor.com
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-hh9nd
content-encoding: gzip
etag: W/"6706f903-3ecc"
age: 38268
expires: Sat, 11 Oct 2025 02:04:06 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: application/x-font-ttf
last-modified: Wed, 09 Oct 2024 21:43:31 GMT
x-served-by: cache-ams2100116-AMS, cache-lax-kwhp1940034-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 34, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862455,VS0,VE5
x-styx-req-id: ee5812cc-86ab-11ef-8218-3208fd4d7f88
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 9927
server: nginx

GET
H2 200 RedHatDisplay-Medium.woff2
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/ 19 KB
20 KB 514ms
512ms Font
font/woff2 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/RedHatDisplay-Medium.woff2

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

82254875473203cbd5e10c02ca9677baf7ab978a518f6b1cc6acc7a8b1872b63

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.sangfor.com
Referer: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-m7f6g
etag: "67064b29-4d20"
age: 38267
expires: Sat, 11 Oct 2025 02:04:06 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: font/woff2
last-modified: Wed, 09 Oct 2024 09:21:45 GMT
x-served-by: cache-ams2100091-AMS, cache-lax-kwhp1940118-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 34, 0, 0
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862424,VS0,VE7
x-styx-req-id: ee6c95ce-86ab-11ef-9a09-52e503d7f733
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19744
server: nginx

GET
H2 200 RedHatDisplay-ExtraBold.woff2
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/ 19 KB
20 KB 510ms
508ms Font
font/woff2 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/RedHatDisplay-ExtraBold.woff2

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

300e0a19f0415d8cbbb83d10272bc792632f48175d9be777937bee14825e419b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.sangfor.com
Referer: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-hh9nd
etag: "6706f903-4d68"
age: 38268
expires: Sat, 11 Oct 2025 02:04:07 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: font/woff2
last-modified: Wed, 09 Oct 2024 21:43:31 GMT
x-served-by: cache-ams21076-AMS, cache-lax-kwhp1940119-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 34, 0, 0
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862399,VS0,VE6
x-styx-req-id: ee902850-86ab-11ef-8218-3208fd4d7f88
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19816
server: nginx

GET
H2 200 RedHatDisplay-Black.woff2
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/ 18 KB
19 KB 512ms
511ms Font
font/woff2 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/RedHatDisplay-Black.woff2

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

221f8c9253e16004a0fc662867a8c9ca2f8626ee34643314be21511b500fd35d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.sangfor.com
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-rkcnz
etag: "6706f903-4910"
age: 38321
expires: Sat, 11 Oct 2025 02:03:14 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: font/woff2
last-modified: Wed, 09 Oct 2024 21:43:31 GMT
x-served-by: cache-ams2100147-AMS, cache-lax-kwhp1940041-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 35, 0, 0
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862386,VS0,VE7
x-styx-req-id: cf13ee6a-86ab-11ef-b957-86ae226cd428
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18704
server: nginx

GET
H2 200 RedHatDisplay-Regular.woff2
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/ 19 KB
19 KB 514ms
513ms Font
font/woff2 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/RedHatDisplay-Regular.woff2

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

60df6999405b8e3907c141cf4fb76812e272d0890b9e759ea66d1343cfaa20dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.sangfor.com
Referer: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-pcz5l
etag: "6706f903-4a50"
age: 38267
expires: Sat, 11 Oct 2025 02:04:07 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: font/woff2
last-modified: Wed, 09 Oct 2024 21:43:31 GMT
x-served-by: cache-ams21028-AMS, cache-lax-kwhp1940050-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 34, 0, 0
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862374,VS0,VE7
x-styx-req-id: ee7cf54e-86ab-11ef-806f-86327059ab4c
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19024
server: nginx

GET
H2 200 Primary%20Sangfor%20Logo.png
www.sangfor.com/sites/default/files/ 4 KB
4 KB 345ms
342ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/Primary%20Sangfor%20Logo.png

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

71c4d85ab6e7bd8471cb0bed91b04311f338dddd2aa3827f0c4790e8b7b53d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-796985df48-kjk68
fastly-io-info: ifsz=4968 idim=430x144 ifmt=png ofsz=4176 odim=430x144 ofmt=webp
etag: "a01RxrnGV3D32I/tbK92cRx2QOijheMXOlAUlG4zUTc"
age: 1378980
expires: Thu, 28 Aug 2025 15:47:07 GMT
x-cache: MISS, MISS, HIT, HIT
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams21073-AMS, cache-chi-kigq8000040-CHI, cache-chi-klot8100121-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 93, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862485,VS0,VE1
x-styx-req-id: 9d14a6a7-648b-11ef-8c75-9e049ca68b1f
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 4176
fastly-io-served-by: vpop-kiad7010231
server: nginx

GET
DATA 200
OK truncated
/ 231 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90473a1a619e183dde264afd0632ecbaa69a98ce8a4ed8be947417e47a666670

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H2 200 rectangle_956_0.png
www.sangfor.com/sites/default/files/2022-10/ 49 KB
49 KB 328ms
327ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/2022-10/rectangle_956_0.png

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

0858f313cfc6ee260a58e3d9bf00bb20a53c216db64522d7e983944fa7729589

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-7c586d9854-cwvg6
fastly-io-info: ifsz=120491 idim=1440x625 ifmt=png ofsz=50142 odim=1440x625 ofmt=webp
etag: "ko1tmqUlHo9UsmjmnAzq3QPXsjQbMLurm9pfaqDDhS8"
age: 3808091
expires: Sun, 27 Jul 2025 14:07:42 GMT
x-cache: HIT, MISS, HIT, HIT
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams21069-AMS, cache-chi-kigq8000021-CHI, cache-chi-kigq8000077-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 189, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.862343,VS0,VE1
x-styx-req-id: 6cb50402-4b58-11ef-b014-86a74e6c3050
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 50142
fastly-io-served-by: vpop-kiad7010228
server: nginx

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/aR-zv8WjtWx4lAw-tRCA-zca/ 546 KB
216 KB 288ms
142ms Script
text/javascript 172.217.165.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/aR-zv8WjtWx4lAw-tRCA-zca/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LczTogeAAAAAA5eA9bXICZ0-6LDyr2C5kFjBakY

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.165.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s70-in-f3.1e100.net

Software

sffe /

Resource Hash

5f75bfbfbf0c7cac2c87d6ca5de0661aedc188b0900b6cef5efbaea134b53302

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.sangfor.com
Referer: https://www.sangfor.com/

Response headers

content-encoding: gzip
age: 194
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options: nosniff
expires: Fri, 10 Oct 2025 12:38:41 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 10 Oct 2024 12:38:41 GMT
last-modified: Mon, 07 Oct 2024 04:02:51 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges: bytes
access-control-allow-origin: *
content-length: 220951
x-xss-protection: 0
server: sffe

GET
H/1.1 200
OK formsubmittoken Show response
s757079.t.eloqua.com/e/ 703 B
1 KB 669ms
220ms XHR
text/html 192.29.201.57
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://s757079.t.eloqua.com/e/formsubmittoken?elqSiteID=757079

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

192.29.201.57 Amsterdam, Netherlands, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

Resource Hash

a9bf963b9d0bae3bb16321a78843a2a1c46710754853cdaef07070cd0f194a52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Robots-Tag: noindex, nofollow
Cache-Control: no-store
Content-Encoding: gzip
Pragma: no-cache
X-Content-Type-Options: nosniff
Expires: -1
Access-Control-Allow-Origin: *
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Length: 578
X-Xss-Protection: 1; mode=block
Date: Thu, 10 Oct 2024 12:41:55 GMT
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding

GET
H2 200 twitter-alt.svg
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images-optimize/ 910 B
871 B 286ms
286ms Image
image/svg+xml 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images-optimize/twitter-alt.svg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c0db478481c2f2dd767a0b11d2407e6466f3a833c14b219bc1311089b5e51ac9

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-mqsgn
content-encoding: gzip
etag: W/"670661a4-38e"
age: 38321
expires: Sat, 11 Oct 2025 02:03:14 GMT
x-cache: HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:55 GMT
content-type: image/svg+xml
last-modified: Wed, 09 Oct 2024 10:57:40 GMT
x-served-by: cache-ams21025-AMS, cache-lax-kwhp1940036-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 32, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564115.052796,VS0,VE6
x-styx-req-id: cf3ce1c4-86ab-11ef-bce7-5a768933f673
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 509
server: nginx

GET
H2 200 bc-v4.min.html
consentcdn.cookiebot.com/sdk/ Frame 99C1 0
0 419ms
133ms Document
text/html 2600:141b:1c00:2588::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:2588::f09 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash

Request headers

Referer: https://www.sangfor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=29820378
content-encoding: gzip
content-length: 392
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 10 Oct 2024 12:41:55 GMT
etag: "3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163"
expires: Sat, 20 Sep 2025 16:08:13 GMT
last-modified: Mon, 04 Apr 2022 07:23:49 GMT
server: AkamaiNetStorage
server-timing: cdn-cache; desc=HIT edge; dur=1 ak_p; desc="1728564115576_399550060_382704544_18_538_132_135_255";dur=1
vary: Accept-Encoding
x-akamai-transformed: 9 - 0 pmb=mRUM,1

GET
H2 200 configuration.js Show response
consentcdn.cookiebot.com/consentconfig/7029b9e8-6353-4e6a-a7ff-84ac8be1e142/sangfor.com/ 4 KB
1 KB 429ms
138ms Script
application/x-javascript 2600:141b:1c00:258b::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consentcdn.cookiebot.com/consentconfig/7029b9e8-6353-4e6a-a7ff-84ac8be1e142/sangfor.com/configuration.js
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:258b::f09 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 23e4d60cfac088ba6eb24b76c0726eec2077c2f164c17f4e9906f43c3ac4d4ca

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: max-age=72143
content-encoding: gzip
etag: "0d91b97de9e543541bad1f34cf1169a1:1727103406.542376"
cross-origin-resource-policy: cross-origin
expires: Fri, 11 Oct 2024 08:44:18 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=4, origin; dur=0, ak_p; desc="1728564115580_399550063_519810608_356_422_132_136_146";dur=1
content-length: 980
date: Thu, 10 Oct 2024 12:41:55 GMT
content-type: application/x-javascript
last-modified: Mon, 23 Sep 2024 14:56:46 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H2 200 cc.js Show response
consent.cookiebot.com/7029b9e8-6353-4e6a-a7ff-84ac8be1e142/ 359 KB
103 KB 314ms
312ms Script
application/x-javascript 2600:141b:1c00:16::17c4:309
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/7029b9e8-6353-4e6a-a7ff-84ac8be1e142/cc.js?renew=false&referer=www.sangfor.com&dnt=false&init=false&culture=EN
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:16::17c4:309 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: ee4fab2ab809e4d56d1d103ec66b27ef7a8668139eb428620a2c816a9d7ccef6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: private, max-age=1200
access-control-expose-headers: Request-Context
content-encoding: gzip
cross-origin-resource-policy: cross-origin
request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
date: Thu, 10 Oct 2024 12:41:55 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Thu, 10 Oct 2024 12:41:55 GMT
vary: Accept-Encoding

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 241 KB
87 KB 176ms
176ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-SS797RGCZV&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-15510522-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

981594ef005976afbfc3baae540d076a8c8622d9d768145b7152bedbbe5f81dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 10 Oct 2024 12:41:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 10 Oct 2024 12:41:55 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 10 Oct 2024 12:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 88866
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 222ms
71ms Script
text/javascript 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-15510522-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: gzip
age: 4825
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Thu, 10 Oct 2024 13:21:30 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 10 Oct 2024 11:21:30 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 248 KB
88 KB 206ms
205ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-11481739312&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-15510522-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

eb17ae77c47f2c2a9de2cd375b8d511361d6bcc009b1069e32b5ab0aaf8a8cff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 10 Oct 2024 12:41:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 10 Oct 2024 12:41:55 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 10 Oct 2024 12:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 90035
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 370 KB
121 KB 216ms
215ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-658559639&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-15510522-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

06ce743b20589b234db2cc2522454e1c223ac51b5d3c53b575a71eb589bbff9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 10 Oct 2024 12:41:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 10 Oct 2024 12:41:55 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 123471
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 309 KB
105 KB 244ms
244ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-21N5DLV7PF&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-15510522-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e663d66e26118cb62dd98ecabe4cca90d7f8a4d0d5fb8e3d38d6abd614120ec0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 10 Oct 2024 12:41:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 10 Oct 2024 12:41:55 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 106908
x-xss-protection: 0
server: Google Tag Manager

GET anchor
www.google.com/recaptcha/api2/ Frame 1A07 0
0

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 226 KB
58 KB 276ms
136ms Script
application/x-javascript 31.13.71.7
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.71.7 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-lga3.fbcdn.net

Software

Resource Hash

48ba1993011db4834882d81b2153753437607292f704a6543d4466c0f6d1372a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'unsafe-inline' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 10 Oct 2024 12:41:56 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=134, rtx=0, c=24, mss=1232, tbw=8184, tp=13, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: 0BhrVG/kiFSb3Taoc1Gl4hHQuo5Ov73UNN1kpR1NmYruj24jt+woTOpDMbIiE3jkNWQcUSX6Zw43/cHXwZxcFQ==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 59131
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 454ms
137ms Script
application/javascript 2600:141b:1c00:6::17df:d120
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:1c00:6::17df:d120 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: max-age=65098
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14628
date: Thu, 10 Oct 2024 12:41:56 GMT
last-modified: Thu, 22 Aug 2024 11:06:54 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H3 200 anchor
www.google.com/recaptcha/api2/ Frame 33B6 0
0 368ms
177ms Document
text/html 142.250.80.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LczTogeAAAAAA5eA9bXICZ0-6LDyr2C5kFjBakY&co=aHR0cHM6Ly93d3cuc2FuZ2Zvci5jb206NDQz&hl=en&v=aR-zv8WjtWx4lAw-tRCA-zca&size=invisible&cb=vljq0dcu40lx

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.36 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f4.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-t06xX9eov2hzXbDJcTxgFw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sangfor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-t06xX9eov2hzXbDJcTxgFw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Thu, 10 Oct 2024 12:41:56 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
419 B 97ms
96ms XHR
text/plain 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=1173664988&t=pageview&_s=1&dl=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&ul=en-us&de=UTF-8&dt=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=1243704040&gjid=1527366569&cid=1356314022.1728564116&tid=UA-15510522-1&_gid=2064831874.1728564116&_r=1&gtm=457e4a70za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685&did=dMDhkMT&gdid=dMDhkMT&jsscut=1&z=1120586916

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.sangfor.com/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 10 Oct 2024 12:41:55 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://www.sangfor.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 1
server: Golfe2

GET
H2 200 sangfor-logo.png
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/ 34 KB
34 KB 77ms
76ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/sangfor-logo.png

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

6737f2f0ac1fb89f6a3f645062d8f504cd5f78fefff2be86ae82bc544de8fa24

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-7968478984-xqlzx
fastly-io-info: ifsz=44278 idim=1250x1250 ifmt=png ofsz=34436 odim=1250x1250 ofmt=webp
etag: "t575pKpQ3B2dYvYBYiXmVCPQ5KEwON8GgT6CMF4eyh8"
age: 1447889
expires: Fri, 02 May 2025 12:03:04 GMT
x-cache: HIT, MISS, HIT, HIT
date: Thu, 10 Oct 2024 12:41:56 GMT
content-type: image/webp
x-served-by: cache-ams12763-AMS, cache-chi-klot8100140-CHI, cache-chi-kigq8000169-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 269, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564116.062657,VS0,VE1
x-styx-req-id: c43c6b4a-07b2-11ef-ab86-b648d5ad88f3
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 34436
fastly-io-served-by: vpop-kiad7010228
server: nginx

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e96f4f4298c7d1a94f2fd78ad214ecc6bdfbc7632c1e4927e8c32b29914fdaed

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 293 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

POST
H2 204 collect
analytics.google.com/g/ 0
0 264ms
97ms Fetch
text/plain 2001:4860:4802:36::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-21N5DLV7PF&gtm=45je4a70v894187644za200&_p=1728564114511&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101529666~101671035~101686685&gdid=dMDhkMT&cid=1356314022.1728564116&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1728564116&sct=1&seg=0&dl=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&dt=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&en=page_view&_fv=1&_ss=1&_ee=1&ep.page_placeholder=PLACEHOLDER_page_location&tfd=2655
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-21N5DLV7PF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.sangfor.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 10 Oct 2024 12:41:56 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
545 B 410ms
139ms Ping
text/plain 2607:f8b0:4004:c19::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-21N5DLV7PF&cid=1356314022.1728564116&gtm=45je4a70v894187644za200&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101529666~101671035~101686685
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-21N5DLV7PF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c19::9a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.sangfor.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 10 Oct 2024 12:41:56 GMT
content-type: text/plain
server: Golfe2

GET rul
td.doubleclick.net/td/ga/ Frame FCEE 0
0

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame FCEE 0
0 450ms
173ms Document
text/html 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-21N5DLV7PF&gacid=1356314022.1728564116&gtm=45je4a70v894187644za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101529666~101671035~101686685&z=944713237

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sangfor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 10 Oct 2024 12:41:56 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/658559639/ 5 KB
2 KB 441ms
167ms Script
text/javascript 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/658559639/?random=1728564116176&cv=11&fst=1728564116176&bg=ffffff&guid=ON&async=1&gtm=45be4a70v888876710z8834067541za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&npa=0&us_privacy=1YNY&pscdl=noapi&auid=792902792.1728564116&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-658559639&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

ad6b28fcc1ac0c9ab566c52d7bf180619d650c7ff71d12f2a96ae7bc872dcd59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2417
date: Thu, 10 Oct 2024 12:41:56 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET 658559639
td.doubleclick.net/td/rul/ Frame AB7C 0
0

POST
H2 204 collect
analytics.google.com/g/ 0
0 124ms
99ms Fetch
text/plain 2001:4860:4802:36::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-SS797RGCZV&gtm=45be4a70v888876710z8834067541za200&_p=1728564114511&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101671035~101686685&cid=1356314022.1728564116&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1728564116&sct=1&seg=0&dl=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&dt=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&en=page_view&_fv=1&_ss=1&tfd=2797
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-658559639&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.sangfor.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 10 Oct 2024 12:41:56 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
57 B 271ms
141ms Ping
text/plain 2607:f8b0:4004:c19::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-SS797RGCZV&cid=1356314022.1728564116&gtm=45be4a70v888876710z8834067541za200&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101671035~101686685
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-658559639&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c19::9a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.sangfor.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 10 Oct 2024 12:41:56 GMT
content-type: text/plain
server: Golfe2

GET rul
td.doubleclick.net/td/ga/ Frame DB61 0
0

POST
H3 204 collect
www.google-analytics.com/g/ 0
0 96ms
96ms Fetch
text/plain 216.239.36.178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-NP5KMJMZXN&gtm=45be4a70v888876710z8834067541za200&_p=1728564114511&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101671035~101686685&cid=1356314022.1728564116&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1728564116&sct=1&seg=0&dl=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&dt=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&en=page_view&_fv=1&_ss=1&tfd=2809
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-658559639&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.36.178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.sangfor.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 10 Oct 2024 12:41:56 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 658559639
td.doubleclick.net/td/rul/ Frame AB7C 0
0 350ms
176ms Document
text/html 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/658559639?random=1728564116176&cv=11&fst=1728564116176&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a70v888876710z8834067541za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&npa=0&us_privacy=1YNY&pscdl=noapi&auid=792902792.1728564116&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sangfor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 10 Oct 2024 12:41:56 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame DB61 0
0 341ms
171ms Document
text/html 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-SS797RGCZV&gacid=1356314022.1728564116&gtm=45be4a70v888876710z8834067541za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101671035~101686685&z=2107041512

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sangfor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 10 Oct 2024 12:41:56 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/11481739312/ 5 KB
2 KB 316ms
159ms Script
text/javascript 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11481739312/?random=1728564116303&cv=11&fst=1728564116303&bg=ffffff&guid=ON&async=1&gtm=45be4a70v9176098020za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&did=dMDhkMT&gdid=dMDhkMT&npa=0&us_privacy=1YNY&pscdl=noapi&auid=792902792.1728564116&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config%3Bpage_placeholder%3DPLACEHOLDER_page_location&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-11481739312&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

1cff65058464ec1b9592c19c4975b4a46cd199c5d898ac7c2bc8ffe07abc9f52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2464
date: Thu, 10 Oct 2024 12:41:56 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET 11481739312
td.doubleclick.net/td/rul/ Frame 1AE6 0
0

GET
H2 200 11481739312
td.doubleclick.net/td/rul/ Frame 1AE6 0
0 276ms
175ms Document
text/html 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/11481739312?random=1728564116303&cv=11&fst=1728564116303&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a70v9176098020za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&did=dMDhkMT&gdid=dMDhkMT&npa=0&us_privacy=1YNY&pscdl=noapi&auid=792902792.1728564116&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config%3Bpage_placeholder%3DPLACEHOLDER_page_location

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sangfor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 10 Oct 2024 12:41:56 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 422012601626408 Show response
connect.facebook.net/signals/config/ 74 KB
15 KB 274ms
273ms Script
application/x-javascript 31.13.71.7
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/422012601626408?v=2.9.170&r=stable&domain=www.sangfor.com&hme=d82868061a8c707cd31395a3055e7449daa03bd520872727258c39e6af34523e&ex_m=70%2C120%2C106%2C110%2C61%2C4%2C99%2C69%2C16%2C96%2C88%2C51%2C54%2C171%2C174%2C186%2C182%2C183%2C185%2C29%2C100%2C53%2C77%2C184%2C166%2C169%2C179%2C180%2C187%2C130%2C41%2C34%2C142%2C15%2C50%2C193%2C192%2C132%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C92%2C17%2C14%2C95%2C91%2C90%2C107%2C52%2C109%2C39%2C108%2C30%2C93%2C26%2C167%2C170%2C139%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C101%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C103%2C102%2C104%2C97%2C10%2C20%2C3%2C38%2C74%2C19%2C85%2C56%2C83%2C33%2C73%2C0%2C94%2C32%2C82%2C87%2C47%2C46%2C86%2C37%2C5%2C89%2C81%2C44%2C35%2C84%2C2%2C36%2C63%2C42%2C105%2C45%2C79%2C68%2C111%2C60%2C59%2C31%2C98%2C58%2C55%2C49%2C78%2C72%2C24%2C112

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.71.7 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-lga3.fbcdn.net

Software

Resource Hash

049a620eeb9f38870ebbf2d23745063622e976a29ba6a9d0b5b94e1198116a31

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'unsafe-inline' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 10 Oct 2024 12:41:56 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'unsafe-inline' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=135, rtx=0, c=78, mss=1232, tbw=72368, tp=70, tpl=0, uplat=138, ullat=0
pragma: public
x-fb-debug: 9AQabyLvDDHJWKrc+6VbIKeJ9/YXm1VEPcR6TGhS2JnKMFR8lygiRbQFUhgoE98TMzV/ZOG5/XGFRzjru/7gYg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
762 B 269ms
122ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=701411&time=1728564116399&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: *
Referer: https://www.sangfor.com/

Response headers

x-li-pop: afd-prod-ltx1-x
content-encoding: gzip
x-fs-uuid: 0006241eb2242b6e4135a193460eb587
x-msedge-ref: Ref A: 6DEFE9050D1749C4919BFCC2B226C710 Ref B: LAX311000110019 Ref C: 2024-10-10T12:41:56Z
x-li-fabric: prod-ltx1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYkHrIkK25BNaGTRg61hw==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Thu, 10 Oct 2024 12:41:55 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728564116399&li_adsId=a64f50d6-83e9-4fb0-bce8-bc637c747512&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcy...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728564116399&li_adsId=a64f50d6-83e9-4fb0-bce8-bc637c747512&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcy...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D701411%26time%3D1728564116399%26li_adsId%3Da64f50d6-83e9-4fb0-bce8-bc637c747512%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728564116399&li_adsId=a64f50d6-83e9-4fb0-bce8-bc637c747512&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcy...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728564116399&li_adsId=a64f50d6-83e9-4fb0-bce8-bc637c747512&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fc...

0
703 B

361ms
211ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728564116399&li_adsId=a64f50d6-83e9-4fb0-bce8-bc637c747512&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&cookiesTest=true&liSync=true&e_ipv6=AQK54P7KhdBzbQAAAZJ2cz8-1Ad5jVC7HzripC9vaqlbLSasBnI4iWz_xAh8h13sQgTVEA
Requested by: Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-msedge-ref: Ref A: 1B9D6649BA4B42549E1662651BF88032 Ref B: LAXEDGE1915 Ref C: 2024-10-10T12:41:57Z
x-li-fabric: prod-lva1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-uuid: AAYkHrIzd0yrfCLCoIQLZg==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Thu, 10 Oct 2024 12:41:56 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728564116399&li_adsId=a64f50d6-83e9-4fb0-bce8-bc637c747512&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&cookiesTest=true&liSync=true&e_ipv6=AQK54P7KhdBzbQAAAZJ2cz8-1Ad5jVC7HzripC9vaqlbLSasBnI4iWz_xAh8h13sQgTVEA
x-msedge-ref: Ref A: 7E192A9117C94679AD030CFE6AD334E3 Ref B: LAX311000108033 Ref C: 2024-10-10T12:41:57Z
x-li-fabric: prod-lva1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-uuid: AAYkHrIu4Ls2TQ72gUXvTw==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Thu, 10 Oct 2024 12:41:56 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/11481739312/ 42 B
64 B 152ms
151ms Image
image/gif 142.250.80.36
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/11481739312/?random=1728564116303&cv=11&fst=1728561600000&bg=ffffff&guid=ON&async=1&gtm=45be4a70v9176098020za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&did=dMDhkMT&gdid=dMDhkMT&npa=0&us_privacy=1YNY&pscdl=noapi&auid=792902792.1728564116&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config%3Bpage_placeholder%3DPLACEHOLDER_page_location&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfxa6qD8_kBuNIgL0k43TpfjsJ_bke3A&random=1976559026&rmt_tld=0&ipr=y

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.36 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Thu, 10 Oct 2024 12:41:56 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.google.com/pagead/1p-user-list/658559639/ 42 B
64 B 213ms
213ms Image
image/gif 142.250.80.36
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/658559639/?random=1728564116176&cv=11&fst=1728561600000&bg=ffffff&guid=ON&async=1&gtm=45be4a70v888876710z8834067541za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&npa=0&us_privacy=1YNY&pscdl=noapi&auid=792902792.1728564116&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfIo2mHVtAIjJO4w5mrHbz0Def0ChtNg&random=2938195270&rmt_tld=0&ipr=y

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.36 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Thu, 10 Oct 2024 12:41:56 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 /
www.facebook.com/tr/ 0
270 B 406ms
133ms Image
text/plain 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=422012601626408&ev=PageView&dl=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&rl=&if=false&ts=1728564116687&sw=1600&sh=1200&v=2.9.170&r=stable&ec=0&o=12318&fbp=fb.1.1728564116685.653094016898712611&cs_est=true&ler=empty&cdl=API_unavailable&it=1728564116395&coo=false&rqm=GET

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: GOOD; q=0.7, rtt=130, rtx=0, c=10, mss=1297, tbw=2924, tp=-1, tpl=-1, uplat=1, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Thu, 10 Oct 2024 12:41:57 GMT
content-type: text/plain
server: proxygen-bolt

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 515ms
243ms Image
image/png 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=422012601626408&ev=PageView&dl=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&rl=&if=false&ts=1728564116687&sw=1600&sh=1200&v=2.9.170&r=stable&ec=0&o=12318&fbp=fb.1.1728564116685.653094016898712611&cs_est=true&ler=empty&cdl=API_unavailable&it=1728564116395&coo=false&rqm=FGET

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7424126353574952479"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 10 Oct 2024 12:41:57 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: xH1hbmK/wu2py2o387QHqJzLe1PVAavrorOoCdzlZYkB41jCw+R0l5cl8uiiWDjwEoNZbOj/RRcczw/qeV3TSw==
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7424126353574952479", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: GOOD; q=0.7, rtt=130, rtx=0, c=10, mss=1297, tbw=3238, tp=-1, tpl=-1, uplat=103, ullat=0
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
cross-origin-opener-policy-report-only: restrict-properties;report-to="coop_report"
x-xss-protection: 0
origin-agent-cluster: ?0

GET
H/1.1 200
OK formsubmittoken Show response
s757079.t.eloqua.com/e/ 703 B
1 KB 215ms
214ms XHR
text/html 192.29.201.57
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://s757079.t.eloqua.com/e/formsubmittoken?elqSiteID=757079

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/themes/custom/sangfor/front-end/eloqua_js/eloqua.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

192.29.201.57 Amsterdam, Netherlands, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

Resource Hash

be368c6cd1967291003e3a8e60594c7fc9503c3f79815b318e4d5ea26e35768c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Robots-Tag: noindex, nofollow
Cache-Control: no-store
Content-Encoding: gzip
Pragma: no-cache
X-Content-Type-Options: nosniff
Expires: -1
Access-Control-Allow-Origin: *
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Length: 576
X-Xss-Protection: 1; mode=block
Date: Thu, 10 Oct 2024 12:41:56 GMT
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding

GET
H2 200 / Show response
ipapi.co/json/ 781 B
941 B 310ms
149ms Fetch
application/json 2606:4700:20::681a:82c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ipapi.co/json/

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/pages/footer.js?v=2.7

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:20::681a:82c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3296993d4c40f08588706136c2e8000099ef27f4ca25225e5be6e65cf7917927

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: same-origin
cf-cache-status: DYNAMIC
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xPU%2BWmw%2F5DB8h7CbSscSEDQpRztMkr0YYtxWcTR8cFCHyarvEkQTC6VB4NesiyCgjjVsJQBU0idwch4iBVK0ITfZ8iMXnhNeybYaI2xCZuKdoS%2BzhuZUcqYLX8%2BdDTED5W4fO%2BPc"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
allow: POST, OPTIONS, GET, HEAD, OPTIONS
cf-ray: 8d06b004de9d2af1-LAX
referrer-policy: same-origin
access-control-allow-origin: https://www.sangfor.com
date: Thu, 10 Oct 2024 12:41:57 GMT
content-type: application/json
vary: Host, origin
server: cloudflare
x-frame-options: DENY

GET
H2 200 New%20RCRU64%20Ransomware%20Variant18132.jpg
www.sangfor.com/sites/default/files/inline-images/ 67 KB
0 0ms
0ms Image
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant18132.jpg
Requested by: Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: eafbdcc4eab9ccd535cebb16f2f960eecc341496cc3edede446bf5d90321660b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-59f96d5596-qrghr
fastly-io-info: ifsz=110828 idim=831x355 ifmt=jpeg ofsz=68464 odim=831x355 ofmt=webp
etag: "jCs1QW0BsNX9awyoU5s8yLfnIGSxvWr/qlWl4SWlAXo"
age: 774513
expires: Wed, 24 Sep 2025 09:54:37 GMT
x-cache: MISS, HIT, HIT, MISS
date: Thu, 10 Oct 2024 12:41:54 GMT
content-type: image/webp
x-served-by: cache-ams2100117-AMS, cache-chi-klot8100155-CHI, cache-chi-kigq8000160-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 4, 0
vary: Accept
fastly-stats: io=1
cache-control: max-age=31622400
x-timer: S1728564115.862885,VS0,VE59
x-styx-req-id: d857f080-7991-11ef-9d35-86258012481b
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 68464
fastly-io-served-by: vpop-kiad7010210
server: nginx

GET
H2 200 token Show response
www.sangfor.com/session/ 43 B
539 B 270ms
269ms Fetch
text/plain 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/session/token

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/widgets/article.js?v=2.7

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

497ace3dbac9e77b7df5a742e2f9c3f78af938d622880fb8b87930d87429f3fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-hhx26
content-encoding: gzip
age: 0
x-content-type-options: nosniff
x-generator: Drupal 9 (https://www.drupal.org)
expires: Sun, 19 Nov 1978 05:00:00 GMT
x-cache: MISS, MISS, MISS
x-ua-compatible: IE=edge
date: Thu, 10 Oct 2024 12:41:57 GMT
content-type: text/plain; charset=UTF-8
x-served-by: cache-ams21023-AMS, cache-lax-kwhp1940061-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=300
vary: Accept-Encoding
cache-control: must-revalidate, no-cache, private
x-timer: S1728564117.111637,VS0,VE198
x-styx-req-id: 0946c283-8705-11ef-848d-ee31b65f8c59
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
permissions-policy: interest-cohort=()
accept-ranges: bytes
content-length: 63
content-language: en
server: nginx

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
496 B 152ms
149ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.sangfor.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-msedge-ref: Ref A: 6189E132AB924D77A068548AEE8C092E Ref B: LAX311000108033 Ref C: 2024-10-10T12:41:57Z
x-li-fabric: prod-lva1
access-control-allow-credentials: true
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-uuid: AAYkHrI2yqUs5+zSM71GnA==
x-li-proto: http/2
access-control-allow-origin: https://www.sangfor.com
x-cache: CONFIG_NOCACHE
date: Thu, 10 Oct 2024 12:41:56 GMT
vary: Origin

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 241 KB
0 0ms
0ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-SS797RGCZV&l=dataLayer&cx=c

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

981594ef005976afbfc3baae540d076a8c8622d9d768145b7152bedbbe5f81dc

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 10 Oct 2024 12:41:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 10 Oct 2024 12:41:55 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 10 Oct 2024 12:00:00 GMT
access-control-allow-headers: Cache-Control
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 88866
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 1.gif
imgsct.cookiebot.com/ 35 B
474 B 190ms
188ms Image
image/gif 2600:141b:1c00:258b::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imgsct.cookiebot.com/1.gif?dgi=7029b9e8-6353-4e6a-a7ff-84ac8be1e142
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:258b::f09 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: *
x-goog-hash: crc32c=rX4K2g==, md5=whlt6LpBLGDCKrSRr3sUCQ==
etag: "c2196de8ba412c60c22ab491af7b1409"
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 35
date: Thu, 10 Oct 2024 12:41:57 GMT
last-modified: Mon, 23 Oct 2023 11:39:32 GMT
content-type: image/gif
x-guploader-uploadid: AHmUCY39GYJ5q-ryujI7kTy9zm87OfiOA_Nz-meofL4Ecvs5LL0NqLwbMPzRDRkMZWuBw0Fu1Ok
cache-control: public,max-age=1800
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1698061172769999
content-length: 35
server: UploadServer

GET
H2 200 favicon-32x32_0.png
www.sangfor.com/sites/default/files/ 1 KB
2 KB 72ms
72ms Other
image/webp 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/sites/default/files/favicon-32x32_0.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c30e4b76b88aba11e97e78e219d797b895179efbc93b99dc9d6c440c0511b505

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-75d6d4fb59-s9h46
fastly-io-info: ifsz=1320 idim=32x32 ifmt=png ofsz=1140 odim=32x32 ofmt=webp
etag: "jWAmTR2Ap7vCgaD2O9sKUfv5CW7fzlmW4/aPmY5PIB4"
age: 3158286
expires: Mon, 30 Jun 2025 05:09:01 GMT
x-cache: MISS, MISS, HIT, HIT
date: Thu, 10 Oct 2024 12:41:57 GMT
content-type: image/webp
x-served-by: cache-ams21079-AMS, cache-chi-kigq8000085-CHI, cache-chi-kigq8000110-CHI, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 3, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728564118.792526,VS0,VE1
x-styx-req-id: b2d36b57-35d5-11ef-92be-3697a1d76678
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 1140
fastly-io-served-by: vpop-kiad7010250
server: nginx

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
0 0ms
0ms Script
text/javascript 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: gzip
age: 4825
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Thu, 10 Oct 2024 13:21:30 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 10 Oct 2024 11:21:30 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 248 KB
0 0ms
0ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-11481739312&l=dataLayer&cx=c

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

eb17ae77c47f2c2a9de2cd375b8d511361d6bcc009b1069e32b5ab0aaf8a8cff

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 10 Oct 2024 12:41:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 10 Oct 2024 12:41:55 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 10 Oct 2024 12:00:00 GMT
access-control-allow-headers: Cache-Control
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 90035
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 370 KB
0 0ms
0ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-658559639&l=dataLayer&cx=c

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

06ce743b20589b234db2cc2522454e1c223ac51b5d3c53b575a71eb589bbff9e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 10 Oct 2024 12:41:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 10 Oct 2024 12:41:55 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 123471
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 309 KB
0 0ms
0ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-21N5DLV7PF&l=dataLayer&cx=c

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e663d66e26118cb62dd98ecabe4cca90d7f8a4d0d5fb8e3d38d6abd614120ec0

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 10 Oct 2024 12:41:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 10 Oct 2024 12:41:55 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 106908
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 226 KB
0 0ms
0ms Script
application/x-javascript 31.13.71.7
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.71.7 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-lga3.fbcdn.net

Software

Resource Hash

48ba1993011db4834882d81b2153753437607292f704a6543d4466c0f6d1372a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'unsafe-inline' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 10 Oct 2024 12:41:56 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=134, rtx=0, c=24, mss=1232, tbw=8184, tp=13, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: 0BhrVG/kiFSb3Taoc1Gl4hHQuo5Ov73UNN1kpR1NmYruj24jt+woTOpDMbIiE3jkNWQcUSX6Zw43/cHXwZxcFQ==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 59131
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
0 0ms
0ms Script
application/javascript 2600:141b:1c00:6::17df:d120
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:1c00:6::17df:d120 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: max-age=65098
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14628
date: Thu, 10 Oct 2024 12:41:56 GMT
last-modified: Thu, 22 Aug 2024 11:06:54 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/658559639/ 5 KB
2 KB 164ms
164ms Script
text/javascript 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

1f4dbbfc4b3df6a58233c2c445e60cc56d51b9a0f9665e4a1a74fff425b3da62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2438
date: Thu, 10 Oct 2024 12:41:57 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H3 200 /
www.google.com/pagead/1p-user-list/658559639/ 42 B
64 B 154ms
154ms Image
image/gif 142.250.80.36
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/658559639/?random=1728564116176&cv=11&fst=1728561600000&bg=ffffff&guid=ON&async=1&gtm=45be4a70v888876710z8834067541za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&npa=0&us_privacy=1YNY&pscdl=noapi&auid=792902792.1728564116&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfLOigYEDO6-TTmoCoNpC7K_X_nQFya98ew47RM1njhKtvfo4F&random=3321342330&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.36 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Thu, 10 Oct 2024 12:41:58 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/11481739312/ 5 KB
2 KB 161ms
160ms Script
text/javascript 142.251.40.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s38-in-f2.1e100.net

Software

cafe /

Resource Hash

e330e88cfde4c7a57f4d632e5a7048dd403692f0315a7a19371bfd3b8d13af65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2480
date: Thu, 10 Oct 2024 12:41:58 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H3 200 /
www.google.com/pagead/1p-user-list/11481739312/ 42 B
64 B 156ms
156ms Image
image/gif 142.250.80.36
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/11481739312/?random=1728564116303&cv=11&fst=1728561600000&bg=ffffff&guid=ON&async=1&gtm=45be4a70v9176098020za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&did=dMDhkMT&gdid=dMDhkMT&npa=0&us_privacy=1YNY&pscdl=noapi&auid=792902792.1728564116&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config%3Bpage_placeholder%3DPLACEHOLDER_page_location&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfYXX4Tf6RxMAGec6mB1ZtXJeKJ2_Sg30LcdnMOtidcDykVEeP&random=1274901968&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.36 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Thu, 10 Oct 2024 12:41:58 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 422012601626408 Show response
connect.facebook.net/signals/config/ 74 KB
0 0ms
0ms Script
application/x-javascript 31.13.71.7
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.71.7 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-lga3.fbcdn.net

Software

Resource Hash

049a620eeb9f38870ebbf2d23745063622e976a29ba6a9d0b5b94e1198116a31

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'unsafe-inline' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 10 Oct 2024 12:41:56 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'unsafe-inline' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=135, rtx=0, c=78, mss=1232, tbw=72368, tp=70, tpl=0, uplat=138, ullat=0
pragma: public
x-fb-debug: 9AQabyLvDDHJWKrc+6VbIKeJ9/YXm1VEPcR6TGhS2JnKMFR8lygiRbQFUhgoE98TMzV/ZOG5/XGFRzjru/7gYg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

POST
H2 200 statistics.php Show response
www.sangfor.com/core/modules/statistics/ 0
262 B 536ms
534ms XHR
text/html 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/core/modules/statistics/statistics.php

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/sites/default/files/js/js_bzB0iLngivU62X37QpI6Gpz7k3EkyXaTOnQh7orgZbo.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-wzbxl
content-encoding: gzip
age: 0
x-cache: MISS, MISS, MISS
date: Thu, 10 Oct 2024 12:41:59 GMT
content-type: text/html; charset=UTF-8
x-served-by: cache-ams2100123-AMS, cache-lax-kwhp1940135-LAX, cache-lax-kwhp1940135-LAX
x-cache-hits: 0, 0, 0
vary: Accept-Encoding, Cookie, Cookie
strict-transport-security: max-age=300
x-timer: S1728564119.254150,VS0,VE464
x-styx-req-id: 0ab7ad52-8705-11ef-b87b-7eaec3dbcd23
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 20
server: nginx

GET
H/1.1 200
OK v1_wzqpkpwvuopibcld.js Show response
wa.arounddeal.com/wv/ 960 B
884 B 316ms
100ms Script
text/html 69.164.193.241
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://wa.arounddeal.com/wv/v1_wzqpkpwvuopibcld.js
Requested by: Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.164.193.241 Richardson, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: 69-164-193-241.ip.linodeusercontent.com
Software: nginx/1.22.1 / PHP/8.0.30
Resource Hash: 6429cc091657f28263cd4c1d129eba97e8f1abccdc40a488d7ffb70a7146f7c5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

Transfer-Encoding: chunked
Cache-Control: no-cache
Content-Encoding: gzip
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS, GET, POST, OPTIONS
Access-Control-Allow-Origin: *, *
Date: Thu, 10 Oct 2024 12:41:59 GMT
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Server: nginx/1.22.1
X-Powered-By: PHP/8.0.30

GET
H/1.1 200
OK elqCfg.min.js Show response
images.sangfor.com/i/ 6 KB
3 KB 1312ms
732ms Script
application/x-javascript 23.44.201.9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://images.sangfor.com/i/elqCfg.min.js

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.44.201.9 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-44-201-9.deploy.static.akamaitechnologies.com

Software

Resource Hash

3346de8e2ae1bfde250c7ac5c06f79a0a60c7faef8e5e08a2c9e8fbf5ec2c9e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
ETag: "5fbd42741dd4da1:0"
X-Content-Type-Options: nosniff
Expires: Thu, 10 Oct 2024 12:42:00 GMT
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Date: Thu, 10 Oct 2024 12:42:00 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 12 Jul 2024 05:36:33 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Cache-Control: no-store
Pragma: no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2183
X-XSS-Protection: 1; mode=block

POST
H/1.1 200
OK / Show response
wa.arounddeal.com/wa/ 1 B
357 B 105ms
104ms XHR
text/html 69.164.193.241
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://wa.arounddeal.com/wa/
Requested by: Host: wa.arounddeal.com
URL: https://wa.arounddeal.com/wv/v1_wzqpkpwvuopibcld.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.164.193.241 Richardson, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: 69-164-193-241.ip.linodeusercontent.com
Software: nginx/1.22.1 / PHP/8.0.30
Resource Hash: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-type: application/json; charset=UTF-8
Referer: https://www.sangfor.com/

Response headers

Transfer-Encoding: chunked
Content-Encoding: gzip
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Date: Thu, 10 Oct 2024 12:41:59 GMT
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Server: nginx/1.22.1
X-Powered-By: PHP/8.0.30

OPTIONS
H/1.1 204
No Content /
wa.arounddeal.com/wa/ Frame 0
0 297ms
98ms Preflight
text/plain 69.164.193.241
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://wa.arounddeal.com/wa/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.164.193.241 Richardson, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: 69-164-193-241.ip.linodeusercontent.com
Software: nginx/1.22.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.sangfor.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: DNT, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Range
Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 1728000
Connection: keep-alive
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Thu, 10 Oct 2024 12:41:59 GMT
Server: nginx/1.22.1

POST
H/1.1 200
OK / Show response
wa.arounddeal.com/wa/ 1 B
357 B 103ms
102ms XHR
text/html 69.164.193.241
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://wa.arounddeal.com/wa/
Requested by: Host: wa.arounddeal.com
URL: https://wa.arounddeal.com/wv/v1_wzqpkpwvuopibcld.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.164.193.241 Richardson, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: 69-164-193-241.ip.linodeusercontent.com
Software: nginx/1.22.1 / PHP/8.0.30
Resource Hash: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-type: application/json; charset=UTF-8
Referer: https://www.sangfor.com/

Response headers

Transfer-Encoding: chunked
Content-Encoding: gzip
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Date: Thu, 10 Oct 2024 12:41:59 GMT
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Server: nginx/1.22.1
X-Powered-By: PHP/8.0.30

OPTIONS
H/1.1 204
No Content /
wa.arounddeal.com/wa/ Frame 0
0 298ms
99ms Preflight
text/plain 69.164.193.241
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://wa.arounddeal.com/wa/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.164.193.241 Richardson, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: 69-164-193-241.ip.linodeusercontent.com
Software: nginx/1.22.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.sangfor.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: DNT, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Range
Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 1728000
Connection: keep-alive
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Thu, 10 Oct 2024 12:41:59 GMT
Server: nginx/1.22.1

GET
H/1.1

200
OK

svrGP.aspx
s757079.t.eloqua.com/visitor/v200/
Redirect Chain

https://s757079.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=757079&ref2=elqNone&tzo=600&ms=536&optin=disabled
https://s757079.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=757079&ref2=elqNone&tzo=600&ms=536&optin=disabled&elqCookie=1

49 B
448 B

247ms
247ms

Image
image/gif

192.29.201.57
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s757079.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=757079&ref2=elqNone&tzo=600&ms=536&optin=disabled&elqCookie=1

Protocol

HTTP/1.1

Server

192.29.201.57 Amsterdam, Netherlands, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

Resource Hash

f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Robots-Tag: noindex, nofollow
Cache-Control: no-store
Pragma: no-cache
X-Content-Type-Options: nosniff
Expires: -1
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Length: 49
X-Xss-Protection: 1; mode=block
Date: Thu, 10 Oct 2024 12:42:00 GMT
Content-Type: image/gif

Redirect headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Robots-Tag: noindex, nofollow
Cache-Control: no-store
Location: https://s757079.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=757079&ref2=elqNone&tzo=600&ms=536&optin=disabled&elqCookie=1
Pragma: no-cache
X-Content-Type-Options: nosniff
Expires: -1
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Length: 268
X-Xss-Protection: 1; mode=block
Date: Thu, 10 Oct 2024 12:42:00 GMT
Content-Type: text/html; charset=utf-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LczTogeAAAAAA5eA9bXICZ0-6LDyr2C5kFjBakY&co=aHR0cHM6Ly93d3cuc2FuZ2Zvci5jb206NDQz&hl=en&v=aR-zv8WjtWx4lAw-tRCA-zca&size=invisible&cb=vljq0dcu40lx

Domain: td.doubleclick.net
URL: https://td.doubleclick.net/td/ga/rul?tid=G-21N5DLV7PF&gacid=1356314022.1728564116&gtm=45je4a70v894187644za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101529666~101671035~101686685&z=944713237

Domain: td.doubleclick.net
URL: https://td.doubleclick.net/td/rul/658559639?random=1728564116176&cv=11&fst=1728564116176&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a70v888876710z8834067541za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&npa=0&us_privacy=1YNY&pscdl=noapi&auid=792902792.1728564116&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config

Domain: td.doubleclick.net
URL: https://td.doubleclick.net/td/ga/rul?tid=G-SS797RGCZV&gacid=1356314022.1728564116&gtm=45be4a70v888876710z8834067541za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101671035~101686685&z=2107041512

Domain: td.doubleclick.net
URL: https://td.doubleclick.net/td/rul/11481739312?random=1728564116303&cv=11&fst=1728564116303&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a70v9176098020za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&did=dMDhkMT&gdid=dMDhkMT&npa=0&us_privacy=1YNY&pscdl=noapi&auid=792902792.1728564116&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config%3Bpage_placeholder%3DPLACEHOLDER_page_location

Verdicts & Comments Add Verdict or Comment

85 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.sangfor.com/	1970-01-21 02:19:00	Name: _gcl_au Value: 1.1.792902792.1728564116
.sangfor.com/	1970-01-21 00:10:50	Name: _gid Value: GA1.2.2064831874.1728564116
.sangfor.com/	1970-01-21 00:09:24	Name: _gat_gtag_UA_15510522_1 Value: 1
.sangfor.com/	1970-01-21 09:45:24	Name: _ga_21N5DLV7PF Value: GS1.1.1728564116.1.0.1728564116.60.0.0
.sangfor.com/	1970-01-21 09:45:24	Name: _ga Value: GA1.1.1356314022.1728564116
.sangfor.com/	1970-01-21 09:45:24	Name: _ga_SS797RGCZV Value: GS1.1.1728564116.1.0.1728564116.60.0.0
.sangfor.com/	1970-01-21 09:45:24	Name: _ga_NP5KMJMZXN Value: GS1.1.1728564116.1.0.1728564116.0.0.0
.sangfor.com/	1970-01-21 02:19:00	Name: _fbp Value: fb.1.1728564116685.653094016898712611
.linkedin.com/	1970-01-21 02:19:00	Name: li_sugr Value: 9f4e8546-5108-471d-9a6f-b5d18d057504
.linkedin.com/	1970-01-21 08:55:00	Name: bcookie Value: "v=2&6520a8bb-cacf-4a36-89ef-8d852efcfbb6"
.linkedin.com/	1970-01-21 00:10:50	Name: lidc Value: "b=VGST07:s=V:r=V:a=V:p=V:g=3076:u=1:x=1:i=1728564116:t=1728650516:v=2:sig=AQGqtgHCW_f4MSdCrb5fhECXfASKsoju"
.linkedin.com/	1970-01-21 00:52:36	Name: UserMatchHistory Value: AQIOieNTPqt03wAAAZJ2cz1qyeSHxb-PJKObIDuZQWcZtR2j7OaqtZq3z7yEzDc6GEekftk9159QLg
.linkedin.com/	1970-01-21 00:52:36	Name: AnalyticsSyncHistory Value: AQLs0931lpuZ_AAAAZJ2cz1q4VF2tSoYTEF885PxAM2gc2i3DC-V911BpQvaItuH-q7Qa9Ru5u9oYWkRoqmxNg
.www.linkedin.com/	1970-01-21 08:55:00	Name: bscookie Value: "v=1&2024101012415715b467b5-5d2c-4815-81d5-8ae7ddd971b1AQF2GArYnLRWK54A7DQy6Dm1xhSNu6XK"
.doubleclick.net/	1970-01-21 09:45:24	Name: IDE Value: AHWqTUmZmct14lC7LimV9vYTmpLF7QvZW6805qFKoR1zMUKg_LJZn-oIRhXizppq
.eloqua.com/	1970-01-21 09:39:42	Name: ELOQUA Value: GUID=0F94D41A3AEA4F0B885AA314F0A7DB85
.eloqua.com/	1970-01-21 09:39:42	Name: ELQSTATUS Value: OK

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://consent.cookiebot.com/uc.js(Line 1) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
connect.facebook.net
consent.cookiebot.com
consentcdn.cookiebot.com
download.sangfor.com.cn
googleads.g.doubleclick.net
images.sangfor.com
img06.en25.com
imgsct.cookiebot.com
ipapi.co
px.ads.linkedin.com
px4.ads.linkedin.com
s757079.t.eloqua.com
snap.licdn.com
stats.g.doubleclick.net
td.doubleclick.net
unpkg.com
wa.arounddeal.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.sangfor.com
td.doubleclick.net
www.google.com
13.107.42.14
142.250.80.36
142.251.40.194
172.217.165.131
192.29.201.57
2001:4860:4802:36::178
2001:4860:4802:36::181
216.239.36.178
23.201.179.45
23.44.201.9
2600:141b:1c00:16::17c4:309
2600:141b:1c00:2588::f09
2600:141b:1c00:258b::f09
2600:141b:1c00:6::17df:d120
2606:4700:20::681a:82c
2606:4700::6811:f5cb
2607:3f40:ff03::2e
2607:f8b0:4004:c19::9a
2607:f8b0:4006:81e::2002
2607:f8b0:4006:81e::2004
2607:f8b0:4006:81f::2008
2620:1ec:21::14
2a03:2880:f112:83:face:b00c:0:25de
2a04:4e42:200::645
31.13.71.7
69.164.193.241
01b80650d5df17eac7605ba1d5feac89fdba2a6496ceedf58ba0eb3ee5d8dbe9
049a620eeb9f38870ebbf2d23745063622e976a29ba6a9d0b5b94e1198116a31
06ce743b20589b234db2cc2522454e1c223ac51b5d3c53b575a71eb589bbff9e
0858f313cfc6ee260a58e3d9bf00bb20a53c216db64522d7e983944fa7729589
098fc51c00b27479bf9564ff913f642e836ac863b346c43819f09a80936ec0a5
0e7be44c483765ba40bdb8fb79142f703593f411ec138f8c258b025c46c583c0
125917e83a2fdc404792d691b5f572c72408a1fbc6bea8c8c5ea76efc952f8b5
14054a79120f273f1fe554b4d62296e779e36fa70da6f9a159919b533b808443
19ba61e585dc696f1222273bb4dea2f9ea0475e7e587fc41f09a9f6a5d0100e6
1ab18b6349502e2ff94ae18400f17f3e453a7f14dd3ba45f88751e78ddc47a0b
1c04a80bf1f07f432ebf3f677b015e854b58efd124649588ea04f136e3eb3554
1cff65058464ec1b9592c19c4975b4a46cd199c5d898ac7c2bc8ffe07abc9f52
1dae51845d58e1f038ca809955fa1f4a3b2114a05d9071a06ffe5f3e2d2dc816
1f4dbbfc4b3df6a58233c2c445e60cc56d51b9a0f9665e4a1a74fff425b3da62
221f8c9253e16004a0fc662867a8c9ca2f8626ee34643314be21511b500fd35d
23e4d60cfac088ba6eb24b76c0726eec2077c2f164c17f4e9906f43c3ac4d4ca
2632350150729e5432013ca98c01588c89c707f4dcf359076ce8b90cbf369dc3
284aa1609b16851463de01ab149eb88b09375632c13713e662e0830abddf8bec
2ef14706d7ea03c01ea58bc28980cd3c345b2814e38d9fa9051d3cccf245bbd8
300e0a19f0415d8cbbb83d10272bc792632f48175d9be777937bee14825e419b
30b0f26470c915ef09c50d127690c860685641df1f66409f0aec3d260186d388
3296993d4c40f08588706136c2e8000099ef27f4ca25225e5be6e65cf7917927
3346de8e2ae1bfde250c7ac5c06f79a0a60c7faef8e5e08a2c9e8fbf5ec2c9e8
36ca976922a5bc02835846fc4b6243e2f110320afe24279c3dc022d4df3c24a6
36ef1cf6246ce3d596a572d7b0e947a7088eefb1af6373f1a0669c9189a6728e
3c3b0fdb91418f8c6538ec2a686c6d49b619494effc576611c2ccdb1440e7b2b
41a49f5e2794f7440f5a4cca9a3384eeec0505922b2f21b6dfd1299bc275ef95
42fcc2e1fa91f2656f4fe39ab0ce936e6358d9ea1a3847baa4abaeb30fc6340e
43a82cd8f2c063b414db0ad551d1c7a2ec384f4347d300609e5b490b4c8c40a1
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
48ba1993011db4834882d81b2153753437607292f704a6543d4466c0f6d1372a
497ace3dbac9e77b7df5a742e2f9c3f78af938d622880fb8b87930d87429f3fb
4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da
4ef8764b15fc01e7dab43f9b379996e763ecee58df1115f69142d4db17194cbd
5a399207c12d45df8892cffc11528a6666e85d182999f90c97f654c1f7b4d5b5
5b34b175179a2b7207902dfb82f3bd5ddcecffed15372771abc7ac81941a89a6
5b63874935b493559810133aff35028591cd64ce758994e710d8347a4b0d401d
5e6e5066c2153c8e15f1bb3051b8dfd7dfd1e5b947a80e0ec16c266b5ab50369
5f75bfbfbf0c7cac2c87d6ca5de0661aedc188b0900b6cef5efbaea134b53302
60df6999405b8e3907c141cf4fb76812e272d0890b9e759ea66d1343cfaa20dd
63b453b89d75749a81e7f18fb1cca757d22e400a69fce0c8e69a6042c9cc15f8
6429cc091657f28263cd4c1d129eba97e8f1abccdc40a488d7ffb70a7146f7c5
65caebd5a0a65049f5509277b50ec0b57e5b087c08ca8ba7c65e2a4643f7a08a
6737f2f0ac1fb89f6a3f645062d8f504cd5f78fefff2be86ae82bc544de8fa24
6879f6200421154baabd4682320d1a1ff600830520ff73697f61c1c8759a6a3f
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6e0170382d3f256542b6c8142434ace9fe7821d68a10d0be5c4c1e75d4537f76
6e8ea35cfdff4770e3e0d3c98e9e78f8818f4c5f44561274dca027fd1e3fe41b
6f307488b9e08af53ad97dfb42923a1a9cfb937124c976933a7421ee8ae065ba
6fbbf1e444fd365c5c0d4c96461eee486e5a33784b3f199d92fe69567e932770
6fe067bf4e83889b5dc2d32f88835854a7e5ee95fec799ba1558a20cfb5e6f3a
71c4d85ab6e7bd8471cb0bed91b04311f338dddd2aa3827f0c4790e8b7b53d0e
734190fa5b8be45729201c5b52530a9beab034b5e6cfb05dc2010ee17836f9f8
7434fc40a30edaa357cb3873be0c68e0e6ac7bce734c4b3a458368d0865d9205
76383787d84ba9588f39fa845cfd80b0d645719f3f9ac32be4fc92b18b1d148c
791039d1e1d70d879ee2f7f5b818d2e8207cd99f6b5655b11db8c9a4c8b9c907
8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979
818f9cbde752ad72e51413c9230dd1526c1f6ea916c034d597d551ce979f831f
82254875473203cbd5e10c02ca9677baf7ab978a518f6b1cc6acc7a8b1872b63
83bd6fedd1fe68e130019dcc9ac407bc349c9f6f36874716c7e73be94dc9e462
873798cf5a9cc4cd81e7fc20017683455be4e1bbf14553aa56182e1f05a6bfd5
8c861ea0c6c43eb8839b5dcbb171bc584c342268fcb203ab9c45d339fd7f400e
90473a1a619e183dde264afd0632ecbaa69a98ce8a4ed8be947417e47a666670
981594ef005976afbfc3baae540d076a8c8622d9d768145b7152bedbbe5f81dc
9e337c7f8bc51113fb2f0eb2585f03a7b3b0588f3661a2f51c4025d4b17d2a40
a8342a4c16e3fddd19edb61bdf17e984a875a520d408e9ff24f989d8ee4b4021
a9794eb161a19e97283a6b27ad43932837f5638f85a3cf08cec9ef6a9cd9c721
a9bf963b9d0bae3bb16321a78843a2a1c46710754853cdaef07070cd0f194a52
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
aac00b0dd1b83a91bb40a96104b60a1a76bbf7887ecdc78f824a751533f8d9f6
acc56b2df173f77e03fbd422205fa16c2067e01f996313c37d301146f12d67cf
ad6b28fcc1ac0c9ab566c52d7bf180619d650c7ff71d12f2a96ae7bc872dcd59
b30b70e2067e407e427ac15a978091acb030d9b2db360ea2a3ce3eec6ef474e5
b8eb5aa49efc632c5ea4db0f1104d5f63448c63516704ca065c0fb5704129675
be368c6cd1967291003e3a8e60594c7fc9503c3f79815b318e4d5ea26e35768c
c0db478481c2f2dd767a0b11d2407e6466f3a833c14b219bc1311089b5e51ac9
c30e4b76b88aba11e97e78e219d797b895179efbc93b99dc9d6c440c0511b505
c7e56b6438ce7b0803d9c06b7ee1c8ce6db280dac58e0f8f56490336c2bec194
c8159ad6bb4d0a09d41a0bee72d4c486b2cc7ceffaa82f9c098ec9240a03da28
cc639c62a725f411cbfa123171585ae887e67acbfc7cec1aadb033eeb4c998a1
cedb71958c703923a2df24aff20e6250b7d506e60c5f8931f5f4a82ff3f8cef4
d8a957038679125d4840554fc43375697e662283121561afdefc2c3fbecaf729
dd33484b1c193c68f5616a406865d1754ca67353899a46ce65400470a7dd084c
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e330e88cfde4c7a57f4d632e5a7048dd403692f0315a7a19371bfd3b8d13af65
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e663d66e26118cb62dd98ecabe4cca90d7f8a4d0d5fb8e3d38d6abd614120ec0
e96f4f4298c7d1a94f2fd78ad214ecc6bdfbc7632c1e4927e8c32b29914fdaed
eafbdcc4eab9ccd535cebb16f2f960eecc341496cc3edede446bf5d90321660b
eb17ae77c47f2c2a9de2cd375b8d511361d6bcc009b1069e32b5ab0aaf8a8cff
ebaccbb59ffac8f54448f61dae2a3cca80036be36348f2e116d25056d83a7e76
ec1637554b155c6bec0d5c076d76866f2e584c17d2dbd4c55f7cc13c6477b210
ee4fab2ab809e4d56d1d103ec66b27ef7a8668139eb428620a2c816a9d7ccef6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
effa68298eeabf7434140c33108e997e9ac91a3d03d81398cdf471172ee50a7c
f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab
f66f3eb40dc841ff138652d06134d9532130782bf247dd3c4e0d1709b29839f6
fbb8fad500a2857ce80ec8fb10d2d9bcf96becf86d9cbafad061aceae07c2f53

www.sangfor.com Open in urlscan Pro 2a04:4e42:200::645 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

131 Requests

95 %HTTPS

62 %IPv6

17 Domains

25 Subdomains

27 IPs

3 Countries

3142 kBTransfer

7680 kBSize

17 Cookies

40 Outgoing links

Redirected requests

131 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.sangfor.com Open in urlscan Pro
2a04:4e42:200::645 Public Scan

Screenshot
Live screenshot

Full Image

131
Requests

95 %
HTTPS

62 %
IPv6

17
Domains

25
Subdomains

27
IPs

3
Countries

3142 kB
Transfer

7680 kB
Size

17
Cookies

131 HTTP transactions
3 data transactions