www.cybereason.com Open in urlscan Pro
199.60.103.226 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://meetings.cybereason.com/api/mailings/click/PMRGSZBCHIYTONRYGU3TILBCOVZGYIR2EJUHI5DQOM5C6L3XO53S4Y3ZMJSXEZLBONXW4LTDN5WS6...
Effective URL:
https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Submission: On May 17 via api (May 17th 2021, 1:11:54 pm UTC) from US

Summary HTTP 261 Redirects Links 36 Behaviour Indicators

Summary

This website contacted 69 IPs in 6 countries across 49 domains to perform 261 HTTP transactions. The main IP is 199.60.103.226, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.cybereason.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 16th 2020. Valid for: a year.

This is the only time www.cybereason.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	54.82.204.38 54.82.204.38	14618 (AMAZON-AES) (AMAZON-AES)
46	199.60.103.226 199.60.103.226	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
9	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba2a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:2800:233... 2606:2800:233:66b5:799a:7cd3:f74d:7071	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6811:f3cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2a04:4e42:1b:... 2a04:4e42:1b::622	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f03... 2a03:2880:f030:13:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2606:2800:234... 2606:2800:234:46c:e8b:1e2f:2bd:694	15133 (EDGECAST) (EDGECAST)
1	2a02:26f0:6c0... 2a02:26f0:6c00:28d::19fd	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2.16.186.18 2.16.186.18	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	104.244.42.200 104.244.42.200	13414 (TWITTER) (TWITTER)
1	2606:4700::68... 2606:4700::6811:e7cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:15bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:44b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:72b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:c9cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:400c:c0c::9b	15169 (GOOGLE) (GOOGLE)
2 6	2a00:1450:400... 2a00:1450:4001:80e::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
3	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:6c0... 2a02:26f0:6c00:295::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3 6	172.217.16.134 172.217.16.134	15169 (GOOGLE) (GOOGLE)
1	13.224.95.99 13.224.95.99	16509 (AMAZON-02) (AMAZON-02)
2	151.101.113.140 151.101.113.140	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6810:650c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:d6cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	163.171.128.148 163.171.128.148	54994 (QUANTILNE...) (QUANTILNETWORKS)
1	35.244.142.80 35.244.142.80	15169 (GOOGLE) (GOOGLE)
1	178.79.227.167 178.79.227.167	22822 (LLNW) (LLNW)
3	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
67	13.224.95.104 13.224.95.104	16509 (AMAZON-02) (AMAZON-02)
1	3.220.33.83 3.220.33.83	14618 (AMAZON-AES) (AMAZON-AES)
1	13.224.193.53 13.224.193.53	16509 (AMAZON-02) (AMAZON-02)
2 2	2620:119:50e6... 2620:119:50e6:101::6cae:b05	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
1	54.86.117.43 54.86.117.43	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0a::9c	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
2 5	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	206.19.49.24 206.19.49.24	17225 (ATT-CERFN...) (ATT-CERFNET-BLOCK)
2	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f13... 2a03:2880:f130:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	13.224.95.61 13.224.95.61	16509 (AMAZON-02) (AMAZON-02)
2	66.155.71.25 66.155.71.25	13768 (COGECO-PEER1) (COGECO-PEER1)
1	13.32.25.16 13.32.25.16	16509 (AMAZON-02) (AMAZON-02)
2 2	52.49.40.147 52.49.40.147	16509 (AMAZON-02) (AMAZON-02)
1 2	13.224.95.88 13.224.95.88	16509 (AMAZON-02) (AMAZON-02)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	13.224.95.74 13.224.95.74	16509 (AMAZON-02) (AMAZON-02)
8	34.193.113.164 34.193.113.164	14618 (AMAZON-AES) (AMAZON-AES)
1	13.224.95.48 13.224.95.48	16509 (AMAZON-02) (AMAZON-02)
9	50.16.7.188 50.16.7.188	14618 (AMAZON-AES) (AMAZON-AES)
2	54.145.60.34 54.145.60.34	14618 (AMAZON-AES) (AMAZON-AES)
1	2a04:4e42:1b:... 2a04:4e42:1b::720	54113 (FASTLY) (FASTLY)
2	34.236.95.28 34.236.95.28	14618 (AMAZON-AES) (AMAZON-AES)
261	69

1 54.82.204.38 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-82-204-38.compute-1.amazonaws.com

meetings.cybereason.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

46 199.60.103.226 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.cybereason.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a02:26f0:6c00::210:ba2a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:f3cc (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a04:4e42:1b::622 (United States)

ASN54113 (FASTLY, US)

fast.wistia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fast.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f030:13:face:b00c:0:3 (France)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:46c:e8b:1e2f:2bd:694 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:28d::19fd (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.16.186.18 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-18.deploy.static.akamaitechnologies.com

embedwistia-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.200 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e7cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:15bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:44b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:72b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:c9cc (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0c::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80e::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:295::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.217.16.134 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f6.1e100.net

10272547.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
10428681.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.95.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-95-99.zrh50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.113.140 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:650c (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d6cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 163.171.128.148 (Germany)

ASN54994 (QUANTILNETWORKS, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.142.80 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 80.142.244.35.bc.googleusercontent.com

cdn.pdst.fm	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.79.227.167 (United States)

ASN22822 (LLNW, US)
PTR: https-178-79-227-167.vie.llnw.net

up.pixel.ad	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

67 13.224.95.104 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-95-104.zrh50.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.220.33.83 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-220-33-83.compute-1.amazonaws.com

lltrck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.193.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-53.fra2.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e6:101::6cae:b05 (United States) 2 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.86.117.43 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-86-117-43.compute-1.amazonaws.com

distillery.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0a::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 206.19.49.24 (United States)

ASN17225 (ATT-CERFNET-BLOCK, US)

apt.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f130:83:face:b00c:0:25de (France)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.95.61 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-95-61.zrh50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.155.71.25 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)

pixel.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.25.16 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-25-16.fra56.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.49.40.147 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-40-147.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.95.88 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-224-95-88.zrh50.r.cloudfront.net

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.95.74 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-95-74.zrh50.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.193.113.164 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-193-113-164.compute-1.amazonaws.com

metrics.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
flow.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.95.48 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-95-48.zrh50.r.cloudfront.net

embeds.driftcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 50.16.7.188 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-7-188.compute-1.amazonaws.com

customer.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
bootstrap.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
targeting.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.145.60.34 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-145-60-34.compute-1.amazonaws.com

event.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:1b::720 (United States)

ASN54113 (FASTLY, US)

driftt.imgix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.236.95.28 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-236-95-28.compute-1.amazonaws.com

fg8vvsvnieiv3ej16jby.litix.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
67	driftt.com js.driftt.com	739 KB
47	cybereason.com 1 redirects meetings.cybereason.com www.cybereason.com	1 MB
19	drift.com metrics.api.drift.com customer.api.drift.com bootstrap.api.drift.com targeting.api.drift.com event.api.drift.com flow.api.drift.com	5 KB
14	gstatic.com fonts.gstatic.com	240 KB
13	doubleclick.net 5 redirects stats.g.doubleclick.net 10272547.fls.doubleclick.net 10428681.fls.doubleclick.net googleads.g.doubleclick.net	4 KB
10	google.com 2 redirects www.google.com analytics.google.com adservice.google.com	1 KB
10	typekit.net use.typekit.net p.typekit.net	143 KB
9	google.de www.google.de adservice.google.de	997 B
9	wistia.com fast.wistia.com distillery.wistia.com	374 KB
5	googleapis.com fonts.googleapis.com	5 KB
5	linkedin.com 3 redirects platform.linkedin.com px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	57 KB
4	google-analytics.com www.google-analytics.com	19 KB
4	twitter.com platform.twitter.com syndication.twitter.com analytics.twitter.com	133 KB
4	facebook.net connect.facebook.net	161 KB
3	company-target.com 1 redirects api.company-target.com segments.company-target.com	2 KB
3	mathtag.com pixel.mathtag.com	2 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	61 KB
3	bing.com bat.bing.com	9 KB
3	googleadservices.com www.googleadservices.com	17 KB
2	litix.io fg8vvsvnieiv3ej16jby.litix.io	172 B
2	bidr.io 2 redirects match.prod.bidr.io	1019 B
2	sitescout.com pixel.sitescout.com	267 B
2	facebook.com www.facebook.com	369 B
2	techtarget.com trk.techtarget.com apt.techtarget.com	3 KB
2	licdn.com snap.licdn.com	4 KB
2	hubspot.com track.hubspot.com forms.hubspot.com	890 B
2	googletagmanager.com www.googletagmanager.com	117 KB
2	akamaihd.net embedwistia-a.akamaihd.net	274 KB
2	cloudflare.com cdnjs.cloudflare.com	11 KB
1	imgix.net driftt.imgix.net	11 KB
1	driftcdn.com embeds.driftcdn.com	11 KB
1	rlcdn.com id.rlcdn.com	66 B
1	reddit.com alb.reddit.com	125 B
1	t.co t.co	455 B
1	demandbase.com tag.demandbase.com	17 KB
1	lltrck.com lltrck.com
1	pixel.ad up.pixel.ad	1 KB
1	pdst.fm cdn.pdst.fm	6 KB
1	hs-scripts.com js.hs-scripts.com	700 B
1	zoominfo.com ws.zoominfo.com	611 B
1	redditstatic.com www.redditstatic.com	7 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	hubapi.com api.hubapi.com	923 B
1	hsadspixel.net js.hsadspixel.net	3 KB
1	hs-analytics.net js.hs-analytics.net	19 KB
1	hs-banner.com js.hs-banner.com	14 KB
1	hsleadflows.net js.hsleadflows.net	79 KB
1	wistia.net fast.wistia.net
1	hubspot.net cdn2.hubspot.net	2 KB
261	49

	Domain	Requested by
67	js.driftt.com	www.cybereason.com js.driftt.com
46	www.cybereason.com	www.cybereason.com
14	fonts.gstatic.com	fonts.googleapis.com
9	use.typekit.net	www.cybereason.com
8	fast.wistia.com	www.cybereason.com fast.wistia.com www.googletagmanager.com
7	www.google.de
6	targeting.api.drift.com	js.driftt.com
6	metrics.api.drift.com	js.driftt.com
6	www.google.com	2 redirects
5	fonts.googleapis.com	www.cybereason.com js.driftt.com
4	googleads.g.doubleclick.net	2 redirects www.googleadservices.com
4	10272547.fls.doubleclick.net	2 redirects www.googletagmanager.com
4	www.google-analytics.com	www.cybereason.com www.google-analytics.com
4	connect.facebook.net	www.cybereason.com connect.facebook.net
3	adservice.google.com	10272547.fls.doubleclick.net 10428681.fls.doubleclick.net
3	pixel.mathtag.com	www.googletagmanager.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com
3	www.googleadservices.com	www.googletagmanager.com www.googleadservices.com
3	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
2	fg8vvsvnieiv3ej16jby.litix.io	fast.wistia.com
2	flow.api.drift.com	js.driftt.com
2	event.api.drift.com	js.driftt.com
2	customer.api.drift.com	js.driftt.com
2	segments.company-target.com	1 redirects
2	match.prod.bidr.io	2 redirects
2	pixel.sitescout.com	www.cybereason.com
2	www.facebook.com	connect.facebook.net
2	adservice.google.de	adservice.google.com
2	px.ads.linkedin.com	2 redirects
2	10428681.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	snap.licdn.com	www.googletagmanager.com js.hsadspixel.net
2	www.googletagmanager.com	www.cybereason.com www.googletagmanager.com
2	embedwistia-a.akamaihd.net	www.cybereason.com
2	platform.twitter.com	www.cybereason.com platform.twitter.com
2	cdnjs.cloudflare.com	www.cybereason.com
1	driftt.imgix.net	js.driftt.com
1	bootstrap.api.drift.com	js.driftt.com
1	embeds.driftcdn.com	js.driftt.com
1	vars.hotjar.com	static.hotjar.com
1	id.rlcdn.com
1	api.company-target.com	tag.demandbase.com
1	script.hotjar.com	static.hotjar.com
1	apt.techtarget.com
1	alb.reddit.com
1	t.co
1	analytics.twitter.com	static.ads-twitter.com
1	analytics.google.com	www.googletagmanager.com
1	distillery.wistia.com	fast.wistia.com
1	px4.ads.linkedin.com
1	www.linkedin.com	1 redirects
1	tag.demandbase.com	www.cybereason.com
1	lltrck.com	www.cybereason.com
1	up.pixel.ad	www.googletagmanager.com
1	cdn.pdst.fm	www.cybereason.com
1	trk.techtarget.com	www.cybereason.com
1	js.hs-scripts.com	www.googletagmanager.com
1	ws.zoominfo.com	www.cybereason.com
1	www.redditstatic.com	www.googletagmanager.com
1	static.hotjar.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	forms.hubspot.com	js.hsleadflows.net
1	track.hubspot.com
1	api.hubapi.com	js.hsadspixel.net
1	js.hsadspixel.net	www.cybereason.com
1	js.hs-analytics.net	www.cybereason.com
1	js.hs-banner.com	www.cybereason.com
1	js.hsleadflows.net	www.cybereason.com
1	syndication.twitter.com	platform.twitter.com
1	p.typekit.net	www.cybereason.com
1	fast.wistia.net	www.cybereason.com
1	cdn2.hubspot.net	www.cybereason.com
1	platform.linkedin.com	www.cybereason.com
1	meetings.cybereason.com	1 redirects
261	73

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.facebook.com
www.linkedin.com
www.israeldefense.co.il
statescoop.com
www.bbc.com
lolbas-project.github.io
en.wikipedia.org
nest.cybereason.com
attack.mitre.org
il.linkedin.com
www.youtube.com
www.instagram.com

Subject Issuer	Validity	Valid
www.cybereason.com Cloudflare Inc ECC CA-3	`2020-08-16` - `2021-08-16`	a year	crt.sh
use.typekit.net DigiCert SHA2 Secure Server CA	`2020-01-28` - `2022-02-01`	2 years	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2019-10-10` - `2021-10-14`	2 years	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2020-07-03` - `2021-07-03`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-10-21` - `2021-10-20`	a year	crt.sh
fast.wistia.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh
fast.wistia.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-04-06` - `2021-07-03`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
*.typekit.net DigiCert SHA2 Secure Server CA	`2019-12-06` - `2021-12-10`	2 years	crt.sh
a248.e.akamai.net DigiCert Secure Site ECC CA-1	`2020-07-15` - `2021-09-13`	a year	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2020-07-03` - `2021-07-03`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2020-07-27` - `2021-07-27`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-04-30` - `2022-05-11`	a year	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2021-04-12` - `2021-10-12`	6 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.hotjar.com Amazon	`2020-12-25` - `2022-01-23`	a year	crt.sh
www.redditstatic.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-08` - `2021-07-06`	6 months	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2020-07-04` - `2021-07-04`	a year	crt.sh
trk.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2020-02-17` - `2022-05-17`	2 years	crt.sh
cdn.pdst.fm GTS CA 1D4	`2021-05-01` - `2021-07-30`	3 months	crt.sh
*.pixel.ad RapidSSL RSA CA 2018	`2020-01-15` - `2022-02-02`	2 years	crt.sh
pixel.mathtag.com DigiCert SHA2 Secure Server CA	`2020-04-15` - `2021-07-15`	a year	crt.sh
drift.com Amazon	`2020-09-21` - `2021-10-23`	a year	crt.sh
lltrck.com Go Daddy Secure Certificate Authority - G2	`2020-09-23` - `2021-09-23`	a year	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2020-10-14` - `2021-11-15`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-04-15` - `2021-10-15`	6 months	crt.sh
*.wistia.com Amazon	`2021-04-01` - `2022-04-30`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-08` - `2021-07-06`	6 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2019-10-25` - `2021-10-24`	2 years	crt.sh
*.sitescout.com RapidSSL RSA CA 2018	`2020-01-15` - `2022-02-02`	2 years	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2020-10-09` - `2021-10-28`	a year	crt.sh
*.company-target.com Go Daddy Secure Certificate Authority - G2	`2019-06-19` - `2021-08-18`	2 years	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.driftcdn.com Amazon	`2021-03-12` - `2022-04-10`	a year	crt.sh
imgix.map.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-08-06` - `2021-08-07`	a year	crt.sh
*.litix.io Amazon	`2020-11-27` - `2021-12-26`	a year	crt.sh

This page contains 13 frames:

Primary Page: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Frame ID: 84D8B5115E925279E10BE588AD1082FD
Requests: 158 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fwww.cybereason.com
Frame ID: 89A6AFCFD822D6B04A934B3B1ED6B2E1
Requests: 2 HTTP requests in this frame

Frame: https://10272547.fls.doubleclick.net/activityi;dc_pre=CLnw16rl0PACFU8QBgAdN6EO8g;src=10272547;type=landing;cat=allsite;ord=8891239052184;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware
Frame ID: 25DC37782BAB80C5C7678124BCF5FCDE
Requests: 1 HTTP requests in this frame

Frame: https://10428681.fls.doubleclick.net/activityi;dc_pre=CNHO2Krl0PACFegHBgAdMHMJ9A;src=10428681;type=cyber0;cat=cyber0;ord=6416287869040;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware
Frame ID: A9993C07D8806261620BCAF16D8F9A15
Requests: 1 HTTP requests in this frame

Frame: https://10272547.fls.doubleclick.net/activityi;dc_pre=COf32qrl0PACFewbBgAddGgJdA;src=10272547;type=landing;cat=darkblog;ord=4207548206808;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware
Frame ID: 62EFAE356A3142260849665C94D1DE31
Requests: 2 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CLnw16rl0PACFU8QBgAdN6EO8g;src=10272547;type=landing;cat=allsite;ord=8891239052184;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware
Frame ID: 177D2318DBBB7C91D48AE4FF4F03A26A
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CNHO2Krl0PACFegHBgAdMHMJ9A;src=10428681;type=cyber0;cat=cyber0;ord=6416287869040;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware
Frame ID: D27B0409025F8BD8E9554864F68C1F9F
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=CLnw16rl0PACFU8QBgAdN6EO8g;src=10272547;type=landing;cat=allsite;ord=8891239052184;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware
Frame ID: 3AF9362E2036BD4711FC41502E4DEF2F
Requests: 1 HTTP requests in this frame

Frame: https://pixel.sitescout.com/dmp/asyncPixelSync
Frame ID: 5620F118E102F3F2B3C35B0E79FFC738
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=CNHO2Krl0PACFegHBgAdMHMJ9A;src=10428681;type=cyber0;cat=cyber0;ord=6416287869040;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware
Frame ID: B7C71E3B523FA95A0A30FF2C7EA3FCC1
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-5e3cec51ed8e99df6977c199d27812d7.html
Frame ID: A5144087E97C097FB86F80D4870A6EA5
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
Frame ID: C5F7DB819280BFE88FBBEC132B6EFC68
Requests: 41 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat
Frame ID: 147D7CC1D3EADCB69806A5CC2078E191
Requests: 42 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://meetings.cybereason.com/api/mailings/click/PMRGSZBCHIYTONRYGU3TILBCOVZGYIR2EJUHI5DQOM5C6L3XO53S4Y3ZM... HTTP 302
https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/platform\.twitter\.com\/widgets\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

261
Requests

100 %
HTTPS

54 %
IPv6

49
Domains

73
Subdomains

69
IPs

6
Countries

3805 kB
Transfer

9576 kB
Size

6
Cookies

36 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/intent/tweet?original_referer=https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware&utm_medium=social&utm_source=twitter&url=https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware&utm_medium=social&utm_source=twitter&source=tweetbutton&text=
Title:

Search URL Search Domain Scan URL

URL: http://www.facebook.com/share.php?u=https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware&utm_medium=social&utm_source=facebook
Title:

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware&utm_medium=social&utm_source=linkedin
Title:

Search URL Search Domain Scan URL

URL: https://www.israeldefense.co.il/en/node/48908
Title: fastest encryption speed on the market

Search URL Search Domain Scan URL

URL: https://twitter.com/3xp0rtblog/status/1369727242562134017
Title: affiliates program

Search URL Search Domain Scan URL

URL: https://statescoop.com/maze-ransomware-attackers-leak-data-stolen-from-suburban-washington-schools/
Title: suburban Washington schools

Search URL Search Domain Scan URL

URL: https://www.bbc.com/news/technology-54591761
Title: The group even wrote

Search URL Search Domain Scan URL

URL: https://lolbas-project.github.io/lolbas/Binaries/Certutil/
Title: abusing Certutil.exe

Search URL Search Domain Scan URL

URL: https://lolbas-project.github.io/lolbas/Binaries/Bitsadmin/
Title: Bitsadmin.exe

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Security_Account_Manager
Title: SAM hive

Search URL Search Domain Scan URL

URL: https://nest.cybereason.com/documentation/product-documentation/190/anti-ransomware-settings#set-protection-mode
Title: more information for customers can be found here

Search URL Search Domain Scan URL

URL: https://nest.cybereason.com/documentation/product-documentation/190/anti-malware-settings
Title: more information can be found here

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1080/
Title: Taint Shared Content

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1059/001/
Title: Command and Scripting Interpreter: PowerShell

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1053/
Title: Scheduled Task/Job

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1140/
Title: Deobfuscate / Decode Files or Information

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1555/
Title: Credentials from Password Stores

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1087
Title: Account Discovery

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1043
Title: Commonly Used Port

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1486/
Title: Data Encrypted for Impact

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1036
Title: Masquerading

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1082/
Title: System Information Discovery

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1105
Title: Remote File Copy

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1489/
Title: Service Stop

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1083/
Title: File and Directory Discovery

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1071
Title: Standard Application Layer Protocol

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1057
Title: Process Discovery

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1105/
Title: Ingress Tool Transfer

Search URL Search Domain Scan URL

URL: https://il.linkedin.com/in/lior-rochberger

Search URL Search Domain Scan URL

URL: https://twitter.com/lior_rochberger

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cybereason
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/cr_nocturnus
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Cybereason/

Search URL Search Domain Scan URL

URL: https://twitter.com/cybereason

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCOm7AaB0HiNH4Phe66sK0Ew

Search URL Search Domain Scan URL

URL: https://www.instagram.com/cybereason

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://meetings.cybereason.com/api/mailings/click/PMRGSZBCHIYTONRYGU3TILBCOVZGYIR2EJUHI5DQOM5C6L3XO53S4Y3ZMJSXEZLBONXW4LTDN5WS6YTMN5TS6Y3ZMJSXEZLBONXW4LLWOMWWIYLSNNZWSZDFFVZGC3TTN5WXOYLSMURCYITPOJTSEORCGIZDMZRWHA2WCLJTG43DALJUGY3DSLJYMFSDQLJRMZRDQNBQGU4WKN3CGIRCYITWMVZHG2LPNYRDUIRUEIWCE43JM4RDUISQJEZVQTSNGBWG2SJVOF2GIZJNGJHGURSKNFEEMOD2ORBGU4LLGRQXUY3SGBNGCMRQORET2IT5 HTTP 302
https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 107

https://10272547.fls.doubleclick.net/activityi;src=10272547;type=landing;cat=allsite;ord=8891239052184;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware HTTP 302
https://10272547.fls.doubleclick.net/activityi;dc_pre=CLnw16rl0PACFU8QBgAdN6EO8g;src=10272547;type=landing;cat=allsite;ord=8891239052184;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware

Request Chain 110

https://10428681.fls.doubleclick.net/activityi;src=10428681;type=cyber0;cat=cyber0;ord=6416287869040;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware HTTP 302
https://10428681.fls.doubleclick.net/activityi;dc_pre=CNHO2Krl0PACFegHBgAdMHMJ9A;src=10428681;type=cyber0;cat=cyber0;ord=6416287869040;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware

Request Chain 111

https://10272547.fls.doubleclick.net/activityi;src=10272547;type=landing;cat=darkblog;ord=4207548206808;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware HTTP 302
https://10272547.fls.doubleclick.net/activityi;dc_pre=COf32qrl0PACFewbBgAddGgJdA;src=10272547;type=landing;cat=darkblog;ord=4207548206808;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware

Request Chain 123

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=72596&time=1621257096679&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D72596%26time%3D1621257096679%26url%3Dhttps%253A%252F%252Fwww.cybereason.com%252Fblog%252Fcybereason-vs-darkside-ransomware%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=72596&time=1621257096679&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=72596&time=1621257096679&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&liSync=true&e_ipv6=AQL0MreH2dlvBgAAAXl6dA-YOJeGuu4hXWrQBHMw9vN0UWHMHAozffnPsvsZWv8WB4FdaXrZ

Request Chain 149

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/934771702/?random=249174163&cv=9&fst=1621257096759&num=1&value=0&label=fA-8CL7ah5MCEPb33b0D&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg5c1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&tiba=Cybereason%20vs.%20DarkSide%20Ransomware&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=iGuiYJ3SL5nagQeViYCwBA&sscte=1&crd=&eitems=ChEI8KiIhQYQ_YPW3eLl0JfVARIdAD07NIuEr_LlbIcr_pyIAW7AVlJRm7ZxZfnaYCs HTTP 302
https://www.google.com/pagead/1p-conversion/934771702/?random=249174163&cv=9&fst=1621257096759&num=1&value=0&label=fA-8CL7ah5MCEPb33b0D&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg5c1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&tiba=Cybereason%20vs.%20DarkSide%20Ransomware&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=iGuiYJ3SL5nagQeViYCwBA&cid=CAQSKQCNIrLMVTUKQCs316x0d-5RrwWZiTsZ58KKYBYUZBfCLQY7TjvUc7KJ&eitems=ChEI8KiIhQYQ_YPW3eLl0JfVARIdAD07NIvfHVjg6h0ZzciArxVvlGYy6OxCP3x-tlI&random=3413197055&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/934771702/?random=249174163&cv=9&fst=1621257096759&num=1&value=0&label=fA-8CL7ah5MCEPb33b0D&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg5c1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&tiba=Cybereason%20vs.%20DarkSide%20Ransomware&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=iGuiYJ3SL5nagQeViYCwBA&cid=CAQSKQCNIrLMVTUKQCs316x0d-5RrwWZiTsZ58KKYBYUZBfCLQY7TjvUc7KJ&eitems=ChEI8KiIhQYQ_YPW3eLl0JfVARIdAD07NIvfHVjg6h0ZzciArxVvlGYy6OxCP3x-tlI&random=3413197055&resp=GooglemKTybQhCsO&ipr=y

Request Chain 150

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/401574070/?random=1258896289&cv=9&fst=1621257096739&num=1&value=0&label=6wPaCOv09oACELaRvr8B&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg5c1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&tiba=Cybereason%20vs.%20DarkSide%20Ransomware&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=iGuiYPnRL9KngQeD-YigCg&sscte=1&crd=&eitems=ChEI8KiIhQYQ_YPW3eLl0JfVARIdAD07NIs5Gwx_hmb9FpzuzfkYKAWtAd79gdHBw7Y HTTP 302
https://www.google.com/pagead/1p-conversion/401574070/?random=1258896289&cv=9&fst=1621257096739&num=1&value=0&label=6wPaCOv09oACELaRvr8B&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg5c1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&tiba=Cybereason%20vs.%20DarkSide%20Ransomware&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=iGuiYPnRL9KngQeD-YigCg&cid=CAQSKQCNIrLMe6S9hxdciSsHomn3Y5CrtSg6B1N8T-u671jV3B7XEtjZx6-a&eitems=ChEI8KiIhQYQ_YPW3eLl0JfVARIdAD07NItltsio2lHUHyq4Tba2k5vu17FEv0g01JM&random=1560583430&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/401574070/?random=1258896289&cv=9&fst=1621257096739&num=1&value=0&label=6wPaCOv09oACELaRvr8B&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg5c1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&tiba=Cybereason%20vs.%20DarkSide%20Ransomware&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=iGuiYPnRL9KngQeD-YigCg&cid=CAQSKQCNIrLMe6S9hxdciSsHomn3Y5CrtSg6B1N8T-u671jV3B7XEtjZx6-a&eitems=ChEI8KiIhQYQ_YPW3eLl0JfVARIdAD07NItltsio2lHUHyq4Tba2k5vu17FEv0g01JM&random=1560583430&resp=GooglemKTybQhCsO&ipr=y

Request Chain 155

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AACUCE7BRNcAACr7HSShXw HTTP 303
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AACUCE7BRNcAACr7HSShXw&verifyHash=66f04893332a1c0843ff8b4eb8bb72629d006ea5

261 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request cybereason-vs-darkside-ransomware Show response
www.cybereason.com/blog/
Redirect Chain

https://meetings.cybereason.com/api/mailings/click/PMRGSZBCHIYTONRYGU3TILBCOVZGYIR2EJUHI5DQOM5C6L3XO53S4Y3ZMJSXEZLBONXW4LTDN5WS6YTMN5TS6Y3ZMJSXEZLBONXW4LLWOMWWIYLSNNZWSZDFFVZGC3TTN5WXOYLSMURCYITPOJ...
https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware

80 KB
17 KB

86ms
47ms

Document
text/html

199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / HubSpot

Resource Hash

0a01ccc74b123f12168bc8ea47d9ca1de16c4e3c5916017177efcfc661dcb6ee

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=0

Request headers

:method: GET
:authority: www.cybereason.com
:scheme: https
:path: /blog/cybereason-vs-darkside-ransomware
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:35 GMT
content-type: text/html; charset=UTF-8
cache-control: s-maxage=10800, max-age=0
etag: W/"37b79798de6f347f92d3b3770ae904fe"
last-modified: Mon, 17 May 2021 12:10:47 GMT
link: </hs/hsstatic/HubspotToolsMenu/static-1.103/js/index.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.27/bundles/project.js>; rel=preload; as=script
strict-transport-security: max-age=0
cf-cache-status: HIT
cache-tag: CT-44194973264,CG-5272851739,P-3354902,L-42870461961,CW-34473990280,CW-41681847227,CW-41682410610,CW-42867014566,CW-43300360745,CW-44252461159,E-34470223313,E-34470224480,E-34470477360,E-35275979682,E-35291999472,E-42363645447,E-42507089303,E-42507091846,E-42760289143,PGS-ALL,SW-0,GC-36042052587
content-security-policy: upgrade-insecure-requests
edge-cache-tag: CT-44194973264,CG-5272851739,P-3354902,L-42870461961,CW-34473990280,CW-41681847227,CW-41682410610,CW-42867014566,CW-43300360745,CW-44252461159,E-34470223313,E-34470224480,E-34470477360,E-35275979682,E-35291999472,E-42363645447,E-42507089303,E-42507091846,E-42760289143,PGS-ALL,SW-0,GC-36042052587
referrer-policy: no-referrer-when-downgrade
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-combine-css: Disabled
x-hs-content-campaign-id: 713f7bc1-34fa-492d-bc53-37511afa2db0
x-hs-content-id: 44194973264
x-hs-hub-id: 3354902
x-powered-by: HubSpot
cf-request-id: 0a1c0d206e00004c4af23b5000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=p8s4XSVeG3JFCZbfyVkFGzOW8D7WqcFV223BGj0Or1hbmmv4IGl5mY2cesVQCZYhS7CiuFQBG48zFbkXCvEkXepw1gjpsHPdsFbYD%2FUBpvYj9RE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
set-cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095; path=/; domain=.www.cybereason.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 650d17ad7bbf4c4a-AMS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-h2-pushed: </hs/hsstatic/HubspotToolsMenu/static-1.103/js/index.js>,</hs/hsstatic/cos-i18n/static-1.27/bundles/project.js>

Redirect headers

date: Mon, 17 May 2021 13:11:35 GMT
content-type: text/html; charset=utf-8
content-length: 88
location: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3-29 200 index.js Show response
www.cybereason.com/hs/hsstatic/HubspotToolsMenu/static-1.103/js/ 51 KB
19 KB 69ms
45ms Script
application/javascript 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cybereason.com/hs/hsstatic/HubspotToolsMenu/static-1.103/js/index.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4a38b04932e2ad77d85997f5cef0de384ecc1bb0b854cf619cb32501158692e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:path: /hs/hsstatic/HubspotToolsMenu/static-1.103/js/index.js
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 d04998a67c7a3fb6819bd5fdd0bbe125.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 262391
x-amz-server-side-encryption: AES256
cf-ray: 650d17adf9334bfa-AMS
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1c0d20ba00004bfa44b7d000000001
last-modified: Fri, 14 May 2021 12:13:32 GMT
server: cloudflare
etag: W/"006946e614d6ef469f5c9e46b4836d15"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=CfbUWwKB7eAOfwlUoIoK54FybiFSRu4ESAt%2FwM72pQIoa3lEzndR710Vo4QHbMvf5hU25m1p65KbS8sQd1lebBK6ax5rj0GqVHBvZuZjAd%2FUnTg%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: NS5brkaR0OO1ViABjiLPNZKumB_gwu3c
cache-control: public, max-age=31536000
x-amz-cf-pop: BRU50-C1
content-type: application/javascript
x-amz-cf-id: sFVh9rEN70xkoFcFA_v_aaIvMt4EZZgh4YiBRqwKoUfkPaEwgfb4Ig==
expires: Tue, 17 May 2022 13:11:35 GMT

GET
H3-29 200 project.js Show response
www.cybereason.com/hs/hsstatic/cos-i18n/static-1.27/bundles/ 1 KB
1 KB 107ms
84ms Script
application/javascript 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cybereason.com/hs/hsstatic/cos-i18n/static-1.27/bundles/project.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3f99c65ea3d6186991a21add80eeea6d79500fcb3c9d8263680e0de270e0753

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:path: /hs/hsstatic/cos-i18n/static-1.27/bundles/project.js
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 3649c20f8adf8628b43dbef00864e392.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2101513
x-amz-server-side-encryption: AES256
cf-ray: 650d17adf9324bfa-AMS
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1c0d20ba00004bfa4da87000000001
last-modified: Wed, 19 Aug 2020 22:31:39 GMT
server: cloudflare
etag: W/"d0cd32f08bf823a0389da03beed61887"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dfJcZsCfkTZMU8WZqPpinr2NkFJ5REk4ti87XNuhFaIL5DkMwbIAGj7Rk3eC4fRqiGrh3R9b2faZdiz5Q2Zu5WH24Kgh%2BhbVwVyICP%2BWvVn5J9s%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 2tzxWhBqhFrbWNOKYsoHIauxtaBoTuuO
cache-control: public, max-age=31536000
x-amz-cf-pop: AMS54-C1
content-type: application/javascript
x-amz-cf-id: G5Q9ySvAO2u5QcNmepxg-GS6C6WjCp7NHLrBrWObZxokkR-kJix08Q==
expires: Tue, 17 May 2022 13:11:35 GMT

GET
H3-29 200 jquery-1.11.2.js Show response
www.cybereason.com/hs/hsstatic/jquery-libs/static-1.4/jquery/ 94 KB
34 KB 105ms
84ms Script
application/javascript 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cybereason.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:path: /hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 3649c20f8adf8628b43dbef00864e392.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2101512
cf-ray: 650d17adf9354bfa-AMS
x-cache: RefreshHit from cloudfront
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1c0d20ba00004bfa6e05b000000001
last-modified: Thu, 08 Jan 2015 18:08:00 GMT
server: cloudflare
etag: W/"5790ead7ad3ba27397aedfa3d263b867"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qC2HmDbyyC7%2Fu8DDiiYrJvFKqu06ariufSzGBrvsyZoCp7T%2FfIt0pad5I5QgDBCssRBs1LbAZAW6NeyDEayX6sYVvYUkdG41CVQ9ekfKkt6i5uo%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: null
cache-control: public, max-age=31536000
x-amz-cf-pop: AMS54-C1
content-type: application/javascript
x-amz-cf-id: fcRPTJ616ufZQ1eg-YDEnQmFcmiJcHJ8cW1SDiGpkPAs4kZdam7G8g==
expires: Tue, 17 May 2022 13:11:35 GMT

GET
H3-29 200 module_41681847227_CR_-_Malicious_Life_Network_--_Tier_One_Header.min.css
www.cybereason.com/hs-fs/hub/3354902/hub_generated/module_assets/41681847227/1619109182781/ 3 KB
2 KB 103ms
83ms Stylesheet
text/css 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/module_assets/41681847227/1619109182781/module_41681847227_CR_-_Malicious_Life_Network_--_Tier_One_Header.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 835866cae4df18da17dc4e3f4d6ae62967b3e344cc0bfe029fe529ed94ae7dff

Request headers

:path: /hs-fs/hub/3354902/hub_generated/module_assets/41681847227/1619109182781/module_41681847227_CR_-_Malicious_Life_Network_--_Tier_One_Header.min.css
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1619109182781
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 6b8cdd1ce925ccd88cc918dd35811d07.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2633
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: KMG9RQF9HP7HCH3K
cf-request-id: 0a1c0d20b900004bfa2f383000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Thu, 22 Apr 2021 16:33:03 GMT
server: cloudflare
etag: W/"f58fd8f67a47c0e890657f936f29799b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=MbQ9HTu%2FHUx2wKpfdrNY%2FSemBGl22dqQMBBobbLPNMHkfBkOXUIxQDrvlfVP24UrlrILJzkDnAwXBEfLX7XNW7qHtk29sTc9WksqZ25mhn5ABGI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: OrCGPw.DheqgcreVeofegnxXE_xFGg.y
x-amz-cf-pop: IAD89-C1
cf-ray: 650d17adf92f4bfa-AMS
x-amz-cf-id: xQFLxS9nlYiJ-XA1aHgGE4Qi2i9dAhaj_9yvIk1_b4sgajZDixRR6Q==
x-amz-id-2: 1ahsyeg4Nz9CnvltXiktSgl/fGEhInxDkZn3iabIRMbINKb4d1MKdPgryD+R3yhHlOj5fZ53saA=

GET
H3-29 200 module_41682410610_CR_-_Malicious_Life_Network_--_Main_Hero.min.css
www.cybereason.com/hs-fs/hub/3354902/hub_generated/module_assets/41682410610/1618194603032/ 6 KB
2 KB 65ms
46ms Stylesheet
text/css 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/module_assets/41682410610/1618194603032/module_41682410610_CR_-_Malicious_Life_Network_--_Main_Hero.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f903f416e22249cfab4769b65c97a216746ff7d579fc7fa983740943240a9362

Request headers

:path: /hs-fs/hub/3354902/hub_generated/module_assets/41682410610/1618194603032/module_41682410610_CR_-_Malicious_Life_Network_--_Main_Hero.min.css
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1618194603032
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 55b6418a8a2f714a67d8e4d292154ef3.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2633
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: KMG97NR8TQ1YWX25
cf-request-id: 0a1c0d20b900004bfa278d0000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Mon, 12 Apr 2021 02:30:04 GMT
server: cloudflare
etag: W/"594d3cef98509b9461f429bf5b0e356d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=TIntdL1zivtLIh3%2FJLj5XVmcv4dpByFsrlu%2BdC3EjIl51Rsm7dGcazdKypzWPbH9RRztwcMzRFD0BCvyUqpBO04YTLXAUopF9urEFfFE7x659yo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: cKpLd9F2Ix7k.Jqar0.eA5KbwB2erQU.
x-amz-cf-pop: IAD89-C1
cf-ray: 650d17adf9314bfa-AMS
x-amz-cf-id: iU-anN0zCch2dGy45Npk3_lr3BoCpZtbAsTQJXCSyZEQspuhXQA7PA==
x-amz-id-2: YaABMKEzSvJ+OfqCechdlVIKemRfbmmIVv6POBQJ3nc05j35kXg52GBFvvGh8VhYuY2G7XofB9M=

GET
H3-29 200 module_43300360745_CR_-_Malicious_Life_Network_--_Related_Posts.min.css
www.cybereason.com/hs-fs/hub/3354902/hub_generated/module_assets/43300360745/1617857458537/ 105 B
1 KB 117ms
97ms Stylesheet
text/css 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/module_assets/43300360745/1617857458537/module_43300360745_CR_-_Malicious_Life_Network_--_Related_Posts.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 735e44959f60192ae3b93cfafd034f89a1cd8a95510fbac7aabaf9fa05d9465a

Request headers

:path: /hs-fs/hub/3354902/hub_generated/module_assets/43300360745/1617857458537/module_43300360745_CR_-_Malicious_Life_Network_--_Related_Posts.min.css
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1617857458537
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 6b8cdd1ce925ccd88cc918dd35811d07.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2633
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 13RR116ZPXXJXEHQ
cf-request-id: 0a1c0d20ba00004bfa3520c000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Thu, 08 Apr 2021 04:50:59 GMT
server: cloudflare
etag: W/"b794f1cb3242ba801fcfb92cfc192f88"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=CZeDoHemKIFU7HwLs%2F3LyymMaI2QmHutrtaM%2BuASU4HDVg5EWvKWadyUFf%2BtJWvd4dgzCV%2FqNKGzLjyToqE5%2FziT46R3JgxTNDW2H46UiiJl0QA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: MJQ97OPQTN2vmCTXTBA96VHUt3wDMqMb
x-amz-cf-pop: IAD89-C1
cf-ray: 650d17adf9364bfa-AMS
x-amz-cf-id: modiSYgasOsIsUCyHD-UYcJUeBUZlc35NDCapzd7HyBr40Q1kLhgfQ==
x-amz-id-2: HSKAuSaa9JJyR3D9ZasLPgBqYRZ3sndKpUn2jQ8n+bJ8jhwTD/f9RzPYClRmuFNH+ob1NJduRso=

GET
H3-29 200 module_34473990280_CR_-_Footer_Full__en_US.min.css
www.cybereason.com/hs-fs/hub/3354902/hub_generated/module_assets/34473990280/1617772255567/ 3 KB
2 KB 354ms
336ms Stylesheet
text/css 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/module_assets/34473990280/1617772255567/module_34473990280_CR_-_Footer_Full__en_US.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 97831ff4832c4f000e924a97b5730bebd91816c3282cc2502fca83feebd993a8

Request headers

:path: /hs-fs/hub/3354902/hub_generated/module_assets/34473990280/1617772255567/module_34473990280_CR_-_Footer_Full__en_US.min.css
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1617772255567
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 7f7e359e1c06a914d3d305785359b84d.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: RB5YJ31T4CNQ1234
x-amz-id-2: gPuyWxq4+Dtx2SHvWaTwMUyiSedW5StpTjifktM7Yb2KOqtKqcr8HagUhphPbyP1sdtZB3YnqSo=
last-modified: Wed, 07 Apr 2021 05:10:56 GMT
server: cloudflare
etag: W/"62e33551763d4b79d6470cf52ea33112"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xThppdtUOohZbdMi%2FFTBftAZ9l%2FKHFXZnSEx%2Fn0YmEZq6UsE78pfRTuanx6Qac%2B1lkqADMc3ZrIFVYrDn2yLeFk3P6FgBxaZJBrJ4lEsdRWFAbg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: vvQxo65_yjPjSOAULQFixDRc0QuGv3di
cf-request-id: 0a1c0d20b800004bfa2cb96000000001
cf-ray: 650d17adf92a4bfa-AMS
x-amz-cf-id: ywcxRPZsoOJaqzeelDstJAiwE45IMYJ0Ky7PlDWaQ-ZlfpE7zSKxUg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H2 200 vyv2ljd.js Show response
use.typekit.net/ 19 KB
7 KB 97ms
82ms Script
text/javascript 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/vyv2ljd.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

8150eac82f94042cd505764e4d41d05bd10704a0b526f0775d8f5083a5b3dfe9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
date: Mon, 17 May 2021 13:11:35 GMT
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 7019

GET
H2 200 in.js Show response
platform.linkedin.com/ 181 KB
55 KB 29ms
7ms Script
text/javascript 2606:2800:233:66b5:799a:7cd3:f74d:7071
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.linkedin.com/in.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8F0A) /
Resource Hash: df1e5306fc7dde214ccee178a231d9390390513fd9914165f2385aa2eb3938e1

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:35 GMT
content-encoding: gzip
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 215
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 55605
x-li-uuid: EXKZ74rcfxbwafELzyoAAA==
server: ECAcc (frc/8F0A)
last-modified: Mon, 17 May 2021 13:08:00 GMT
x-li-pop: prod-eda6
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
accept-ranges: bytes
x-li-proto: http/1.1
x-li-fabric: prod-ltx1
expires: Mon, 17 May 2021 14:08:00 GMT

GET
H2 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1620930322058/hubspot/hubspot_default/shared/responsive/ 5 KB
2 KB 65ms
44ms Stylesheet
text/css 2606:4700::6811:f3cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1620930322058/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f3cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1620930322221
date: Mon, 17 May 2021 13:11:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 326713
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
cf-request-id: 0a1c0d20b400002b1ad83a5000000001
last-modified: Thu, 13 May 2021 18:25:23 GMT
server: cloudflare
etag: W/"0b0c633d59ab0af9553a98c0e7d97349"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=iPtAw0eDeArruBVTPlwvu6ulVZk6TxxOrhNJltAVX79UBvXD7HXr4Xazf55QqhdGlAiBF9d8TXwnYgZqStKpD0f8u%2B7pA7cc%2Fwenym2gtKYjhrIGK5Xy1ubSGYUZ"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-cf-pop: IAD89-C1
cf-ray: 650d17adebc82b1a-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H3-29 200 cr-master__cta.min.css
www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/34470223313/1613710752320/__CR_Web_Platform_2020/CSS/ 2 KB
2 KB 82ms
65ms Stylesheet
text/css 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/34470223313/1613710752320/__CR_Web_Platform_2020/CSS/cr-master__cta.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 485cccdd8ff15cbd62137df080aa75d0c9488d4f39923f839332a11a6bc1e2da

Request headers

:path: /hs-fs/hub/3354902/hub_generated/template_assets/34470223313/1613710752320/__CR_Web_Platform_2020/CSS/cr-master__cta.min.css
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1613710752320
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 7f7e359e1c06a914d3d305785359b84d.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2820
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: BQA0HMAJBPGGDXY2
cf-request-id: 0a1c0d20b700004bfa01892000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Fri, 19 Feb 2021 04:59:13 GMT
server: cloudflare
etag: W/"811a12fcf23cdd941bc9da65e10dfde6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=bQGJJizNS5L%2F6tDrfm8LQGB1WfN5XUVgQV5ZTtdM3J11dLaElc8f7%2BBte0R9w6K5OLCjQao2JhzSts010iwM8ypRF4GYtfXaXjdY1wojq4SS5yM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: dwMgVVpKySSXtvCgt6bEyNoKjlsSgetv
x-amz-cf-pop: IAD89-C1
cf-ray: 650d17adf9244bfa-AMS
x-amz-cf-id: eeJIimVGqBH5WOfA_KZ3xAi9FiwLtWXUmW0Zeb_3gkPZU8-aN7WSsw==
x-amz-id-2: VqWJ+yjegn3eFbFEPD5lOGEQsCqjDi3TH3sWweim3TWI6HHyedSSYkloCYBFcfwPCyME9hRDro0=

GET
H3-29 200 cr-master__main.min.css
www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/34470477360/1621017484848/__CR_Web_Platform_2020/CSS/ 42 KB
8 KB 84ms
66ms Stylesheet
text/css 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/34470477360/1621017484848/__CR_Web_Platform_2020/CSS/cr-master__main.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 300518d93c6debf5c1e8d6e26bfa3e3144dd001aa9fab79b0c6ad9c02ad8734c

Request headers

:path: /hs-fs/hub/3354902/hub_generated/template_assets/34470477360/1621017484848/__CR_Web_Platform_2020/CSS/cr-master__main.min.css
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1621017485008
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 530b01c2c88db2b27d295e2504b501cb.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2820
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 410DWM29D3TM4HR5
cf-request-id: 0a1c0d20b800004bfa29854000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Fri, 14 May 2021 18:38:06 GMT
server: cloudflare
etag: W/"0fb1dc3c65924d9357a2eca7fcb81ea0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=W7EmMv5RxCG9bKkzZZAnvXDBV1mBTY91jHdaDUIqwNREGtcZSlLzR%2FMtPRCosZrnovi3ao39uWwjH1%2Bi6vZaX%2BQ2u4JWdLzg1ZVSjQ97xK9pBGA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: amJXe7DGDhweY30fCj6mlO3phWhwaHZR
x-amz-cf-pop: IAD89-C1
cf-ray: 650d17adf9284bfa-AMS
x-amz-cf-id: z6lqr7Tuz7X_UYhP2LrFGv5IEb0BJma4TkYZb_A0uuM_WwRMlzzqDA==
x-amz-id-2: 4p6XOoMnQSS+aelg2o0cM+pDpCAJ/6ZnE5sZ1ohYDn3EERE2BRa+RYcjF20R/1J7wnJrEiKzCTM=

GET
H3-29 200 ionicons.min.css
www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/35275979682/1600880367101/__CR_Web_Platform_2020/CSS/ 50 KB
9 KB 83ms
65ms Stylesheet
text/css 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/35275979682/1600880367101/__CR_Web_Platform_2020/CSS/ionicons.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 72fe18777ebf37b44d58c82be9b67edceefb88c2c6984c614c72991d6e3b8853

Request headers

:path: /hs-fs/hub/3354902/hub_generated/template_assets/35275979682/1600880367101/__CR_Web_Platform_2020/CSS/ionicons.min.css
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1600880367101
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 88b63cb2f8aab28c7291262ffc15282f.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2820
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: BQABEFEQBC6DAK6V
cf-request-id: 0a1c0d20b800004bfa1eb74000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Wed, 23 Sep 2020 16:59:28 GMT
server: cloudflare
etag: W/"71c8c946791f3411c42a4cb1e9cdb5ed"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=bwMBjcTu%2FjlX2R%2B5pAP6SlDXjsdSS0bTrI6rTcQYTyQL8txY32wNghLsIHHiciCE6SUJp%2F94a%2FDQSyux4mFrllUqyKh4%2FiJtImW1OAT3MkuEtgw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: sBk0NTXt5JC0boW_cB8Js8IeL5M2sXdU
x-amz-cf-pop: IAD89-C1
cf-ray: 650d17adf9274bfa-AMS
x-amz-cf-id: _3ZNQfAUhwp5h0XFg7Mn0CBTssjCz4MG8bcwIxeKJYeG60CcZsCisw==
x-amz-id-2: /pUFx6Tg57MjHVla7ge2ETu9oPyqdhqpDunFS3beoTAdQUyyHKyDGJJvLj3itm6Wp4WWf9BnlmA=

GET
H3-29 200 cr-mln__build.min.css
www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/42760289143/1621016677351/__CR_Web_Platform_2020/CSS/ 13 KB
3 KB 82ms
65ms Stylesheet
text/css 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/42760289143/1621016677351/__CR_Web_Platform_2020/CSS/cr-mln__build.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0a43c8d4fb49da539d64078a7fbd43483b379cbed3f4362d043911d60042bd21

Request headers

:path: /hs-fs/hub/3354902/hub_generated/template_assets/42760289143/1621016677351/__CR_Web_Platform_2020/CSS/cr-mln__build.min.css
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1621016677405
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 dd169cfdbbafbb3da513bede6bc6640e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2633
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: JV2Q603KF3FXM8B7
cf-request-id: 0a1c0d20b800004bfa52af5000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Fri, 14 May 2021 18:24:38 GMT
server: cloudflare
etag: W/"d7bc835c492d201ab6861011163d3017"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=aJ%2FEc8n%2FGGsrpfdVC%2Fs%2BcyP8LVeQ4Uz75MIUmqdGWjTUgQgH%2B9PG5SDx8rtR2RoV3OCDvQYa2q%2Bkf%2FhZCmaEl7dNQ0QWe79je%2FDiEDz%2FN%2Frkerk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: 4aPa3enQrjxabAny0SUh3RivmpOu.xuN
x-amz-cf-pop: IAD89-C1
cf-ray: 650d17adf9264bfa-AMS
x-amz-cf-id: ZuEXatJTTqaenQy4T8h_ryovy9Ppy4anIYB5ypgmf2knZgA7_6c6fg==
x-amz-id-2: 5xu7fo2xKqLOu51Hs6sMSlfvpfPEmnQfPPMQtgxfUZA2BpN5O1YUc3dQ5z0pLd3q66JDo6RQKWk=

GET
H3-29 200 cr-framework__bulma-columns.min.css
www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/34470224480/1614969030468/__CR_Web_Platform_2020/CSS/bulma/ 19 KB
3 KB 99ms
82ms Stylesheet
text/css 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/34470224480/1614969030468/__CR_Web_Platform_2020/CSS/bulma/cr-framework__bulma-columns.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb23edf11fd3b59074aa91afab71072500344c5cdab4bf8ce021ac254a8c4742

Request headers

:path: /hs-fs/hub/3354902/hub_generated/template_assets/34470224480/1614969030468/__CR_Web_Platform_2020/CSS/bulma/cr-framework__bulma-columns.min.css
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1614969030468
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 7e9d74c81117937f0703aa3977d2d999.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 787
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: BQA0SMW55XDARQ3E
cf-request-id: 0a1c0d20b900004bfa17313000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Fri, 05 Mar 2021 18:30:31 GMT
server: cloudflare
etag: W/"08ba286e60d03eb430fabcff4f2e8558"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=pebIOkk6xX0tPJsfYt6NlTJWyIIhoXv6vhX82v%2B1GI1uug5Z0y%2B9ZjuOLacL9Knpf6qN6MAYyx%2FoHLooWLWp7XT%2BMVPeEqT4HfPVC36uR6qmbIc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: jXolnUCUE0L38Uw1.WY6lvIU6GvZ47Q5
x-amz-cf-pop: IAD89-C1
cf-ray: 650d17adf92c4bfa-AMS
x-amz-cf-id: LWnwlajjv2GYqxymll2uB0KFG_f6fwlblYPObsjqWalo75vAyHZGwQ==
x-amz-id-2: ovb7fGPe5SVtQzWoJUQwr9N3Az2/r8tIXHvsfq3YvNNFt8wdikA/s87Paktsfa8kC9ZBpRwv2ps=

GET
H3-29 200 cr-framework__bulma.min.css
www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/35291999472/1614661129976/__CR_Web_Platform_2020/CSS/bulma/ 64 KB
9 KB 98ms
82ms Stylesheet
text/css 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/35291999472/1614661129976/__CR_Web_Platform_2020/CSS/bulma/cr-framework__bulma.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0a1db8e6cb7ae20e5ac308a25943b94734e7ad0f794b26eb778c7e38ae2b51e0

Request headers

:path: /hs-fs/hub/3354902/hub_generated/template_assets/35291999472/1614661129976/__CR_Web_Platform_2020/CSS/bulma/cr-framework__bulma.min.css
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1614661129976
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 baddfcb4f2a6876b4fcc03bcd62427ef.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2820
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: BQADTCGZH8RNTM9N
cf-request-id: 0a1c0d20b900004bfa45a5f000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Tue, 02 Mar 2021 04:58:50 GMT
server: cloudflare
etag: W/"88605a5e2df657681a0605d62c89a631"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=WnSEIqlzst5me0r%2BmQor4C2dSjWWfEwZfd2HmNB6g4YUxc2lmqH0wNaFJM%2F0ns0g6x3v9tsvWSB7Av%2Fneukua6Pq3uUhKYdJSOtuxsjEMZ4iBKQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: tAd3t.xCRJ6C07U_zCfDzg5hCYB7E5P1
x-amz-cf-pop: IAD89-C1
cf-ray: 650d17adf92b4bfa-AMS
x-amz-cf-id: Oc5XXCVcRdebITbza4qMlT2zcEz8KLUnV83Q555QxGSenZ1u39rE0Q==
x-amz-id-2: Zxl0VIkXG2NqAac1HlGxE0L/2U9jQwUvG3qko0/xO5d/3qJiy29f8uX8MC4auBL+8LW8kx7r2tw=

GET
H3-29 200 hamburger-animation.min.css
www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/42363645447/1614911253070/__CR_Web_Platform_2020/CSS/ 22 KB
3 KB 100ms
83ms Stylesheet
text/css 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/42363645447/1614911253070/__CR_Web_Platform_2020/CSS/hamburger-animation.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c9130ee8c979a74ab038cf5e8a06db5cb94253eab35ea5242f515d605f4781ad

Request headers

:path: /hs-fs/hub/3354902/hub_generated/template_assets/42363645447/1614911253070/__CR_Web_Platform_2020/CSS/hamburger-animation.min.css
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1614911253070
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 263d97c176fc51d1d08116820c013de4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2633
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: KMGC72J2VKEJW3G1
cf-request-id: 0a1c0d20b900004bfa75059000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Fri, 05 Mar 2021 02:27:34 GMT
server: cloudflare
etag: W/"a0b451fd96744fa455495e022542ab86"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Ac44%2BPVJ8l0LqDWICZe7qOI7TLt4ocNQjsqajC6UNTTg3BurcgXm9E%2F8Lf5RWj8W1fXfF70xXUrbLFuMhcQcTEafx35iF5jDcTaS3eQW1UkHLTI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: 48HHzBt1ZAHNHDF25QKABbh_JsEPbDqv
x-amz-cf-pop: IAD89-C1
cf-ray: 650d17adf92d4bfa-AMS
x-amz-cf-id: 5FZlw3fxQ0YX8iR2ZXc6ltutE0K77qbu2JSJMqEHHUbsLVtcxE6I5g==
x-amz-id-2: PVvHLslscWMzItoTk+OFthKpeYWuXfX/mYiMSjFQLrANUeSi9Ps9mgDuZxSQFpYWKepFg6C6u/o=

GET
H3-29 200 animate.min.min.css
www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/42507091846/1614920868925/__CR_Web_Platform_2020/CSS/ 52 KB
5 KB 194ms
177ms Stylesheet
text/css 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/42507091846/1614920868925/__CR_Web_Platform_2020/CSS/animate.min.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 267c1ae37916b433b1515b4687883dbc2fef448a533e33bbe97085d42c7738d5

Request headers

:path: /hs-fs/hub/3354902/hub_generated/template_assets/42507091846/1614920868925/__CR_Web_Platform_2020/CSS/animate.min.min.css
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1614920868925
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 936f33bed45438343f0ef2adff442815.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2633
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: KMG8HNQ9FAQF9CEW
cf-request-id: 0a1c0d20b900004bfa651f3000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Fri, 05 Mar 2021 05:07:49 GMT
server: cloudflare
etag: W/"a091d6db21bd52764bd7a33e2944a606"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xViQUY4qZwSmDx3YP1%2FRz2bCjifhMdbQ4HEjviagwmKW6LXM1zvE%2F56%2Bz%2B7k%2FqzpJBccrIxqgX8E4iMy1cbtbf%2FwweN%2B5VAcTTJjvao0WuLc8eg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: N.0JvpMrNL6R6ApQYx9Po1pYOHB20NAT
x-amz-cf-pop: IAD89-C1
cf-ray: 650d17adf92e4bfa-AMS
x-amz-cf-id: bjVx0trR8FFvf2aqXAjcsZ8PL4Wky7p4XO25bgG_I7ybFX5d7K6ZJQ==
x-amz-id-2: StvFdvgVoQBhYpUcghhb+lxKfgZ/b/YvGGj4zxRcHTHAa+Sw5mjcfN6lwFMjt+oMUIvhMpJ19RQ=

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
6 KB 22ms
21ms Stylesheet
text/css 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2141082
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5631
cf-request-id: 0a1c0d20a100002c0de714a000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7918"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=P%2Bs5S%2Fv3w2NfasSbsw%2Fo65E9LHhiNT9EqN7mBAdNuoTLVNiz7g%2B7hyblbr6tHKAK3T25Av5UkmjkFxSuAt0k194oMXqMuiUgN%2Bkttd6RMwmB842kQW1TJzG%2FkPf9SxMbog%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 650d17adce572c0d-FRA
expires: Sat, 07 May 2022 13:11:35 GMT

GET
H3-29 200 marker-animation.js Show response
www.cybereason.com/hubfs/dam/plugins/ 6 KB
3 KB 114ms
98ms Script
application/javascript 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hubfs/dam/plugins/marker-animation.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 843803aeba82f94da6f1cbe1f853ccd12f5d7cc6a3afa20923e57e5df60c412d

Request headers

:path: /hubfs/dam/plugins/marker-animation.js
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0a1c0d20ba00004bfa09b82000000001
content-encoding: br
x-amz-meta-cache-tag: F-36714670113,FD-35651288461,P-3354902,FLS-ALL
age: 1621268
x-amz-server-side-encryption: AES256
edge-cache-tag: F-36714670113,FD-35651288461,P-3354902,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: DRFG7VA8ZJ4SN5DX
etag: W/"c789451d244987df6815383a74c748e9"
vary: Accept-Encoding
x-amz-meta-created-unix-time-millis: 1603818553593
content-type: application/javascript
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 4cc2a0a7eb7d5483edc69be298297f9e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: AMS54-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: mSOQTuvaEn/OV6lDwdS63K31u0htMOQGVAVZ3/BKUD36nSEx3FuuIvzSw5xaJhx1Cd0skG6RIMQ=
last-modified: Tue, 27 Oct 2020 17:09:14 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=37M92G0XO5i8lraxC6EP1U3zaYHO7scuHSkjgBuD7asnq4iai1Ku%2BiSBfhqDkfquQUEgSZsOFHS%2Fg7hGEgdVwQEgKGq%2Fsbqbv8PnD7vuRkFGBts%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: sJPPhJRtfwkomYz4StFq0KxvBmQZgdrG
cf-ray: 650d17adf9374bfa-AMS
x-amz-cf-id: HJyfhv5IMPv2mCSEzeo23bZ6QqX1dpadULw_xnWfVcR6i6MXjnk7tA==

GET
H3-29 200 cr-logo-web-horizontal-black-500px.png
www.cybereason.com/hubfs/dam/images/images-web/logos/ 5 KB
6 KB 54ms
54ms Image
image/webp 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/logos/cr-logo-web-horizontal-black-500px.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2311b7d2f30a6ab89191098f12c99253267df7219477c0702d58bf4999f4a703

Request headers

:path: /hubfs/dam/images/images-web/logos/cr-logo-web-horizontal-black-500px.png
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0a1c0d21cd00004bfa45a74000000001
x-amz-meta-cache-tag: F-36668407494,FD-35695393279,P-3354902,FLS-ALL
age: 1012143
x-amz-server-side-encryption: AES256
edge-cache-tag: F-36668407494,FD-35695393279,P-3354902,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="cr-logo-web-horizontal-black-500px.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: BW2P58ZSV0BT84B4
cf-bgj: imgq:85,h2pri
etag: "acbeba65a7e33212196b1386c365e1fb"
vary: Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1603732670207
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 8e380527758859f940c2c93ed9fbd5d8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: AMS1-C1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=9553
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5062
x-amz-id-2: ypHp7biMOtISuciScFchYelUoFtN6dF0GTGYZMybojHj9BYQD39RzVPGREecSjvR9SZ+7y3XT5Y=
last-modified: Mon, 26 Oct 2020 17:18:08 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dngAsTnXNKIB0mj3Pqie99Mco37hFoT63dzIjvB7SJ0h12Q4y214gMh9tz3otBumgiScdXW6zuigClv%2BTQQqsa%2F%2BEutpUUwDqhkXOPBr06iKjR4%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: Fi99aeAoW1lKCRBa1uJA0OV6mR9Vcx_U
accept-ranges: bytes
cf-ray: 650d17afabd94bfa-AMS
x-amz-cf-id: YPKS81piYCZBBOfZ35ikFQBr1TOpIwMZ-csJgspIcuiMDMqZKjNj1Q==

GET
H3-29 200 cr-malicious-life-network-logo.svg
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/ 23 KB
7 KB 39ms
38ms Image
image/svg+xml 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/cr-malicious-life-network-logo.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 59d91999b3e0f1e6191f29f73b2b079ee1aa1350f3d88795db7518ca40a9be60

Request headers

:path: /hubfs/dam/images/images-web/blog-images/template-images/cr-malicious-life-network-logo.svg
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0a1c0d220400004bfa629a1000000001
content-encoding: br
x-amz-meta-cache-tag: F-41718939860,FD-41718904629,P-3354902,FLS-ALL
age: 1622222
x-amz-server-side-encryption: AES256
edge-cache-tag: F-41718939860,FD-41718904629,P-3354902,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: N49ZCJTWMJDY1554
etag: W/"559d4455bd1fe5c187804bc088e7c79f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
x-amz-meta-created-unix-time-millis: 1613708849844
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 f655cacd0d6f7c5dc935ea687af6f3c0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: AMS54-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: bGRjEwFDRbytJm/X+C+Fa0EeCh1Kq9CHyY4xJffXV9nJav7xLG8b7ZAq7G7JxzIZYf3IHwPOr+g=
last-modified: Fri, 19 Feb 2021 04:27:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=hNbwjiwNUACGbMc6qvXN1NvGpQlemOjWc%2Fi20cMdD4Lw%2FbbCn%2BCK3EReV1F5zvU7M2b79w%2B%2BcAhU5ugxyK0V6xVEROd7yN%2FvVy0rTjSJrYxsFL8%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: jV508h77cVNLHNUYKWw1EBxVoCqSOv_T
cf-ray: 650d17b00c694bfa-AMS
x-amz-cf-id: T_Hna4PwOf6Sg4ZqCQcSxhDUGeywsSJbzCAIK9LVNJK0qPsnUHYr6Q==

GET
H3-29 200 cr-blog-icon--search-dark-gray.png
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/ 282 B
2 KB 36ms
36ms Image
image/webp 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/cr-blog-icon--search-dark-gray.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 91b667b9d0de69583ee16753496325f38b91e7f77dcb34a5e49bdca3b670002a

Request headers

:path: /hubfs/dam/images/images-web/blog-images/template-images/cr-blog-icon--search-dark-gray.png
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0a1c0d220800004bfa629a2000000001
x-amz-meta-cache-tag: F-42360212094,FD-41718904629,P-3354902,FLS-ALL
age: 1622222
x-amz-server-side-encryption: AES256
edge-cache-tag: F-42360212094,FD-41718904629,P-3354902,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="cr-blog-icon--search-dark-gray.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: 9W6Z6MSKQ0TR0QBS
cf-bgj: imgq:85,h2pri
etag: "5285e68f20ece59da650da19c81751e2"
vary: Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1614741596040
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 4b3bed207ec72204ebc89ae818e573ef.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: AMS54-C1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=583
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 282
x-amz-id-2: Wby+y96zfU+kz+VKJrwml4UYsHjCHwRcarxkRGUH8SM2VSpVy9BieAWvNF1qBNcF9qXuq1jbe9g=
last-modified: Wed, 03 Mar 2021 03:19:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=G4E%2BZUIxeBGoSCVQ6b1K26LhPP7Kkxv6sBw%2FGkG7DWh7ncMfvaqE3eU0A5v4vaJT5lzb%2BKHSgI5ci8zkLn9sWdve76J5dWc8eLrfOcE7buOHw2A%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: Z9.dvET4DoUMSJH5gPgUuVYnyNsIiNYh
accept-ranges: bytes
cf-ray: 650d17b00c834bfa-AMS
x-amz-cf-id: r_DPgL4MLdQ3y_FxK8bCypL6bzs7fGqXBqPZ1NOc07BTozD-KAr0Hw==

GET
H3-29 200 Darkside-blog.png
www.cybereason.com/hubfs/ 71 KB
72 KB 48ms
47ms Image
image/webp 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/Darkside-blog.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0f9e87469afce3e7a383140714c8d4af85c3a6afc8797f51d37761452bbaae1

Request headers

:path: /hubfs/Darkside-blog.png
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0a1c0d223f00004bfa3522a000000001
x-amz-meta-cache-tag: F-44286967580,P-3354902,FLS-ALL
age: 1586682
x-amz-server-side-encryption: AES256
edge-cache-tag: F-44286967580,P-3354902,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="Darkside-blog.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: 76FJWYK2SK5NPFP0
cf-bgj: imgq:85,h2pri
etag: "3c46ad2545a6cbab6b3438981ab1f7c7"
vary: Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1617288245572
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 1396f0307ab4835adf6e4163507d4c8a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: AMS54-C1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=134288
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 72486
x-amz-id-2: huLNL5lOwosl2ucQqaqS/+Ke5vSZMxDtcHX8aDEU/D2smAYoWshheDMRqmhOsNrJ/2PB0X5NNGo=
last-modified: Thu, 01 Apr 2021 14:44:06 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=MGoQumnXbhh9PtW7TuMKgQ4Vux023ovW8llaq%2F%2FOeRB2ghtJyoiv3A%2BxpE%2BZqttIAtu10JTgDGJ9gc1TvYxursb87rVioqyTaZ3ZxARVjrpYQWQ%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: ixj9o9oo4tzcE5UTemcjnKg3GgUQX97O
accept-ranges: bytes
cf-ray: 650d17b06d0c4bfa-AMS
x-amz-cf-id: K_aTz7CiA8_7LDqFU3degquCoS6pm4_OABswLVa8RvHKR324J_m7fg==

GET
H3-29 200 twitter-gray.svg
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/ 749 B
2 KB 43ms
43ms Image
image/svg+xml 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/twitter-gray.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f9db6465a204cc4186368b72a0ba4f063e64569aa4fc96e0f40c7ac69423121b

Request headers

:path: /hubfs/dam/images/images-web/blog-images/template-images/twitter-gray.svg
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0a1c0d224200004bfa21320000000001
content-encoding: br
x-amz-meta-cache-tag: F-44251289646,FD-41718904629,P-3354902,FLS-ALL
age: 1622222
x-amz-server-side-encryption: AES256
edge-cache-tag: F-44251289646,FD-41718904629,P-3354902,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: 2E6VFQJX88888H1D
etag: W/"5c103d0cd978b3a8d7ccab6bff714599"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
x-amz-meta-created-unix-time-millis: 1617243822112
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 4b28b963946514dd2cf9a90f74a8034a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: AMS54-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: SdeOW5PyO3A3r+r2y6DEJopIl5eDSBPMY+RsMaQs5aS2WU6/bjd2C7eKMkGb6EQFQ/rfi2zCkNM=
last-modified: Thu, 01 Apr 2021 02:23:43 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Bm51iGBhAMcJk9l%2B3d7CXA9O8TJ2ttiDi%2BA370oLQTem7VQz1i%2FBxR6%2BajUHzBwEn00ua0hX69qqBwdSXTmb6wIhjGfKTdmpadwZenfhTaCrI8k%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: IqbJNdLSXrwowOx5nKBNqqtBOZO91Biv
cf-ray: 650d17b06d104bfa-AMS
x-amz-cf-id: lJx4MAvDm33kwsQERtl-vd1MfKdxRwVW3DrTrpbGHTULUGFjyqGPfg==

GET
H3-29 200 facebook-gray.svg
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/ 372 B
1 KB 92ms
90ms Image
image/svg+xml 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/facebook-gray.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d82231820461c83d1b0966caae71bd2732bd89e9a910fdb90d193c3dca16dbc7

Request headers

:path: /hubfs/dam/images/images-web/blog-images/template-images/facebook-gray.svg
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0a1c0d224700004bfa50301000000001
content-encoding: br
x-amz-meta-cache-tag: F-44251209055,FD-41718904629,P-3354902,FLS-ALL
age: 1622222
x-amz-server-side-encryption: AES256
edge-cache-tag: F-44251209055,FD-41718904629,P-3354902,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: 957SDJBRNTSNS0X9
etag: W/"8c22d0d78005c386bf29edacfdd2360d"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
x-amz-meta-created-unix-time-millis: 1617243822102
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 8a5da1dacdf44356dd0f5d8a61106c9a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: AMS54-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: X2GyO45B9nGuCTPr3nb6jC7kvAV1rwss7Yvw76I2ne2yzNqJxauWMEFQh2sb7Sg0ejL3c0qyIL8=
last-modified: Thu, 01 Apr 2021 02:23:43 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=wqTJG8QNdPsqFQ4i1HgyZhSgFiqNhz%2FdZTtZfIjBlG60DcnqwAfk9RI7TQxz2DzYilNbYxSj9AStFg9IOZByJO0zchbDy%2BSTzn2IHKs7HXA4aGE%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: j7TMxqcLHA18llA46ti9t98ENVzeqi8u
cf-ray: 650d17b07d1b4bfa-AMS
x-amz-cf-id: 6-JMmAW5AOVCkhX1tr_nGDBVyxoMEIT5GGBqDUc7Uz8oqzlAeSWb4A==

GET
H3-29 200 linkedin-gray.svg
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/ 742 B
2 KB 92ms
90ms Image
image/svg+xml 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/linkedin-gray.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 12127e3110351f54262db955bafe353593dd58c89c7f6b6fc159c10515e93c61

Request headers

:path: /hubfs/dam/images/images-web/blog-images/template-images/linkedin-gray.svg
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0a1c0d224700004bfa67825000000001
content-encoding: br
x-amz-meta-cache-tag: F-44570599712,FD-41718904629,P-3354902,FLS-ALL
age: 1622222
x-amz-server-side-encryption: AES256
edge-cache-tag: F-44570599712,FD-41718904629,P-3354902,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: 5E1PB7ADSQTSAR4K
etag: W/"446340b1a8e73ee28b1a47837a13fdf3"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
x-amz-meta-created-unix-time-millis: 1617758009375
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 4fa61644a4cc2dfcb32e66f7e29f0077.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: AMS54-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: oTKMX/AEBdzZ0C7tfV16wpEXjigW5Hl2QtUL9KFjKtbsPJU9vNKMO+cykq6B0uaS93+26zFMZ00=
last-modified: Wed, 07 Apr 2021 01:13:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=B3aEfyAS5kf97RuMvu69DhBjMvd%2BljZxZdR2ug6omnj5T2obacHTnUtpnCzbXn1tCClnVqaZ%2FebArGjqWKdGY%2F5pByJfozirtFADcH5v7Apd%2Flc%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: cNQVyvptDzpT8RxIUtNpIf4tWlwMEFMh
cf-ray: 650d17b07d1c4bfa-AMS
x-amz-cf-id: UHPVYeTowdBJhpny1EP0vvqx2mD2PvK7D_j7NgkigMrMEGtothb56w==

GET
H2 200 186xxdwuxz.jsonp Show response
fast.wistia.net/embed/iframe/ 0
0 9ms
6ms Script
text/html 2a04:4e42:1b::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.wistia.net/embed/iframe/186xxdwuxz.jsonp
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:1b::622 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *

GET
H2 200 E-v1.js Show response
fast.wistia.com/assets/external/ 609 KB
113 KB 23ms
7ms Script
application/javascript 2a04:4e42:1b::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/E-v1.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

67285b2eacc90d3436ea8747ee6f8c8eac151b29f7f3d26487e7779c14386049

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:35 GMT
content-encoding: br
vary: Accept-Encoding
age: 1801
x-cache: HIT, HIT
content-length: 115202
x-served-by: cache-dca12927-DCA, cache-hhn4060-HHN
access-control-allow-origin: *
x-browser-version: 89
last-modified: Mon, 17 May 2021 12:32:47 GMT
x-timer: S1621257096.761011,VS0,VE0
etag: "60a2626f-1c202"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 784

GET
H3-29 200 image%202.png
www.cybereason.com/hs-fs/hubfs/ 24 KB
25 KB 92ms
90ms Image
image/webp 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image%202.png?width=588&name=image%202.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9656e07d2620e3a6f1135793beabb273e45218b3f86e647a7d809c3efe74f2c1

Request headers

:path: /hs-fs/hubfs/image%202.png?width=588&name=image%202.png
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 b5e757a7da6f6fe6261f56a8a9646881.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 26297
cf-polished: origFmt=png, origSize=38629
edge-cache-tag: F-44207774230,P-3354902,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="image%202.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 24670
cf-request-id: 0a1c0d224700004bfa79937000000001
x-amz-server-side-encryption: AES256
last-modified: Thu, 13 May 2021 20:40:15 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "8a0f8c15d53fb5b75f2513fa3374d7df"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8pdagmjIufLpBKYotPz%2B8KsibgDm65smHewq%2FBsZveM4aX%2BnmAS3eeiHfT52efbWboPG%2FeGQ%2Bjh%2Fy7pjRdBFfHcwSwg4QM4GjbXaff5CGsPbAQM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 650d17b07d1d4bfa-AMS
x-amz-cf-id: tVHc-Uwd34MT2l4wQ34kKm57PyYAB4tx_rhnY-PkbX7YbsygCYAAXQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H3-29 200 CR_Owl_Web_Mono@3x%202.png
www.cybereason.com/hubfs/ 7 KB
8 KB 39ms
37ms Image
image/webp 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/CR_Owl_Web_Mono@3x%202.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8292049c0f7e7fc6406874e976ed7e4134d3e34c16a790084b51f48595848aa0

Request headers

:path: /hubfs/CR_Owl_Web_Mono@3x%202.png
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 682270ef163d219cc7a50d1af232b97f.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-11216732180,P-3354902,FLS-ALL
age: 985735
cf-polished: origFmt=png, origSize=18281
edge-cache-tag: F-11216732180,P-3354902,FLS-ALL
content-disposition: inline; filename="CR_Owl_Web_Mono@3x%202.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 2W1BW67NBHT3SKKF
cf-request-id: 0a1c0d224700004bfa13052000000001
x-cache: RefreshHit from cloudfront
accept-ranges: bytes
last-modified: Fri, 12 Jul 2019 13:47:40 GMT
server: cloudflare
etag: "5830fe3ad7045c6e2f662e6cb8ea7db9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ApigcIsCOW4e9E%2FukANGIRoGAFIprNR3ew86ilcLCdZQI1tANJY%2FQ9ebrW%2FpDJ3jaK%2FxjVLDDYqbvaEjd%2Fieme8lEJmaSGdXzxUzU%2FYcui7f8ak%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-amz-id-2: S2ICgsg9MvjD6iruidlKLacK7Tb7sYvOgpB3fnZ8mqwGm9BA0sCpyaWPFhkSUJP39u+c8uVwq60=
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id: nZ4bmwWnKhcTbz9EkpvMbukUoI6WISi.
x-amz-cf-pop: AMS1-C1
content-length: 7120
cf-ray: 650d17b07d1f4bfa-AMS
x-amz-cf-id: bDaXcUO0CITR18MbTMT0XV8PlfF9xOE09_A_4q8YGvicRfOGcjnhbg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H3-29 200 icon-social-gray-linkedin.png
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/ 154 B
1 KB 92ms
91ms Image
image/webp 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/icon-social-gray-linkedin.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9586d0fb1354dd56116ff8e2bf4c54bb5e283cf33abd801f338ef6054c501978

Request headers

:path: /hubfs/dam/images/images-web/blog-images/template-images/icon-social-gray-linkedin.png
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0a1c0d224700004bfa6f9cf000000001
x-amz-meta-cache-tag: F-44556752913,FD-41718904629,P-3354902,FLS-ALL
age: 315428
x-amz-server-side-encryption: AES256
edge-cache-tag: F-44556752913,FD-41718904629,P-3354902,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="icon-social-gray-linkedin.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: 3EZCASKM4H981R2K
cf-bgj: imgq:85,h2pri
etag: "5b58aca254cf940946a8b643ac56bc3b"
vary: Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1617740300009
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 d3d7cb5a7de36091f7284546b4190a33.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: AMS1-C1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=228
x-cache: Miss from cloudfront
x-amz-meta-index-tag: all
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 154
x-amz-id-2: WbI13nTozUXivfTAjogDXzRxHy4Dz9hL/QnY/h73SH7X3rXslam4Efee/3f7QkmK+F9FXddRVS4=
last-modified: Tue, 06 Apr 2021 20:18:21 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YaRJBST5VUHD7RFONSRZpj%2Bq0B7%2Bn9AywsE7I7oh6Wv46J9Dj3ZZdEYwAGXP6z8LvYylApD%2FOMnOT4ncWWf8wDC1XX9%2FQZ2HsuBuWxKCUwSN8mE%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: QKZGjr11n8RfLL1jJfRJGaNCWnmOz1y4
accept-ranges: bytes
cf-ray: 650d17b07d214bfa-AMS
x-amz-cf-id: eJb0XC2FQ31Klt6DosJNPH7WT8ajUd723sdVZV0LICYjf0OGUMs0rw==

GET
H3-29 200 icon-social-gray-twitter.svg
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/ 749 B
2 KB 93ms
91ms Image
image/svg+xml 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/icon-social-gray-twitter.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f9db6465a204cc4186368b72a0ba4f063e64569aa4fc96e0f40c7ac69423121b

Request headers

:path: /hubfs/dam/images/images-web/blog-images/template-images/icon-social-gray-twitter.svg
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0a1c0d224700004bfa2cbb2000000001
content-encoding: br
x-amz-meta-cache-tag: F-43294710828,FD-41718904629,P-3354902,FLS-ALL
age: 1622221
x-amz-server-side-encryption: AES256
edge-cache-tag: F-43294710828,FD-41718904629,P-3354902,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: FVBQ09KEDY0E34CA
etag: W/"5c103d0cd978b3a8d7ccab6bff714599"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
x-amz-meta-created-unix-time-millis: 1616007053027
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 76fb21fcb70866221c67558e2f776541.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: AMS54-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: zZSTTbYEc5/87aduOFVerIwxamr2vWIXY6D1afBBPH2XfFps7pvEU5eFQalJ9dNVIJh2RInMAyA=
last-modified: Wed, 17 Mar 2021 18:50:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6o0vv53jMU1uI%2FJFUuNGR8WrNFmAyhpB0Sinx%2BkXn%2FK92yvncbCQjXvB%2B0by0e%2BqvY8HozTJ3P%2B3%2FIAtH0q87uVggozEBh2WQRF3pYK59IeMcV8%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: NF3dgF5tFLaoFoVElEGWcy105X0OE1GX
cf-ray: 650d17b07d224bfa-AMS
x-amz-cf-id: RHobhiKd2VLujNdEwSlXa3x138xYEEQQ2dilUBCkW0AZpCM9Jr-iCw==

GET
H3-29 200 cr-logo-web-horizontal-white-500px.png
www.cybereason.com/hubfs/dam/images/images-web/logos/ 5 KB
6 KB 37ms
36ms Image
image/webp 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/logos/cr-logo-web-horizontal-white-500px.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e25be07e98d8af6966a317f09b01392cce60447ed768a034ec1b18843ee6dcbc

Request headers

:path: /hubfs/dam/images/images-web/logos/cr-logo-web-horizontal-white-500px.png
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0a1c0d224800004bfa23b11000000001
x-amz-meta-cache-tag: F-36665664687,FD-35695393279,P-3354902,FLS-ALL
age: 35010
x-amz-server-side-encryption: AES256
edge-cache-tag: F-36665664687,FD-35695393279,P-3354902,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="cr-logo-web-horizontal-white-500px.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: QY7H2CZ52Z2B11D7
cf-bgj: imgq:85,h2pri
etag: "767db0928e354898ad0d5be0b8913d27"
vary: Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1603732670178
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 e13e8f228afcbd0862f27c6ebd714879.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: AMS1-C1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=9464
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5068
x-amz-id-2: dUN2/G9FbnH8MspW/MYo9KboiKidNEC9O2uAdWEwWMMfMJt4DMLqqbh3KI33waTFkN8Pq8TxwEU=
last-modified: Mon, 26 Oct 2020 17:18:29 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=oFhm7Nan2IAwuNzgqsZEzgyc1d4Azi96YzRBZZLNoksxjUxKMv3bUSBS%2BKDvqi5vNjHmcd5fOeGMQehfhD%2FndDlpRG%2BH3k6DywSVhgjSCXl6Oy0%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: rUG6Di0oDG3X0PJdHQ7Od_mXd6h0OgSj
accept-ranges: bytes
cf-ray: 650d17b07d234bfa-AMS
x-amz-cf-id: CDPysGISrKdOoKvA4mKovez-DSbIlhCjN1Tbnr3beTV_8_9l3EtD7Q==

GET
H3-29 200 animatedModal.min.js Show response
www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/42507089303/1614944819152/__CR_Web_Platform_2020/JS/animatedModal/ 2 KB
2 KB 31ms
31ms Script
application/javascript 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/42507089303/1614944819152/__CR_Web_Platform_2020/JS/animatedModal/animatedModal.min.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9ee63a2ce9251063533d17d87c6a2d7f06f0a3c0e38d8c9f107131ce580c057b

Request headers

:path: /hs-fs/hub/3354902/hub_generated/template_assets/42507089303/1614944819152/__CR_Web_Platform_2020/JS/animatedModal/animatedModal.min.js
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1614944819152
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 841dfa6074cf4b3b0718988f088a4ac2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2633
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: V5M28J478KHEF19B
cf-request-id: 0a1c0d216c00004bfa29863000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Fri, 05 Mar 2021 11:47:00 GMT
server: cloudflare
etag: W/"7d1fd84ca69684424460a51e51bc07ff"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=JHa8un%2B2YEMk3o0dFMftPDAUZmBM0NIm6k1FfPwC%2Bh0JZvFzefUT2GBLU2pRg6x9x6rUfoXQ8ZVYaXElu7dy275seMYhg58SkEeKYjMzEdyaEUk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: LoBDDMrdwgRqzOSnwGaf7mylhX0UQKlT
x-amz-cf-pop: IAD89-C1
cf-ray: 650d17af1b004bfa-AMS
x-amz-cf-id: GHvHulhNZ5vQ5EJFWd1gdx48JIaine_bGY4qBmphlO1IsfRlaHP-jw==
x-amz-id-2: W9QNEEmcpYjo/3AQf5GulbdNQOfoa4QHBiiyH+oWgZMnCiRsU0Wm7uTUITv0ONndZNoeZfNF0qU=

GET
H3-29 200 module_41681847227_CR_-_Malicious_Life_Network_--_Tier_One_Header.min.js Show response
www.cybereason.com/hs-fs/hub/3354902/hub_generated/module_assets/41681847227/1619109182704/ 374 B
1 KB 29ms
29ms Script
application/javascript 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/module_assets/41681847227/1619109182704/module_41681847227_CR_-_Malicious_Life_Network_--_Tier_One_Header.min.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 119bf322a2ce6d2a82422b51404bc54b375c881f12a120205598d1691fa48820

Request headers

:path: /hs-fs/hub/3354902/hub_generated/module_assets/41681847227/1619109182704/module_41681847227_CR_-_Malicious_Life_Network_--_Tier_One_Header.min.js
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1619109182704
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 547c5e28f010be7961f641c3903c0954.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2633
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: FCMZVYCNXG0ZGRX6
cf-request-id: 0a1c0d218c00004bfa5b03a000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Thu, 22 Apr 2021 16:33:03 GMT
server: cloudflare
etag: W/"1d7f81aaf24568ea5d90a82b829960fd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=wSTXCCPk1D1O44ICLXbcrKpH93ZBVz4lJ2ImeEpOQhx8GeGJq8S5pDZZoTC0ZglfLuRhG3K4MrPCebfeGt3RtPy6w6jzgcEFernINw%2Bqd9iYy%2B4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: C.P0pbD1NccRhx0he3pMJ4DTBrrAsMcC
x-amz-cf-pop: IAD89-C1
cf-ray: 650d17af4b414bfa-AMS
x-amz-cf-id: luDXmRcK3J4elZdW1hiOYV88Zm8NL5FwOy830EwnX7RWYCi9yNAMcw==
x-amz-id-2: 2w/YQBoKs9OS3d5fBOmD+GTO+5kXpxpa1cVuYhkZTjOxhz3M50eoV/fc36tuoFT55ZMkiYWF/C4=

GET
H3-29 200 module_41682410610_CR_-_Malicious_Life_Network_--_Main_Hero.min.js Show response
www.cybereason.com/hs-fs/hub/3354902/hub_generated/module_assets/41682410610/1618194602937/ 305 B
1 KB 33ms
32ms Script
application/javascript 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/module_assets/41682410610/1618194602937/module_41682410610_CR_-_Malicious_Life_Network_--_Main_Hero.min.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 66ba9d76c09ad6dd52135d52c368f6d87ac40b5b4ce418e41a105fb221c7e470

Request headers

:path: /hs-fs/hub/3354902/hub_generated/module_assets/41682410610/1618194602937/module_41682410610_CR_-_Malicious_Life_Network_--_Main_Hero.min.js
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1618194602937
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 417c242b19212928b079740e6dd8f54c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2632
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: ERMJHC2RYW1K9CA1
cf-request-id: 0a1c0d21ab00004bfa3521f000000001
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
last-modified: Mon, 12 Apr 2021 02:30:03 GMT
server: cloudflare
etag: W/"86f1ecf1077302d6bd359676a0142438"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Z1fvgwi2KwKTfAIQec5USegE0MUR66obzDLP%2BD01bFBMDrjoustWYxJiwiFUZfsRUQB4Y%2FIC1lgGtFxuuICrFjc75OScArKwqDLmu8iyWZ46AWI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: 04Ptd8a.kuxBPTQD52G.SU7PbmihQEv1
x-amz-cf-pop: IAD89-C1
cf-ray: 650d17af7b854bfa-AMS
x-amz-cf-id: v8zSEyf45NBifSY4hWz2ufAnHHwWt33ZpLZdZjvWnpJZXcIal5NXbQ==
x-amz-id-2: oOwWU/RJMBa2Chx7SXWwrUVfIufV5AcWKi0gR1McFL9Cd+SBxVWxjuvLFwrYly0M7NY3QpQtnFU=

GET
H3-29 200 3354902.js Show response
www.cybereason.com/hs/scriptloader/ 2 KB
1 KB 431ms
429ms Script
application/javascript 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs/scriptloader/3354902.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1d6a4e20897d29f82109c0c241b94c22ced7007288ef6aced4b56640a595eb07

Request headers

:path: /hs/scriptloader/3354902.js
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: EXPIRED
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 4669eee9-1ba9-41fb-b5e3-cad87711be86
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1c0d224800004bfa5c002000000001
server: cloudflare
x-trace: 2BEADBF8B7D6D985F791EC34AFCFD9DC7D52FF111B000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=84YT4kSf%2F2e9lXxDDnDs5p5TnONKxuoFZyYQC%2F5SNFIbonU7CJF%2BeIl%2FOhOkX42JptiPVCRK9Y1nIlZJlbq%2Fp%2Fo%2FAgdogSUEWwXL451Pfa84JkU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 650d17b07d244bfa-AMS
expires: Mon, 17 May 2021 13:12:36 GMT

GET
H3-29 200 animate.min.css
cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/ 70 KB
5 KB 33ms
15ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/34470477360/1621017484848/__CR_Web_Platform_2020/CSS/cr-master__main.min.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/34470477360/1621017484848/__CR_Web_Platform_2020/CSS/cr-master__main.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1611139
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4216
cf-request-id: 0a1c0d222a00002bcedc919000000001
timing-allow-origin: *
last-modified: Mon, 07 Sep 2020 12:33:38 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f5628a2-11846"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YUhc9rl3%2B7HpfnA67R2AkTo9lcrswPGo5rsViVadIDu%2FVVgw2%2BPGxx7iKQOq%2FvRPx4C%2BdiJMPY%2FnQhT22xVo3M3JpwjyBxAxD21cx7F5czW9qzmvUuN8nj6J%2BYAXvHGfmg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 650d17b04fa52bce-FRA
expires: Sat, 07 May 2022 13:11:35 GMT

GET
H2 200 css2
fonts.googleapis.com/ 19 KB
994 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Barlow:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/34470477360/1621017484848/__CR_Web_Platform_2020/CSS/cr-master__main.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6af036a4ec23088a2e702e364d84320dbcd420a0c8c5ef82bac37006554e3ea6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/34470477360/1621017484848/__CR_Web_Platform_2020/CSS/cr-master__main.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 17 May 2021 12:56:41 GMT
server: ESF
date: Mon, 17 May 2021 13:11:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 17 May 2021 13:11:35 GMT

GET
H2 200 css2
fonts.googleapis.com/ 20 KB
989 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Barlow+Condensed:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/34470477360/1621017484848/__CR_Web_Platform_2020/CSS/cr-master__main.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0ea7d23d55fdda4f42a373f9a16ddb9a744c682714a9516dc95e9acdc5b3ce40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/34470477360/1621017484848/__CR_Web_Platform_2020/CSS/cr-master__main.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 17 May 2021 13:11:35 GMT
server: ESF
date: Mon, 17 May 2021 13:11:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 17 May 2021 13:11:35 GMT

GET
H2 200 css2
fonts.googleapis.com/ 41 KB
2 KB 25ms
25ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Barlow:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/34470477360/1621017484848/__CR_Web_Platform_2020/CSS/cr-master__main.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

94f3bedf2806e9a796113d97244f9a7cf07a8b4d312aadd9a26a857c0824b289

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/34470477360/1621017484848/__CR_Web_Platform_2020/CSS/cr-master__main.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 17 May 2021 13:11:35 GMT
server: ESF
date: Mon, 17 May 2021 13:11:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 17 May 2021 13:11:35 GMT

GET
H3-29 200 marker-animation.js
www.cybereason.com/hubfs/dam/plugins/ 6 KB
3 KB 92ms
91ms Other
application/javascript 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hubfs/dam/plugins/marker-animation.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 843803aeba82f94da6f1cbe1f853ccd12f5d7cc6a3afa20923e57e5df60c412d

Request headers

:path: /hubfs/dam/plugins/marker-animation.js
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0a1c0d224800004bfa1b902000000001
content-encoding: br
x-amz-meta-cache-tag: F-36714670113,FD-35651288461,P-3354902,FLS-ALL
age: 1621268
x-amz-server-side-encryption: AES256
edge-cache-tag: F-36714670113,FD-35651288461,P-3354902,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: DRFG7VA8ZJ4SN5DX
etag: W/"c789451d244987df6815383a74c748e9"
vary: Accept-Encoding
x-amz-meta-created-unix-time-millis: 1603818553593
content-type: application/javascript
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 4cc2a0a7eb7d5483edc69be298297f9e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: AMS54-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: mSOQTuvaEn/OV6lDwdS63K31u0htMOQGVAVZ3/BKUD36nSEx3FuuIvzSw5xaJhx1Cd0skG6RIMQ=
last-modified: Tue, 27 Oct 2020 17:09:14 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mF%2BxfQQG1%2FKddw0W0n3wrKa8OgBTuM4fElo%2FTF5k0PsQ9Gl5N2K0nezdvGz3UsMoGCpAUGjU8iGiU%2BkgVU4nf5ToQ0Y3MDv87qgOKjeaZeXi41k%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: sJPPhJRtfwkomYz4StFq0KxvBmQZgdrG
cf-ray: 650d17b07d264bfa-AMS
x-amz-cf-id: HJyfhv5IMPv2mCSEzeo23bZ6QqX1dpadULw_xnWfVcR6i6MXjnk7tA==

GET
H3-29 200 cr-blog-hero-owl-transparent.png
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/ 464 KB
466 KB 48ms
48ms Image
image/webp 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/cr-blog-hero-owl-transparent.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/module_assets/41682410610/1618194603032/module_41682410610_CR_-_Malicious_Life_Network_--_Main_Hero.min.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 51443fc1aa325f301b39d89ffeae8f8a7833ed59491b89419902b32ef30b3b39

Request headers

:path: /hubfs/dam/images/images-web/blog-images/template-images/cr-blog-hero-owl-transparent.png
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.cybereason.com
referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/module_assets/41682410610/1618194603032/module_41682410610_CR_-_Malicious_Life_Network_--_Main_Hero.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/module_assets/41682410610/1618194603032/module_41682410610_CR_-_Malicious_Life_Network_--_Main_Hero.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0a1c0d224e00004bfa75078000000001
x-amz-meta-cache-tag: F-41719333184,FD-41718904629,P-3354902,FLS-ALL
age: 1009994
x-amz-server-side-encryption: AES256
edge-cache-tag: F-41719333184,FD-41718904629,P-3354902,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="cr-blog-hero-owl-transparent.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: YWHZJY2SF3TANKW6
cf-bgj: imgq:85,h2pri
etag: "cd208635457bf65f33aa7c8849efcf21"
vary: Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1613708850431
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 8e4ad5a1f100b749b7a50cd3585f8dd2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: MAN50-C2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=685987
x-cache: Miss from cloudfront
x-amz-meta-index-tag: all
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 475630
x-amz-id-2: +41/vqmYRubBBGxpCkHVeipwLdN31a5v9BziEAKBtzTPMumB4Ai7OMXrOySD0VohMBn9wa2TQao=
last-modified: Fri, 19 Feb 2021 04:27:31 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=AoyxXPLoML1lSO%2BiEWRU1Zd38Zh6z6O%2BoskHpIVt2OXNpcrDEFXnzSIEGBd6Xw%2FRV3ymB83gXca30vQsVeRvVi3EqQp90bg6Hq00KueCDyDyxdo%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: pMBSD6mHHoba7vVAwnZHReLD9ID8b41e
accept-ranges: bytes
cf-ray: 650d17b07d384bfa-AMS
x-amz-cf-id: Eu2q3YarHjRKnwWigqtjfiG2DqLVZp8qTsNfq5ZG714UugelFdxWzw==

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v18/ 14 KB
14 KB 16ms
14ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.cybereason.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 01:50:37 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:22 GMT
server: sffe
age: 559258
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14380
x-xss-protection: 0
expires: Wed, 11 May 2022 01:50:37 GMT

GET
H2 200 mem5YaGs126MiZpBA-UNirkOUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ 15 KB
15 KB 15ms
14ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhp.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1491de1b31182d38593bcf660c99bc6018af8e192d91663f67ec9d045a3b5ccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.cybereason.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 16 May 2021 10:03:38 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:47 GMT
server: sffe
age: 97677
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14880
x-xss-protection: 0
expires: Mon, 16 May 2022 10:03:38 GMT

GET
H3-29 200 ionicons.ttf
www.cybereason.com/hubfs/__dam/fonts/ 184 KB
103 KB 746ms
744ms Font
font/ttf 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hubfs/__dam/fonts/ionicons.ttf
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/35275979682/1600880367101/__CR_Web_Platform_2020/CSS/ionicons.min.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ba7f20b1d8990e17a47fe3d88e4c766628aaa2baf1dd30fca0a0db59836f5f9

Request headers

sec-fetch-mode: cors
origin: https://www.cybereason.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
:path: /hubfs/__dam/fonts/ionicons.ttf
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.cybereason.com
referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/35275979682/1600880367101/__CR_Web_Platform_2020/CSS/ionicons.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.cybereason.com
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/35275979682/1600880367101/__CR_Web_Platform_2020/CSS/ionicons.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0a1c0d225100004bfa0527a000000001
content-encoding: br
x-amz-meta-cache-tag: F-35275624221,FD-35275624214,P-3354902,FLS-ALL
age: 1624247
x-amz-server-side-encryption: AES256
edge-cache-tag: F-35275624221,FD-35275624214,P-3354902,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: NY2J4QR38TETAF6S
etag: W/"24712f6c47821394fba7942fbb52c3b2"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: font/ttf
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
x-amz-meta-created-unix-time-millis: 1600860540619
date: Mon, 17 May 2021 13:11:36 GMT
via: 1.1 1d1fb1f8e5e923ef7208b5a427d25d5d.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: AMS54-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: Ku8ZG8osFJNeEy4rQrtbioJ3nU33qU1r4VfPG7hIMx+XRAhvJ9c+oC1LeS0Rk9wZ0mNFfSWFjV8=
last-modified: Fri, 25 Sep 2020 09:38:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DGTPVG3qkdPEkVWkoJp5aslXaXV4nfBQ2U39kccGSw0RyjPIoEqVTgcDqd%2F65uM629XDaRDPQT%2FOxMC4IcsnJz9xGuUeHowLJRL3he%2FV4YqEy58%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: jxZ9WTKM12FAq58JViQDodht0EN9wNZx
cf-ray: 650d17b08d3e4bfa-AMS
x-amz-cf-id: rxf-jZoFtCEAtiMrpVX_4bEZvcg8TrHrFdf-r82b8jgRHWhAJ3gN1g==

GET
H2 200 7cHqv4kjgoGqM7E3_-gs51os.woff2
fonts.gstatic.com/s/barlow/v5/ 20 KB
20 KB 15ms
13ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v5/7cHqv4kjgoGqM7E3_-gs51os.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf6c1e2f8c250b7efeb5d250181599880b1c17efc3c94466aa5d847454bf14ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.cybereason.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 23:17:18 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:07:49 GMT
server: sffe
age: 482057
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20348
x-xss-protection: 0
expires: Wed, 11 May 2022 23:17:18 GMT

GET
H2 200 7cHqv4kjgoGqM7E30-8s51os.woff2
fonts.gstatic.com/s/barlow/v5/ 21 KB
21 KB 14ms
12ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v5/7cHqv4kjgoGqM7E30-8s51os.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

46710f0509008ad4a31212927e35441764b757d672b2ed4f892ee4e2f0804abb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.cybereason.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 00:43:41 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:05:33 GMT
server: sffe
age: 563274
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21072
x-xss-protection: 0
expires: Wed, 11 May 2022 00:43:41 GMT

GET
H2 200 7cHqv4kjgoGqM7E3t-4s51os.woff2
fonts.gstatic.com/s/barlow/v5/ 21 KB
21 KB 12ms
10ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v5/7cHqv4kjgoGqM7E3t-4s51os.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c52e4274ebdbe29cd5b4983d888c247496b6d3bb55e05d4c0769d1b946d14f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.cybereason.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 15:35:29 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:05:19 GMT
server: sffe
age: 336966
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21080
x-xss-protection: 0
expires: Fri, 13 May 2022 15:35:29 GMT

GET
H2 200 7cHpv4kjgoGqM7E_DMs5.woff2
fonts.gstatic.com/s/barlow/v5/ 20 KB
20 KB 13ms
11ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v5/7cHpv4kjgoGqM7E_DMs5.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

023694a0472dde38c6600bf88e6330765839e53f64f94edb63714aeab3de7e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.cybereason.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 01:14:21 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:04:46 GMT
server: sffe
age: 561434
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20444
x-xss-protection: 0
expires: Wed, 11 May 2022 01:14:21 GMT

GET
H2 200 mem6YaGs126MiZpBA-UFUK0Zdc0.woff2
fonts.gstatic.com/s/opensans/v18/ 13 KB
14 KB 10ms
9ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem6YaGs126MiZpBA-UFUK0Zdc0.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da407a15b1ea0c1b4bb774bd77bb608d6b1c90397b5a75b8895bbccfda5feb63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.cybereason.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 15:44:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:37 GMT
server: sffe
age: 336453
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13780
x-xss-protection: 0
expires: Fri, 13 May 2022 15:44:02 GMT

GET
H2 200 HTx3L3I-JCGChYJ8VI-L6OO_au7B6xHT2g.woff2
fonts.gstatic.com/s/barlowcondensed/v5/ 19 KB
19 KB 18ms
17ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlowcondensed/v5/HTx3L3I-JCGChYJ8VI-L6OO_au7B6xHT2g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow+Condensed:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32387836fb24cb0196a59da5f3fc92cff01d4a88f35aecd7f4d49785179aff88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.cybereason.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 00:32:03 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:04:59 GMT
server: sffe
age: 563972
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19492
x-xss-protection: 0
expires: Wed, 11 May 2022 00:32:03 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ 15 KB
15 KB 17ms
16ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.cybereason.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 20:40:38 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:11:00 GMT
server: sffe
age: 491457
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15056
x-xss-protection: 0
expires: Wed, 11 May 2022 20:40:38 GMT

GET
H3-29 200 image%201.png
www.cybereason.com/hs-fs/hubfs/ 109 KB
110 KB 87ms
85ms Image
image/webp 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image%201.png?width=1474&name=image%201.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d543da407b1d76e7b09ea114f4413de9ad56bc4bb2562e0e0e91d7b6ad7ff618

Request headers

:path: /hs-fs/hubfs/image%201.png?width=1474&name=image%201.png
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0a1c0d227f00004bfa2f3a9000000001
age: 963927
x-amz-server-side-encryption: AES256
edge-cache-tag: F-44205509510,P-3354902,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="image%201.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
cf-bgj: imgq:85,h2pri
etag: "f764c1a539ab1501e76c62cfc0fb0487"
vary: Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1617189557979
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 0fbab52df0695e2a561cd26eb7f9484d.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=145325
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 111744
last-modified: Wed, 31 Mar 2021 11:19:19 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=84yZyuQo3sjw8NNKwQDkeuxgdCV8Z4xwuMSVEX4SbEFG4o1F4Hu0XaVvleev%2BKv7dS923bnyeqcjPED8EcShCuHfBnQIwGgjm3KnlrNAssv3KDg%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 650d17b0cdcd4bfa-AMS
x-amz-cf-id: aDPA8b8ej_gHGRXhY_YJwCUc3Rc6YUedph11E8CxWgY9SULmDYjp7Q==

GET
H3-29 200 image2-1.png
www.cybereason.com/hs-fs/hubfs/ 141 KB
143 KB 101ms
99ms Image
image/webp 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image2-1.png?width=1600&name=image2-1.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 967c68acc84d07a2978411f34456c69766b76cfcb001cc0fc6669f6c9359c6f0

Request headers

:path: /hs-fs/hubfs/image2-1.png?width=1600&name=image2-1.png
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0a1c0d228100004bfa3a879000000001
age: 261526
x-amz-server-side-encryption: AES256
edge-cache-tag: F-44205509561,P-3354902,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="image2-1.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
cf-bgj: imgq:85,h2pri
etag: "c2bfea437d210506ee38f530f4debf2c"
vary: Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1617189622686
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 824fe21e467658628899bdd8725649ee.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=164581
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 144820
last-modified: Wed, 31 Mar 2021 11:20:23 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=pysBPpgnr1akaeYrDi%2BCujXGF5D6ZaiVZuiixkEcXm%2Be8wugF35dJVGhHHNteKMdMdOp%2F1u%2BglV12Co5j6opQaB7Kd4Absb8PZ6xrniQdtfUo0A%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 650d17b0cdd14bfa-AMS
x-amz-cf-id: Gj8qspVAs52O_BCQ2TfMrD5mA_Zpd_djt0bvSArqwdLyQDboHAZ3ZQ==

GET
H3-29 200 cr-malicious-life-network-logo.svg
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/ 23 KB
7 KB 116ms
115ms Other
image/svg+xml 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/cr-malicious-life-network-logo.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 59d91999b3e0f1e6191f29f73b2b079ee1aa1350f3d88795db7518ca40a9be60

Request headers

:path: /hubfs/dam/images/images-web/blog-images/template-images/cr-malicious-life-network-logo.svg
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0a1c0d228000004bfa73a16000000001
content-encoding: br
x-amz-meta-cache-tag: F-41718939860,FD-41718904629,P-3354902,FLS-ALL
age: 1622222
x-amz-server-side-encryption: AES256
edge-cache-tag: F-41718939860,FD-41718904629,P-3354902,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: N49ZCJTWMJDY1554
etag: W/"559d4455bd1fe5c187804bc088e7c79f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
x-amz-meta-created-unix-time-millis: 1613708849844
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 f655cacd0d6f7c5dc935ea687af6f3c0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: AMS54-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: bGRjEwFDRbytJm/X+C+Fa0EeCh1Kq9CHyY4xJffXV9nJav7xLG8b7ZAq7G7JxzIZYf3IHwPOr+g=
last-modified: Fri, 19 Feb 2021 04:27:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=KM4JXSpUKYpLIgAuU%2FptMF2es5gt5WKsQuyjRxa%2FL4jEkmdzJwSvYwtIPDdSE6V0FXN9BRBYDT9cjbxwJWETNmocUiBDshhrmSRf62Vc10TCGsc%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: jV508h77cVNLHNUYKWw1EBxVoCqSOv_T
cf-ray: 650d17b0cdd54bfa-AMS
x-amz-cf-id: T_Hna4PwOf6Sg4ZqCQcSxhDUGeywsSJbzCAIK9LVNJK0qPsnUHYr6Q==

GET
H3-29 200 cr-blog-icon--search-dark-gray.png
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/ 282 B
2 KB 116ms
116ms Other
image/webp 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/cr-blog-icon--search-dark-gray.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 91b667b9d0de69583ee16753496325f38b91e7f77dcb34a5e49bdca3b670002a

Request headers

:path: /hubfs/dam/images/images-web/blog-images/template-images/cr-blog-icon--search-dark-gray.png
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0a1c0d228100004bfa049c8000000001
x-amz-meta-cache-tag: F-42360212094,FD-41718904629,P-3354902,FLS-ALL
age: 1622222
x-amz-server-side-encryption: AES256
edge-cache-tag: F-42360212094,FD-41718904629,P-3354902,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="cr-blog-icon--search-dark-gray.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: 9W6Z6MSKQ0TR0QBS
cf-bgj: imgq:85,h2pri
etag: "5285e68f20ece59da650da19c81751e2"
vary: Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1614741596040
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 4b3bed207ec72204ebc89ae818e573ef.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: AMS54-C1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=583
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 282
x-amz-id-2: Wby+y96zfU+kz+VKJrwml4UYsHjCHwRcarxkRGUH8SM2VSpVy9BieAWvNF1qBNcF9qXuq1jbe9g=
last-modified: Wed, 03 Mar 2021 03:19:57 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HeOE3Hgm2rGKCR0Fy60%2BGFw0jX4yz2MhXsqQDioVfYidXbJD%2BR96MWScjY3fR%2BcC7jBHflcPZcxVlDUAJa%2FlNRgFmErZB7QFHY7JLS2KXW283o8%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: Z9.dvET4DoUMSJH5gPgUuVYnyNsIiNYh
accept-ranges: bytes
cf-ray: 650d17b0cdd64bfa-AMS
x-amz-cf-id: r_DPgL4MLdQ3y_FxK8bCypL6bzs7fGqXBqPZ1NOc07BTozD-KAr0Hw==

GET
H3-29 200 cr-mln-network__footer-subscribe-bg.png
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/ 17 KB
18 KB 98ms
98ms Image
image/webp 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/cr-mln-network__footer-subscribe-bg.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/42760289143/1621016677351/__CR_Web_Platform_2020/CSS/cr-mln__build.min.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 218877f60296297dec8266377083291f36d46f2980c1ff027471904470d14f49

Request headers

:path: /hubfs/dam/images/images-web/blog-images/template-images/cr-mln-network__footer-subscribe-bg.png
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.cybereason.com
referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/42760289143/1621016677351/__CR_Web_Platform_2020/CSS/cr-mln__build.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/hs-fs/hub/3354902/hub_generated/template_assets/42760289143/1621016677351/__CR_Web_Platform_2020/CSS/cr-mln__build.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0a1c0d229200004bfa6a171000000001
x-amz-meta-cache-tag: F-42844750665,FD-41718904629,P-3354902,FLS-ALL
age: 1608074
x-amz-server-side-encryption: AES256
edge-cache-tag: F-42844750665,FD-41718904629,P-3354902,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="cr-mln-network__footer-subscribe-bg.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
x-amz-request-id: 90FGP418QAXMBG64
cf-bgj: imgq:85,h2pri
etag: "c28026bc6a6d55f395e2227b7b19c8c9"
vary: Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1615403417467
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 cc03ea6a31b592e93e84115778cdc495.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: AMS1-C1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=76527
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17430
x-amz-id-2: J819ldxGgIGHIIrNHGcB6ieRnWibep6Gcuh3Fan5GodCuuhKV7XWM1rhFyscaIXtX+WyL0iwmA0=
last-modified: Wed, 10 Mar 2021 19:10:18 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=r54V0KkvwEieCsiAU2xN3KolKeQVjPswwQnlRdNwvB1WC7pmvCOUlf39zQdTzJJwwYhBJHEUEdKhsas4NOUBeFD2%2FaHjFW4nD1yUaZ67paFnvUQ%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: re8UAqBG9Z9r42hnTIwXdZAL52u2VF_w
accept-ranges: bytes
cf-ray: 650d17b0ee084bfa-AMS
x-amz-cf-id: BBwnl7ecE3exZXA-395g0jfEg_NKhYEJzU1CBwjOjrtDQtCxmBlEIg==

GET
H3-29 200 HTxwL3I-JCGChYJ8VI-L6OO_au7B4873z3bWuQ.woff2
fonts.gstatic.com/s/barlowcondensed/v5/ 20 KB
20 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlowcondensed/v5/HTxwL3I-JCGChYJ8VI-L6OO_au7B4873z3bWuQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

604f11b1aa0c94217abb80eb7a5c7de728f9463e4f045fe8a34339f438a50cec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.cybereason.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 16 May 2021 10:04:16 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:03:29 GMT
server: sffe
age: 97639
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20500
x-xss-protection: 0
expires: Mon, 16 May 2022 10:04:16 GMT

GET
H3-29 200 HTxwL3I-JCGChYJ8VI-L6OO_au7B4-Lwz3bWuQ.woff2
fonts.gstatic.com/s/barlowcondensed/v5/ 19 KB
19 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlowcondensed/v5/HTxwL3I-JCGChYJ8VI-L6OO_au7B4-Lwz3bWuQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

979ddb6f0c77e6744b104f96e9d7ab0f8fc56d7f24ab10d853e4e96fa425e9c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.cybereason.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 15:44:43 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:03:43 GMT
server: sffe
age: 336412
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19724
x-xss-protection: 0
expires: Fri, 13 May 2022 15:44:43 GMT

GET
H3-29 200 image%203%20left.png
www.cybereason.com/hs-fs/hubfs/ 51 KB
52 KB 79ms
78ms Image
image/webp 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image%203%20left.png?width=444&name=image%203%20left.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7be87687a970231a3a55b5b9819148f930fe05de09eb1e149723d3bb644938fc

Request headers

:path: /hs-fs/hubfs/image%203%20left.png?width=444&name=image%203%20left.png
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 88b63cb2f8aab28c7291262ffc15282f.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 963912
cf-polished: origFmt=png, origSize=93458
edge-cache-tag: F-44205510965,P-3354902,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="image%203%20left.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 52144
cf-request-id: 0a1c0d22ab00004bfa6f9d8000000001
x-amz-server-side-encryption: AES256
last-modified: Thu, 22 Apr 2021 05:35:25 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "3d7dd4255e152be06c3d2f71baadb49c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9JhObM7cxU3DS2bs0x8SoGCZnym60ZOO3w75G4iJGWagZmUYcxn6O8mkybfOKVgX2%2B3ttQ0G2RDU%2BmxUYNigJPGUOCBqTUcMSMtcMatmQqa7gYU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 650d17b11e534bfa-AMS
x-amz-cf-id: TjFjewiEu8XXrvjjyiYEmOc7EVR-xTVP-7smgs-mZY-85MJYOAz6qg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H3-29 200 image%204%20right.png
www.cybereason.com/hs-fs/hubfs/ 43 KB
45 KB 80ms
80ms Image
image/webp 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image%204%20right.png?width=366&name=image%204%20right.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 51e08a9e2f2c2863811a16408722b042907c797cb952086c4b266926c09ca51c

Request headers

:path: /hs-fs/hubfs/image%204%20right.png?width=366&name=image%204%20right.png
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 b5e757a7da6f6fe6261f56a8a9646881.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 196082
cf-polished: origFmt=png, origSize=80625
edge-cache-tag: F-44205845512,P-3354902,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="image%204%20right.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44536
cf-request-id: 0a1c0d22ac00004bfa02b4c000000001
x-amz-server-side-encryption: AES256
last-modified: Thu, 13 May 2021 20:40:09 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "8ee908caac64aae49f17d47952a4156e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=UIhNMuNT0K4XGsD9hQrevXkrGH9%2BjZcWFIzKH52sQyKdzE3Cfl%2BMuIcGphyI7gYdymPcHPZUfRlq1Bja0QbLf7FTubz9phAXWVx9VEuvoDnPq6I%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
x-amz-cf-pop: IAD89-C1
accept-ranges: bytes
cf-ray: 650d17b11e544bfa-AMS
x-amz-cf-id: jN4gjHnm0QdfcWhSFATpsk9QPtz6fuOkt76aQOFAWUzzZH_3svFbTQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11

GET
H3-29 200 image%205.png
www.cybereason.com/hs-fs/hubfs/ 10 KB
11 KB 92ms
91ms Image
image/webp 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image%205.png?width=641&name=image%205.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 56ea7700033e23b9ed426af694b4149d4bf042a9f74e0272b593ee39a476911f

Request headers

:path: /hs-fs/hubfs/image%205.png?width=641&name=image%205.png
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0a1c0d22ac00004bfa73a1a000000001
age: 963906
x-amz-server-side-encryption: AES256
edge-cache-tag: F-44205846622,P-3354902,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="image%205.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
cf-bgj: imgq:85,h2pri
etag: "1de3328cb3d26615f3a569510e964df7"
vary: Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1617191836027
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 f88487c9214731db4c82619c9183bf7b.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=17637
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10236
last-modified: Wed, 31 Mar 2021 11:57:17 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=yKPUxT%2BrgEmjEJ6b%2FZcpL1eqOJu8H7Y%2FqHrXlWY7U67cI%2BNLced%2B9J2v3hUYC6Lm1zS%2FqpXnUsVnZLHEtjCtXsiO%2BoKwY95GvPYEAr3PZ8QsJLw%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 650d17b11e564bfa-AMS
x-amz-cf-id: 0D8sIU05gq8S5INH0cyD5xJsOmR_b5F701S5vCakf3OBfZZ6iF73Tg==

GET
H2 200 all.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 55ms
15ms Script
application/x-javascript 2a03:2880:f030:13:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f030:13:face:b00c:0:3 , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

74ab92cf214a72564666dfd3a365e21509c47d1a5319fa09f23037633cbbbd86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: kTJYXloVdj4YfKvjZoXK7g==
cross-origin-resource-policy: cross-origin
expires: Mon, 17 May 2021 13:29:40 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1778
x-fb-rlafr: 0
x-fb-debug: 5e6SrWsr3KiAAKWKSm0Bn/jyTmYQ9lXiyPD1wov4tLsb0DdNf//aoO9IiS4clnB/7tnRtwE2TKuNUE5eRt37iA==
x-fb-trip-id: 686109401
x-fb-content-md5: 6b6871dfad051fe8f103ee334be2fda2
date: Mon, 17 May 2021 13:11:35 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "e7b3b1c6124ec13ed290a769f7367b42"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 26ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67A7) /
Resource Hash: a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 13:11:35 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 17:57:32 GMT
Server: ECS (frb/67A7)
Age: 1217
Etag: "9eb59e5602fef4b3ebf6090856ff21db+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 28779

GET
H2 200 l
use.typekit.net/af/343335/00000000000000003b9b0ad0/27/ 16 KB
16 KB 28ms
15ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/343335/00000000000000003b9b0ad0/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 2e96bf761583273e370136ed0b934a38ad1e08b386accb37277252b37b9c9961

Request headers

Origin: https://www.cybereason.com
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:35 GMT
server: nginx
etag: "eedb93b5a9ba82f97df21a2548066c304a8baad8"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 16112

GET
H2 200 l
use.typekit.net/af/4b34d2/00000000000000003b9b0acf/27/ 16 KB
16 KB 29ms
15ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/4b34d2/00000000000000003b9b0acf/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 7219936e6e56b9932b2f1dd06cfff09b655a729bb17d0aa6d757e14184512384

Request headers

Origin: https://www.cybereason.com
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:35 GMT
server: nginx
etag: "2d91046573f0e4458e7737f18f00bb9c13388e11"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 16252

GET
H2 200 l
use.typekit.net/af/cb6232/00000000000000003b9b0ad8/27/ 15 KB
15 KB 40ms
27ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/cb6232/00000000000000003b9b0ad8/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 9607506688417bb09b8d6c29362c2fe29bc1b047b793cccddfce876d927fa57b

Request headers

Origin: https://www.cybereason.com
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:35 GMT
server: nginx
etag: "865da7d2ecc4da3cb6bd5574f01738cfc5c8bb11"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 15448

GET
H2 200 l
use.typekit.net/af/abc1c3/00000000000000003b9b0ac9/27/ 16 KB
16 KB 30ms
17ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/abc1c3/00000000000000003b9b0ac9/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 359197d1e7ab63fe678db88914f31f1f9f6a37bd182e0de565fc7a68302a1f50

Request headers

Origin: https://www.cybereason.com
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:35 GMT
server: nginx
etag: "8c3ee2b4e977df4e0f73e1b985c24fba9611fc49"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 16652

GET
H2 200 l
use.typekit.net/af/62203f/00000000000000003b9b0ac8/27/ 17 KB
17 KB 25ms
12ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/62203f/00000000000000003b9b0ac8/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i7&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 66b4fac9494bbeda177f4637fa3e7423fc8ef54b11a6875e68cdf3e472293b2a

Request headers

Origin: https://www.cybereason.com
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:35 GMT
server: nginx
etag: "7b5be73a29b093f7ae3c099f5a521c9274f6db28"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 17148

GET
H2 200 l
use.typekit.net/af/19a2f0/00000000000000003b9b0ac7/27/ 16 KB
16 KB 31ms
18ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/19a2f0/00000000000000003b9b0ac7/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 97829f8a6f2a471117ed06d0b06a81d543b091a262192369c531380779148c5c

Request headers

Origin: https://www.cybereason.com
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:35 GMT
server: nginx
etag: "b9e1ecdf0fe601a7e9dfc362b400290203e7b31c"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 16456

GET
H2 200 l
use.typekit.net/af/cfbead/0000000000000000000146b3/27/ 23 KB
23 KB 30ms
18ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/cfbead/0000000000000000000146b3/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 365a7ca6f52df29efedfdac2e08a9d0f03e4e2122dd9a49803bf8dacd58480fc

Request headers

Origin: https://www.cybereason.com
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:35 GMT
server: nginx
etag: "122498e3424e674610da39fb441d661549879239"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 23248

GET
H2 200 l
use.typekit.net/af/f50d41/00000000000000003b9b2c84/27/ 15 KB
15 KB 36ms
23ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/f50d41/00000000000000003b9b2c84/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 765097740b7490e6ab6a2d8624199ab7b147e8c6cec064b6cce257750fdb1985

Request headers

Origin: https://www.cybereason.com
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:35 GMT
server: nginx
etag: "13c2813ff67959226aaa4eccfcdd1399bd756b8d"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 15336

GET
H3-29 200 image%206.png
www.cybereason.com/hs-fs/hubfs/ 22 KB
24 KB 51ms
50ms Image
image/webp 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image%206.png?width=811&name=image%206.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d0d6d775569ee98335559a58a0bbe9a98bc8d5cbfd6267a151cf69901db17520

Request headers

:path: /hs-fs/hubfs/image%206.png?width=811&name=image%206.png
pragma: no-cache
cookie: __cfruid=b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-request-id: 0a1c0d22d000004bfa48a18000000001
age: 283423
x-amz-server-side-encryption: AES256
edge-cache-tag: F-44206324153,P-3354902,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="image%206.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 11
cf-bgj: imgq:85,h2pri
etag: "bb5c1c8db69c1f9b1774edfa4d5e9a55"
vary: Accept, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1617191890920
content-type: image/webp
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 11
date: Mon, 17 May 2021 13:11:35 GMT
via: 1.1 f2c051917a765f1d1a1cd2ce1622adb9.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=49352
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: all
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 22998
last-modified: Wed, 31 Mar 2021 11:58:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3giTPZ%2B4myM6YE7LNhkIDQjJbb3s7atYTFEkrH%2FmxhHtSja%2FIU6HmMmRJBlgigvcFZEyhq0NJDuMe8Qwd3fSfCAqjhbOXQmWn5Vd88p9FR5StSM%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 650d17b14ecb4bfa-AMS
x-amz-cf-id: ZqWR7XhrT5wLJMjSCVhaq7GbZYQQqGRJcbqBMUt59w_NUKyjEt5lsw==

GET
H2 200 p.gif
p.typekit.net/ 35 B
214 B 24ms
7ms Image
image/gif 2a02:26f0:6c00:28d::19fd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.typekit.net/p.gif?s=1&k=vyv2ljd&ht=tk&h=www.cybereason.com&f=32224.32226.32227.32228.32230.32231.10875.32265&a=657783&js=1.20.0&app=typekit&e=js&_=1621257095990
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28d::19fd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
last-modified: Wed, 02 Sep 2020 03:58:21 GMT
server: nginx
etag: "5f4f185d-23"
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 35

GET
H2 200 popover.js Show response
fast.wistia.com/assets/external/ 200 KB
41 KB 8ms
8ms Script
application/javascript 2a04:4e42:1b::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/popover.js

Requested by

Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

552cfd1e6d14c5ab2dacb1cda4c96439986da44df239609f8f87a36f75e5d2cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:35 GMT
content-encoding: br
vary: Accept-Encoding
age: 1802
x-cache: HIT, HIT
content-length: 41965
x-served-by: cache-dca17753-DCA, cache-hhn4060-HHN
access-control-allow-origin: *
x-browser-version: 89
last-modified: Mon, 17 May 2021 12:32:47 GMT
x-timer: S1621257096.997253,VS0,VE0
etag: "60a2626f-a3ed"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 131

GET
H2 200 wistia-mux.js Show response
fast.wistia.com/assets/external/ 94 KB
25 KB 7ms
6ms Script
application/javascript 2a04:4e42:1b::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/wistia-mux.js

Requested by

Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

fa9340e938066079ceffed496d98404186fa88e974b1a4c9a6ae1a40882cc251

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:35 GMT
content-encoding: br
vary: Accept-Encoding
age: 1801
x-cache: HIT, HIT
content-length: 25053
x-served-by: cache-dca17733-DCA, cache-hhn4060-HHN
access-control-allow-origin: *
x-browser-version: 89
last-modified: Mon, 17 May 2021 12:32:47 GMT
x-timer: S1621257096.997330,VS0,VE0
etag: "60a2626f-61dd"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 14, 280

GET
H/1.1 200
OK widget_iframe.06c6ee58c3810956b7509218508c7b56.html Show response
platform.twitter.com/widgets/ Frame 89A6 319 KB
103 KB 7ms
7ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fwww.cybereason.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/674C) /
Resource Hash: 5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 286752
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Mon, 17 May 2021 13:11:36 GMT
Etag: "dab7ee9ff99366614e06e117bab5e542+gzip"
Last-Modified: Wed, 28 Apr 2021 17:56:54 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/674C)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105298

GET
H3-29 200 all.js Show response
connect.facebook.net/en_GB/ 213 KB
63 KB 35ms
16ms Script
application/x-javascript 2a03:2880:f030:13:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js?hash=8a5dcb8ed671a1705c0fef7f59e08e60&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f030:13:face:b00c:0:3 , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

fd7dea585947dc1d0d57dfabad162c4879034140dea139820b12136d06600f88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://www.cybereason.com
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 2Fy2bvR3Gxq5si0S91qjzg==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 64669
x-fb-rlafr: 0
x-fb-debug: TaLzXMKFvJrDHitcQ7Jnacl68tU8csmwi65m5+hLtTv2ZuFPFyxAy6RUG0458wD5rBd54ymy8gqVUbpwYoZTSQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 230fe9d5f80e08e56e432abd4f7b0d40
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 17 May 2021 13:11:36 GMT
vary: Accept-Encoding
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "d42a84c415dc4a40389b2287d09214d0"
timing-allow-origin: *
priority: u=3,i
expires: Tue, 17 May 2022 12:42:48 GMT

GET
H2 200 186xxdwuxz.json Show response
fast.wistia.com/embed/medias/ 5 KB
2 KB 7ms
6ms Script
text/javascript 2a04:4e42:1b::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/embed/medias/186xxdwuxz.json?callback=wistiajson1

Requested by

Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

862bf0e8ce5a7ad35858e77e2c4d67ebd10617aee62a6e075f06c7d4f60e9167

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
x-player-privacy-mode: 1
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
age: 77818
x-cache: HIT, HIT
p3p: CP="CURi ADMa DEVa IVAa IVDa CONi OUR IND DSP CAO COR"
content-encoding: br
vary: Accept-Encoding,X-Forwarded-Proto,X-ECMA-Override
content-length: 1642
x-request-id: faafdca81fb6069104c75f4175dc0458
x-served-by: cache-dca17735-DCA, cache-hhn4060-HHN
x-runtime: 0.045243
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
x-timer: S1621257096.086838,VS0,VE1
etag: W/"862bf0e8ce5a7ad35858e77e2c4d67eb"
x-download-options: noopen
strict-transport-security: max-age=0
content-type: text/javascript; charset=utf-8
via: 1.1 varnish (Varnish/6.0), 1.1 varnish, 1.1 varnish
cache-control: public, no-cache
x-browser: chrome
x-browser-version: 89
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 1

GET
DATA 200
OK truncated
/ 2 KB
2 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fe2d7250cc0730dc655721c5fa4bf5236dcabdf57f8593e8fe2096a42c0c8baf

Request headers

Origin: https://www.cybereason.com
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H/1.1 200
OK d2a8a31e9bef1aef8a5805a02ef3a7d5.webp
embedwistia-a.akamaihd.net/deliveries/ 209 KB
209 KB 85ms
39ms Image
image/webp 2.16.186.18
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embedwistia-a.akamaihd.net/deliveries/d2a8a31e9bef1aef8a5805a02ef3a7d5.webp?image_crop_resized=1920x1080
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.186.18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-18.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6fca2c5e5aaab1d7892626750f40235ca3a66b8a12cdf6a45a28d6238bd87678

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 13:11:36 GMT
Access-Control-Request-Method: *
surrogate-key: d2a8a31e9bef1aef8a5805a02ef3a7d5 thumbnail-delivery
Last-Modified: Sat, 27 Mar 2021 15:24:41 UTC
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Content-Type: image/webp
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Origin, Content-Type, Accept, Server, x-amz-version-id, X-Cache
Cache-Control: max-age=31145373
content-disposition: inline
Connection: keep-alive
Accept-Ranges: none
Content-Length: 213504

GET
H/1.1 200
OK d2a8a31e9bef1aef8a5805a02ef3a7d5.webp
embedwistia-a.akamaihd.net/deliveries/ 64 KB
65 KB 76ms
33ms Image
image/webp 2.16.186.18
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embedwistia-a.akamaihd.net/deliveries/d2a8a31e9bef1aef8a5805a02ef3a7d5.webp?image_crop_resized=960x540
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2.16.186.18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-18.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: db18af414c43d80f36f78ccb870bf63a43b25ea7f6939cdad7cc2e1104e36606

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 13:11:36 GMT
Access-Control-Request-Method: *
surrogate-key: d2a8a31e9bef1aef8a5805a02ef3a7d5 thumbnail-delivery
Last-Modified: Sat, 27 Mar 2021 15:24:41 UTC
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Content-Type: image/webp
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Origin, Content-Type, Accept, Server, x-amz-version-id, X-Cache
Cache-Control: max-age=31159879
content-disposition: inline
Connection: keep-alive
Accept-Ranges: none
Content-Length: 65720

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 89A6 256 B
442 B 178ms
132ms Fetch
application/json 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=2482558fc2e1aacbb1e23b50e87570c478e6f751

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fwww.cybereason.com

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

c9815821ab1442501b9e9bae3d4bc5730315d6a513c8b40141b2d47b76da1916

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:35 GMT
content-encoding: gzip
last-modified: Mon, 17 May 2021 13:11:36 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: c9e86faa573eebe3d94648394cca4f08270b4393d70330fe885b1b16376dcf10
content-length: 176

GET
DATA 200
OK truncated
/ 399 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f874143c548c59fd077637bb1196b9de15884981241c9583026db1a027ef54da

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 471 KB
79 KB 34ms
33ms Script
application/javascript 2606:4700::6811:e7cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsleadflows.net/leadflows.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs/scriptloader/3354902.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:e7cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 10e5ad8f6aab7933888e789f5b9eed29f6064a9a256fe35c384c8da0b648d3dc

Request headers

Origin: https://www.cybereason.com
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
via: 1.1 077b94dab77b8114aebf503be197d7d9.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 83136
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=lead-flows-js/static-1.1019/bundle/main/lead-flows-release.js&cfRay=65052a028c334ece-IAD
x-cache: Hit from cloudfront
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 0a1c0d240200000ea74623f000000001
cf-ray: 650d17b33a460ea7-FRA
last-modified: Mon, 10 May 2021 01:50:02 UTC
server: cloudflare
etag: W/"a0422ceeab86db6e0c81719033b4bab7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: vzNq8gdJKWGHBPoJ4NIykDa1nlgXs_sz
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=0
x-hs-cache-status: MISS
x-amz-cf-pop: IAD89-C3
content-type: application/javascript; charset=utf-8
x-amz-cf-id: iZGjkHZ1tFh6cqttJp5mGb4Fd_P7MWe-OA82zgd8TEoZLgJ1dXxMUw==
x-hs-target-asset: lead-flows-js/static-1.1019/bundle/main/lead-flows-release.js

GET
H2 200 3354902.js Show response
js.hs-banner.com/ 60 KB
14 KB 19ms
17ms Script
text/javascript 2606:4700::6812:15bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/3354902.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs/scriptloader/3354902.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:15bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a70b9e0f0da1cfd0bc3c3dabc64e98e7a759cbcd12a82cd582b1ff53922da71d

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
content-encoding: br
cf-cache-status: HIT
age: 120
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-request-id: R0XM9RHY9CC8CC19
x-amz-id-2: FESsI1cE8yvUaMDX8C/ePx0QRX5Ih8jxzqY28K8Y7N/E29Ro7x8GVPVVmBxndVWdd60Yp6eH20g=
timing-allow-origin: *
last-modified: Wed, 12 May 2021 19:16:02 GMT
server: cloudflare
etag: W/"c60afe6193d6b62470fd0dd0f76dbe78"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: BIjIB31wJxCzPWIB5AX4K87gEik2el7n
access-control-allow-origin: https://www.cybereason.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-request-id: 0a1c0d2402000005fdfa83c000000001
cf-ray: 650d17b339f205fd-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Mon, 17 May 2021 13:14:36 GMT

GET
H2 200 3354902.js Show response
js.hs-analytics.net/analytics/1621257000000/ 63 KB
19 KB 20ms
19ms Script
text/javascript 2606:4700::6811:44b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1621257000000/3354902.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs/scriptloader/3354902.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:44b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87c950d2f6280e424541ed091a19d486456637ab7ae5ec002384789c6a2d22a7

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
content-encoding: br
cf-cache-status: HIT
age: 12
x-amz-server-side-encryption: AES256
x-amz-request-id: XG66X1YH1P73V348
x-amz-id-2: OrOlcz/w3Ou7NtdihpsW3fYT0v9IFT+QvM2MSdNOEMHLKI+Ux5abx74v/6L3JCNe5WZ/MN629Jg=
last-modified: Wed, 12 May 2021 19:22:05 GMT
server: cloudflare
etag: W/"847c44da0c08099c02c1f3a38ef873ca"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=300, public
access-control-allow-credentials: false
x-amz-version-id: null
cf-request-id: 0a1c0d240100002c3e88336000000001
cf-ray: 650d17b33f392c3e-FRA
expires: Mon, 17 May 2021 13:16:24 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 5 KB
3 KB 60ms
38ms Script
application/javascript 2606:4700::6811:72b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsadspixel.net/fb.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs/scriptloader/3354902.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:72b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7ed0b55ae115363eb49a77c71032bcd46a7f42ab12c27bcca26e5847c871b9f

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
via: 1.1 c889e9448c63bb4bf9dd41fcb2250e09.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 529
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.235/bundles/pixels-release.js&cfRay=650d0ac7bedc4dee-IAD
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 0a1c0d24170000323c41908000000001
last-modified: Wed, 05 May 2021 12:43:50 UTC
server: cloudflare
etag: W/"d8e92fe4a864a0a96b931e530047d2ef"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: _MNjmjg4X_dKZMa.KN00kh8VXPPuifCK
cache-control: max-age=600
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-C3
cf-ray: 650d17b35b99323c-FRA
x-amz-cf-id: PtZT08Hx_CgeTd_EILpFajIaH0e46Tppzsl4FBGRY5P3fGVtXWcPrQ==
x-hs-target-asset: adsscriptloaderstatic/static-1.235/bundles/pixels-release.js

GET
H2 200 playPauseLoadingControl.js Show response
fast.wistia.com/assets/external/ 63 KB
13 KB 9ms
9ms Script
application/javascript 2a04:4e42:1b::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/playPauseLoadingControl.js

Requested by

Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d95eb4ff52eaf6ab7e098c22b6e88c124afb0648a61b55d583e7868b1955c9c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
content-encoding: br
vary: Accept-Encoding
age: 1802
x-cache: HIT, HIT
content-length: 13179
x-served-by: cache-dca17737-DCA, cache-hhn4060-HHN
access-control-allow-origin: *
x-browser-version: 89
last-modified: Mon, 17 May 2021 12:32:47 GMT
x-timer: S1621257097.512233,VS0,VE0
etag: "60a2626f-337b"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 442

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 6100
date: Mon, 17 May 2021 11:29:56 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Mon, 17 May 2021 13:29:56 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 298 KB
61 KB 38ms
38ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0d48b1c1e713dedd809ea1e17c9d667ae36bec85435e457e4141de2c68fb134f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61966
x-xss-protection: 0
last-modified: Mon, 17 May 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 17 May 2021 13:11:36 GMT

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixel/ 65 B
923 B 198ms
176ms XHR
application/json 2606:4700::6811:c9cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixel/json?portalId=3354902

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:c9cc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08d2b7ceec0a988f4ec3ef01f1c2678dadcdbae061a31962f766ff81cbd5df1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 214b0dec-4e1d-4663-ab09-133ad7eb62bf
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1c0d25620000d6fd6406d000000001
server: cloudflare
x-trace: 2B15065AC815B6F99C6D20609909DCC5F56E3E3DBD000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=l5iMeS8kC6YmrceZn3w%2FiBcA0tIrmw9QPRUxbRzk8hZdijlL3FOSIu10icY%2BK7hos5l%2BYoUp6cgwwr1GWVLzYSuKNRKn80qXIiB4BDl2s5JMg%2Bfxb53tB2p9BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.cybereason.com
access-control-allow-credentials: false
cf-ray: 650d17b55f8bd6fd-FRA
access-control-allow-headers: *

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
391 B 62ms
61ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=3354902&pi=44194973264&ct=blog-post&ccu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&cpi=44194973264&cgi=5272851739&lpi=44194973264&lvi=44194973264&lvc=en&pu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&t=Cybereason+vs.+DarkSide+Ransomware&cts=1621257096520&vi=e0deab6fbbbdd41c995ce284112a31d7&nc=true&u=85683782.e0deab6fbbbdd41c995ce284112a31d7.1621257096518.1621257096518.1621257096518.1&b=85683782.1.1621257096518&pt=0&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 244700cb-cfaf-456b-acb4-3b4da91aa678
cf-ray: 650d17b54b1b9772-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
cf-request-id: 0a1c0d25490000977208808000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2F0Ex5tTYP%2BcNvoeo26CbVSZlii3uQIIElTIRfWz6AsBqgiN0qF2HUxaZ8jwlwDStgYLu9j%2FoR9bXDqUdc%2BgK9EkcKSfr9uv%2FK573gaGWQyJOT07j3ZiE%2BsmOekcXHw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 hls_video.js Show response
fast.wistia.com/assets/external/engines/ 294 KB
66 KB 11ms
11ms Script
application/javascript 2a04:4e42:1b::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/engines/hls_video.js

Requested by

Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

03a4a2fb4e6a07345b252ee66651bd11f6f1f2748fa934067fd02fff4aa26f05

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
content-encoding: br
vary: Accept-Encoding
age: 1802
x-cache: HIT, HIT
content-length: 67614
x-served-by: cache-dca17767-DCA, cache-hhn4060-HHN
access-control-allow-origin: *
x-browser-version: 89
last-modified: Mon, 17 May 2021 12:32:47 GMT
x-timer: S1621257097.527811,VS0,VE0
etag: "60a2626f-1081e"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 349

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 14ms
13ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1125818919&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&ul=en-us&de=UTF-8&dt=Cybereason%20vs.%20DarkSide%20Ransomware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1325102504&gjid=1728026837&cid=98923819.1621257097&tid=UA-56367941-1&_gid=1429539086.1621257097&_r=1&_slc=1&z=2074197642

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 17 May 2021 13:11:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cybereason.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 167 B
499 B 146ms
146ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=3354902&utk=e0deab6fbbbdd41c995ce284112a31d7&__hstc=85683782.e0deab6fbbbdd41c995ce284112a31d7.1621257096518.1621257096518.1621257096518.1&__hssc=85683782.1.1621257096518&contentId=44194973264&currentUrl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d70bbc33b9ab5904f074e79e55138f94a77f10356984d870b89654a0dac6643

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 557539fc-a527-49fc-9472-f6118e0ae564
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a1c0d25720000c2b870304000000001
x-robots-tag: none
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=F02M7eLWLRt56%2BjjiOBzmnRP1apadMWl830VXPaEyECWOVHN67gdc8sJsUMFeJjLkiGn85mMFbpwb3aCmVp38Zyjp2r640f%2BonCHJ1wmfRsxW%2BWdC1%2BbH6i2Oc45PQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.cybereason.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
cf-ray: 650d17b58b33c2b8-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent

GET
H2 200 blank.gif
fast.wistia.com/assets/images/ 1 KB
2 KB 20ms
6ms Image
image/gif 2a04:4e42:1b::622
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fast.wistia.com/assets/images/blank.gif

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a78759ea185fd0fa42ca9be1fc5bca4d3167a2836dc6c85e479a19dbf57fe2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Origin: https://www.cybereason.com
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
age: 1802
x-cache: HIT, HIT
x-cache-hits: 1, 364
content-length: 1214
x-served-by: cache-dca17735-DCA, cache-hhn4029-HHN
x-browser-version: 89
last-modified: Mon, 17 May 2021 12:38:13 GMT
x-timer: S1621257097.606469,VS0,VE0
etag: "60a263b5-4be"
strict-transport-security: max-age=0
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=315360000, public
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 31 Dec 2037 23:55:55 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
90 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-56367941-1&cid=98923819.1621257097&jid=1325102504&gjid=1728026837&_gid=1429539086.1621257097&_u=IEBAAEAAAAAAAC~&z=1415115000

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 17 May 2021 13:11:36 GMT
content-type: text/plain
access-control-allow-origin: https://www.cybereason.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 29ms
29ms Image
image/gif 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-56367941-1&cid=98923819.1621257097&jid=1325102504&_u=IEBAAEAAAAAAAC~&z=530879834

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 13:11:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 36ms
36ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-56367941-1&cid=98923819.1621257097&jid=1325102504&_u=IEBAAEAAAAAAAC~&z=530879834

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 13:11:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 153 KB
56 KB 31ms
30ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-SSF38JVRVJ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

73e947e87bcf63ef807fc988abf6e214b0d184319cbec8fc764f77e4d94d34fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57344
x-xss-protection: 0
expires: Mon, 17 May 2021 13:11:36 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 36 KB
14 KB 86ms
33ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

997f5bfb9f0c74974ec265633b71dd76c5f0224611dd26775db3cc823ec24947

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14057
x-xss-protection: 0
server: cafe
etag: 15306424688967737279
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 17 May 2021 13:11:36 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 6ms
6ms Script
application/x-javascript 2a02:26f0:6c00:295::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:295::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 13:11:36 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 22:14:03 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=40104
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1855

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 71ms
23ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
via: 1.1 varnish
last-modified: Fri, 04 Dec 2020 00:21:46 GMT
age: 44396
etag: "cbc512946c8abb461c6215ed5b454e5f+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding: gzip
cache-control: no-cache
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 1957
x-timer: S1621257097.686416,VS0,VE0
x-served-by: cache-hhn11539-HHN

GET
H2 200 bat.js Show response
bat.bing.com/ 30 KB
9 KB 29ms
29ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 3183481f09352eade87e53d32ac3c1f6ab5b853e2b5bde4035834680b53d9299

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
content-encoding: gzip
last-modified: Tue, 13 Apr 2021 17:21:02 GMT
x-msedge-ref: Ref A: 8D735257FD664A0594920C045E9970A3 Ref B: FRAEDGE1420 Ref C: 2021-05-17T13:11:36Z
etag: "0d398608930d71:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 8910

GET
H3-29

200

activityi;dc_pre=CLnw16rl0PACFU8QBgAdN6EO8g;src=10272547;type=landing;cat=allsite;ord=8891239052184;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereaso... Show response
10272547.fls.doubleclick.net/ Frame 25DC
Redirect Chain

https://10272547.fls.doubleclick.net/activityi;src=10272547;type=landing;cat=allsite;ord=8891239052184;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybere...
https://10272547.fls.doubleclick.net/activityi;dc_pre=CLnw16rl0PACFU8QBgAdN6EO8g;src=10272547;type=landing;cat=allsite;ord=8891239052184;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2F...

526 B
432 B

34ms
33ms

Document
text/html

172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10272547.fls.doubleclick.net/activityi;dc_pre=CLnw16rl0PACFU8QBgAdN6EO8g;src=10272547;type=landing;cat=allsite;ord=8891239052184;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f6.1e100.net

Software

cafe /

Resource Hash

7231e9fb31e352b246e216a5bf286cdab02911984f87133b6a8fe0b90de0bd1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 10272547.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CLnw16rl0PACFU8QBgAdN6EO8g;src=10272547;type=landing;cat=allsite;ord=8891239052184;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 17 May 2021 13:11:36 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 407
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 17-May-2021 13:26:36 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 17 May 2021 13:11:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://10272547.fls.doubleclick.net/activityi;dc_pre=CLnw16rl0PACFU8QBgAdN6EO8g;src=10272547;type=landing;cat=allsite;ord=8891239052184;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 hotjar-704918.js Show response
static.hotjar.com/c/ 4 KB
2 KB 144ms
53ms Script
application/javascript 13.224.95.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-704918.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.99 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-99.zrh50.r.cloudfront.net

Software

Resource Hash

bc18843ac29270ed6a2507533256ac4c2c1ee8205a7cdcfec211b2a4aa9fa170

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:28 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 8
etag: W/536621a939496eff4f2532b9e8bd5de1
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: ZRH50-C1
content-length: 1739
via: 1.1 af287426c130b47dba79bf825f91ebbb.cloudfront.net (CloudFront)
x-amz-cf-id: oQyakGtPuA1UYkg-D07UaA_VAtKRoLHDmnttgHJGF-GEQqBEHCEH0Q==

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 20 KB
7 KB 73ms
22ms Script
application/javascript 151.101.113.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.140 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 38c9e8d2dfaf439f732463b5ae80c7d5da32bd8594172a56041794f080b2a3bc

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
via: 1.1 varnish, 1.1 varnish
last-modified: Thu, 01 Apr 2021 21:20:31 GMT
server: snooserv
etag: "f130bbfe131c22854e51f461d761041d"
vary: Accept-Encoding,Origin
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-encoding: gzip
content-length: 6670

GET
H3-29

200

activityi;dc_pre=CNHO2Krl0PACFegHBgAdMHMJ9A;src=10428681;type=cyber0;cat=cyber0;ord=6416287869040;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-... Show response
10428681.fls.doubleclick.net/ Frame A999
Redirect Chain

https://10428681.fls.doubleclick.net/activityi;src=10428681;type=cyber0;cat=cyber0;ord=6416287869040;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereas...
https://10428681.fls.doubleclick.net/activityi;dc_pre=CNHO2Krl0PACFegHBgAdMHMJ9A;src=10428681;type=cyber0;cat=cyber0;ord=6416287869040;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fww...

524 B
426 B

62ms
60ms

Document
text/html

172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10428681.fls.doubleclick.net/activityi;dc_pre=CNHO2Krl0PACFegHBgAdMHMJ9A;src=10428681;type=cyber0;cat=cyber0;ord=6416287869040;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f6.1e100.net

Software

cafe /

Resource Hash

331832c691138d758bba20d45ceb85f21f13a56d027211690a837b1cd7024350

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 10428681.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CNHO2Krl0PACFegHBgAdMHMJ9A;src=10428681;type=cyber0;cat=cyber0;ord=6416287869040;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 17 May 2021 13:11:36 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 401
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 17-May-2021 13:26:36 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 17 May 2021 13:11:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://10428681.fls.doubleclick.net/activityi;dc_pre=CNHO2Krl0PACFegHBgAdMHMJ9A;src=10428681;type=cyber0;cat=cyber0;ord=6416287869040;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

activityi;dc_pre=COf32qrl0PACFewbBgAddGgJdA;src=10272547;type=landing;cat=darkblog;ord=4207548206808;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereas... Show response
10272547.fls.doubleclick.net/ Frame 62EF
Redirect Chain

https://10272547.fls.doubleclick.net/activityi;src=10272547;type=landing;cat=darkblog;ord=4207548206808;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcyber...
https://10272547.fls.doubleclick.net/activityi;dc_pre=COf32qrl0PACFewbBgAddGgJdA;src=10272547;type=landing;cat=darkblog;ord=4207548206808;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2...

438 B
376 B

41ms
41ms

Document
text/html

172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10272547.fls.doubleclick.net/activityi;dc_pre=COf32qrl0PACFewbBgAddGgJdA;src=10272547;type=landing;cat=darkblog;ord=4207548206808;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f6.1e100.net

Software

cafe /

Resource Hash

924f2664d9400c7519001de6e2d34d9b5fbf341b19af8e450fd2902ad3531d8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 10272547.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=COf32qrl0PACFewbBgAddGgJdA;src=10272547;type=landing;cat=darkblog;ord=4207548206808;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 17 May 2021 13:11:36 GMT
expires: Mon, 17 May 2021 13:11:36 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 351
x-xss-protection: 0
set-cookie: IDE=AHWqTUmqlsB7uliwqHkFcNzmhBkwIitKdQROn3QwHKfLxU4SnSg-tHEg5ZUUKPvz16E; expires=Sat, 11-Jun-2022 13:11:36 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 17 May 2021 13:11:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://10272547.fls.doubleclick.net/activityi;dc_pre=COf32qrl0PACFewbBgAddGgJdA;src=10272547;type=landing;cat=darkblog;ord=4207548206808;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 fbevents.js Show response
connect.facebook.net/en_US/ 92 KB
23 KB 19ms
18ms Script
application/x-javascript 2a03:2880:f030:13:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f030:13:face:b00c:0:3 , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a517525b8a7d39bcaf1cf5f9695c5be8fce7a6b920a3924c1a4f70e8ea748c05

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23959
x-fb-rlafr: 0
pragma: public
x-fb-debug: 3aCoek1e1/QtwoTCzOlwX2cyNW1BaNE4FJ9yVynWqMoxN8rxmf3cWwPqlmkBBuZZ4sHxgyqkltiUWbwL4eHlUg==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 17 May 2021 13:11:36 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 1cwYCUDAYD26hHzYzki9 Show response
ws.zoominfo.com/pixel/ 0
611 B 267ms
244ms Script
text/javascript 2606:4700::6810:650c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/1cwYCUDAYD26hHzYzki9

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 650d17b65edf2b59-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
content-length: 0
cf-request-id: 0a1c0d25f400002b5950321000000001

GET
H2 200 3354902.js Show response
js.hs-scripts.com/ 2 KB
700 B 16ms
13ms Script
application/javascript 2606:4700::6811:d6cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/3354902.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:d6cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cc1a36b2bb4a5f1534cfc063216a1300751f84cb6ffd6ad872f42785cf1de51d

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 8
cf-polished: origSize=2004
cf-request-id: 0a1c0d25df00002b3512059000000001
x-hubspot-correlation-id: ada0b9a3-530b-4e23-be46-ca7996101b88
cf-bgj: minify
server: cloudflare
x-trace: 2BD2E04351CB183176DFFF735055D57F9AEE698866000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.cybereason.com
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 650d17b63b0c2b35-FRA
expires: Mon, 17 May 2021 13:12:36 GMT

GET
H/1.1 200
OK tracking.js Show response
trk.techtarget.com/ 4 KB
2 KB 82ms
27ms Script
text/javascript 163.171.128.148
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.148 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 13:11:36 GMT
Content-Encoding: gzip
Last-Modified: Fri, 21 Jun 2019 20:11:17 GMT
Server: PWS/8.3.1.0.8
Age: 562
X-Ws-Request-Id: 60a26b88_PSdgflkfFRA1bc9_26463-6544
Content-Type: text/javascript
Via: 1.1 PSmgnyNY2no188:0 (W), 1.1 PSdgflkfFRA1hb199:0 (W), 1.1 PSdgflkfFRA1eq94:13 (W)
Cache-Control: max-age=600
X-Px: ht PSdgflkfFRA1eq94FRA
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1711
Expires: Mon, 17 May 2021 13:12:14 GMT

GET
H2 200 ping.min.js Show response
cdn.pdst.fm/ 26 KB
6 KB 54ms
17ms Script
application/javascript 35.244.142.80
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pdst.fm/ping.min.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.142.80 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 80.142.244.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 651bb26936af19984c786a0f494947ef827d782e88fe26dbc3b80970c0fa61fc

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 12:26:36 GMT
content-encoding: gzip
age: 2700
x-guploader-uploadid: ABg5-UzyuEqKbSLibZaq5K9Vs2t4KRVvrWabqHszlvkfu5tuRrElX_Eqo_JEaxdB_ye0s_Cm3Vw8JWHpuckZEtYIyZ8
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 5768
last-modified: Thu, 28 Jan 2021 01:58:32 GMT
server: UploadServer
etag: "a7fbcd01c958e894a82f35084a94bd0a"
vary: Accept-Encoding
x-goog-hash: crc32c=MwlZnw==, md5=p/vNAclY6JSoLzUISpS9Cg==
x-goog-generation: 1611799112374780
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 5768
accept-ranges: bytes
content-type: application/javascript;
expires: Mon, 17 May 2021 13:26:36 GMT

GET
H2 200 up.js Show response
up.pixel.ad/assets/ 2 KB
1 KB 119ms
33ms Script
application/javascript 178.79.227.167
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://up.pixel.ad/assets/up.js?um=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.227.167 , United States, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-227-167.vie.llnw.net
Software: AC1.1 /
Resource Hash: 5bdf1120c4df8c868092d0bcb7f2540a85456fd94cd1e1a5570c9b63906b1a5b

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
content-encoding: gzip
last-modified: Mon, 24 Aug 2020 15:06:26 GMT
server: AC1.1
age: 432757
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 1044
x-llid: 304768279263245695c2b1605e851ae1

GET
H/1.1 200
OK js Show response
pixel.mathtag.com/event/ 597 B
1 KB 82ms
36ms Script
text/javascript 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.mathtag.com/event/js?mt_id=1506452&mt_adid=241675&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3736 915c305 master zrh-pixel-x28 /
Resource Hash: a90e21c46231e20048209952d51a8de790cf605c095023d54a1ac463493ff2c2

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 13:11:36 GMT
Server: MT3 3736 915c305 master zrh-pixel-x28
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 597
Expires: Mon, 17 May 2021 13:11:39 GMT

GET
H2 200 zdcd6x8yhg85.js Show response
js.driftt.com/include/1621257300000/ 214 KB
61 KB 263ms
171ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1621257300000/zdcd6x8yhg85.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

c7ca38cecccab4af04fcd806f7b06bfe0f5a94575c0c9068dba658c76a65dbee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: dHJp8BwHGgm0aqJ7a.Cuamg4zeyBQM7N
content-encoding: gzip
etag: W/"994c139126700a460e5c069f76ab5541"
x-amz-cf-pop: ZRH50-C1
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 14 May 2021 15:51:07 GMT
server: nginx
date: Mon, 17 May 2021 13:11:36 GMT
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wq1aAL6eQ-9Ri-nrKR1i-BTykM54Licd-nqgQ7yPXR1M8wFJ8BRu_g==

GET
H2 200 E-v1.js Show response
fast.wistia.com/assets/external/ 609 KB
113 KB 18ms
17ms Script
application/javascript 2a04:4e42:1b::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/E-v1.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

67285b2eacc90d3436ea8747ee6f8c8eac151b29f7f3d26487e7779c14386049

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
content-encoding: br
vary: Accept-Encoding
age: 1802
x-cache: HIT, HIT
content-length: 115202
x-served-by: cache-dca12927-DCA, cache-hhn4060-HHN
access-control-allow-origin: *
x-browser-version: 89
last-modified: Mon, 17 May 2021 12:32:47 GMT
x-timer: S1621257097.683776,VS0,VE0
etag: "60a2626f-1c202"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 1, 785

GET
H2 403 lt-v2.min.js
lltrck.com/ 0
0 304ms
101ms Script
text/html 3.220.33.83
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://lltrck.com/lt-v2.min.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.220.33.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-220-33-83.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 6e1424cff90e9cd4.min.js Show response
tag.demandbase.com/ 62 KB
17 KB 115ms
26ms Script
application/javascript 13.224.193.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/6e1424cff90e9cd4.min.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-53.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bd3724dffd91133f8ed977e904e58f8ef23c4465dba14306e050e6eed319745d

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: UtP6R9tC_7fR_w2Lzktlz8YQn1yz8mKs
content-encoding: gzip
last-modified: Tue, 04 May 2021 12:45:30 GMT
server: AmazonS3
age: 2768
etag: W/"6a7453a13400d69ed8a523c0339b92b9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 0b9e85cfe8fe19b385db56d32b4ce802.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
date: Mon, 17 May 2021 12:26:12 GMT
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: XZ0LSThuJGfgCS9T9e-HJc_O0yk9OMW3lmiSMryOpaxA3RU94Pvfiw==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=72596&time=1621257096679&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D72596%26time%3D1621257096679%26url%3Dhttps%253A%252F%252Fwww.cybereason.com%252Fb...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=72596&time=1621257096679&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=72596&time=1621257096679&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&liSync=true&e_ipv6=AQL0MreH2dlvBgAAAXl6d...

0
155 B

309ms
115ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=72596&time=1621257096679&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&liSync=true&e_ipv6=AQL0MreH2dlvBgAAAXl6dA-YOJeGuu4hXWrQBHMw9vN0UWHMHAozffnPsvsZWv8WB4FdaXrZ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:37 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-proto: http/2
x-li-pop: prod-lva1
content-type: application/javascript
content-length: 0
x-li-uuid: qdMfhb3cfxZwb8URtSoAAA==

Redirect headers

date: Mon, 17 May 2021 13:11:37 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=72596&time=1621257096679&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&liSync=true&e_ipv6=AQL0MreH2dlvBgAAAXl6dA-YOJeGuu4hXWrQBHMw9vN0UWHMHAozffnPsvsZWv8WB4FdaXrZ
x-li-proto: http/2
x-li-pop: prod-ech2
content-length: 0
x-li-uuid: 8oe3cL3cfxYA4ouVyyoAAA==

GET
H2 204 56273944 Show response
bat.bing.com/p/action/ 0
93 B 31ms
31ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/p/action/56273944
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ARR/3.0
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 17 May 2021 13:11:36 GMT
cache-control: private,max-age=86400
x-msedge-ref: Ref A: A11AF81FB7C44FBA80E175DCE2E1A069 Ref B: FRAEDGE1420 Ref C: 2021-05-17T13:11:36Z
x-powered-by: ARR/3.0
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
94 B 30ms
28ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=56273944&tm=gtm001&Ver=2&mid=25804fb3-781b-4403-9c82-2ce601aa83bd&sid=68e0fd30b71111ebbb493d49330670fe&vid=68e120a0b71111ebbca9bd400dfbeaf8&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Cybereason%20vs.%20DarkSide%20Ransomware&p=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&r=&lt=1605&evt=pageLoad&msclkid=N&sv=1&rn=842532
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Mon, 17 May 2021 13:11:36 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: D682C08960BC4D0A8E55B21D8105D0BB Ref B: FRAEDGE1420 Ref C: 2021-05-17T13:11:36Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 x Show response
distillery.wistia.com/ 0
96 B 307ms
104ms XHR
text/plain 54.86.117.43
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://distillery.wistia.com/x
Requested by: Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/E-v1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.86.117.43 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-86-117-43.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: *
date: Mon, 17 May 2021 13:11:36 GMT
cache-control: max-age=0, private, must-revalidate

POST
H2 204 collect
analytics.google.com/g/ 0
154 B 14ms
12ms Ping
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-SSF38JVRVJ&gtm=2oe5c1&_p=1125818919&sr=1600x1200&_gaz=1&ul=en-us&cid=98923819.1621257097&_s=1&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&dt=Cybereason%20vs.%20DarkSide%20Ransomware&sid=1621257096&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-SSF38JVRVJ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 17 May 2021 13:11:36 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cybereason.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 204 collect
stats.g.doubleclick.net/g/ 0
17 B 63ms
14ms Ping
text/plain 2a00:1450:400c:c0a::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-SSF38JVRVJ&cid=98923819.1621257097&gtm=2oe5c1&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-SSF38JVRVJ&l=dataLayer&cx=c
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400c:c0a::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 17 May 2021 13:11:36 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cybereason.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.de/ads/ 42 B
63 B 47ms
46ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-SSF38JVRVJ&cid=98923819.1621257097&gtm=2oe5c1&aip=1&z=1226777046

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 13:11:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 7ms
6ms Script
application/x-javascript 2a02:26f0:6c00:295::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:295::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 13:11:36 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 22:14:03 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=40104
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1855

GET
H3-29 200 116645602292181 Show response
connect.facebook.net/signals/config/ 254 KB
72 KB 29ms
28ms Script
application/x-javascript 2a03:2880:f030:13:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/116645602292181?v=2.9.39&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f030:13:face:b00c:0:3 , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5268606d0deb0a86dc61af598ff0f74f109c0ebce932ff35b3b866da05e5e900

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 74043
x-fb-rlafr: 0
pragma: public
x-fb-debug: Heg6lFSK4Mb5oC3+hOotjsTsKCCGJetA3VFd6dMq810em8mdiQb2LzJdpztAvADen3Rpjoo+m73kbRv6M05xiQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 17 May 2021 13:11:36 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
659 B 185ms
139ms Script
application/javascript 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=ny0ol&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
pragma: no-cache
last-modified: Mon, 17 May 2021 13:11:36 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 613f46f1beccf7cf3d39f760566a3b915f659bdf8886383ceec64a8c1eb6cfd6
x-transaction: 818c90a298c69f93
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
455 B 179ms
134ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=ny0ol&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Mon, 17 May 2021 13:11:36 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 938b843c6f5df5184933d58cfa517d508fc6a73cb39aa907e54799200c248433
x-transaction: 64b2f993a1bc2ebf
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
125 B 205ms
155ms Image
image/gif 151.101.113.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1621257096729&id=t2_32cbm2fl&event=PageVisit&uuid=9058a15c-dad2-46cc-942b-6167bda41aa3&aaid=&em=&idfa=&opt_out=0&sh=1600&sw=1200&s=PDjFcREapwT%2FMSz6L20pR6XSzBvz%2Ft9baRofVwb0I6c%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.140 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
via: 1.1 varnish
server: Varnish
accept-ranges: bytes
content-length: 42
retry-after: 0
content-type: image/gif

GET
H2 200 dc_pre=CLnw16rl0PACFU8QBgAdN6EO8g;src=10272547;type=landing;cat=allsite;ord=8891239052184;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darks... Show response
adservice.google.com/ddm/fls/i/ Frame 177D 525 B
477 B 41ms
41ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CLnw16rl0PACFU8QBgAdN6EO8g;src=10272547;type=landing;cat=allsite;ord=8891239052184;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware

Requested by

Host: 10272547.fls.doubleclick.net
URL: https://10272547.fls.doubleclick.net/activityi;dc_pre=CLnw16rl0PACFU8QBgAdN6EO8g;src=10272547;type=landing;cat=allsite;ord=8891239052184;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dc60a34edfb87bde5ffb8a20c861063b6657a865b265856b7000d4a128041dfb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: adservice.google.com
:scheme: https
:path: /ddm/fls/i/dc_pre=CLnw16rl0PACFU8QBgAdN6EO8g;src=10272547;type=landing;cat=allsite;ord=8891239052184;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://10272547.fls.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://10272547.fls.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 17 May 2021 13:11:36 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 407
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/561371164/ 2 KB
1 KB 51ms
50ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/561371164/?random=1621257096736&cv=9&fst=1621257096736&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg5c1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&tiba=Cybereason%20vs.%20DarkSide%20Ransomware&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50f12aacdf20168f912a1b9d0565ec81207a28907960276992b971dda9cc4d83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 13:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1034
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 / Show response
www.googleadservices.com/pagead/conversion/401574070/ 2 KB
1 KB 42ms
41ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/401574070/?random=1621257096739&cv=9&fst=1621257096739&num=1&value=0&label=6wPaCOv09oACELaRvr8B&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg5c1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&tiba=Cybereason%20vs.%20DarkSide%20Ransomware&hn=www.googleadservices.com&bttype=purchase&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

bf35dde549061e9d7fdf83d3136d9c5014a93d3b4119d0a9b4fcadeb3e9618e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 13:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1210
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 / Show response
www.googleadservices.com/pagead/conversion/934771702/ 2 KB
1 KB 39ms
39ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/934771702/?random=1621257096759&cv=9&fst=1621257096759&num=1&value=0&label=fA-8CL7ah5MCEPb33b0D&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg5c1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&tiba=Cybereason%20vs.%20DarkSide%20Ransomware&hn=www.googleadservices.com&bttype=purchase&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

5c0e1558ea6a2064b2ca77c8e3b905b6073b1f8c6c43b4346e9e4c3f3a00803f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 13:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1212
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/934771702/ 2 KB
1 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/934771702/?random=1621257096761&cv=9&fst=1621257096761&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg5c1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&tiba=Cybereason%20vs.%20DarkSide%20Ransomware&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

45562afe40cb44bb8b33f75a984b4ab652a45b2156f404d9b3c4789a31dc38f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 13:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1035
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK activity.gif
apt.techtarget.com/activity/ 43 B
464 B 412ms
104ms Image
image/gif 206.19.49.24
ATT-CERFNET-BLOCK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=16570449&version=2.0&ref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&r=1621257096773
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 206.19.49.24 , United States, ASN17225 (ATT-CERFNET-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 13:11:37 GMT
Last-Modified: Tue, 26 Mar 2019 18:30:29 GMT
ETag: "2b-5850384023492"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=40
Content-Length: 43

GET
H3-29 200 dc_pre=CNHO2Krl0PACFegHBgAdMHMJ9A;src=10428681;type=cyber0;cat=cyber0;ord=6416287869040;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darksid... Show response
adservice.google.com/ddm/fls/i/ Frame D27B 523 B
424 B 57ms
41ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CNHO2Krl0PACFegHBgAdMHMJ9A;src=10428681;type=cyber0;cat=cyber0;ord=6416287869040;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware

Requested by

Host: 10428681.fls.doubleclick.net
URL: https://10428681.fls.doubleclick.net/activityi;dc_pre=CNHO2Krl0PACFegHBgAdMHMJ9A;src=10428681;type=cyber0;cat=cyber0;ord=6416287869040;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware?

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3cdde25457091c77ab94c24b73dfc5774bda788202b6e61198ca8b10699b58c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: adservice.google.com
:scheme: https
:path: /ddm/fls/i/dc_pre=CNHO2Krl0PACFegHBgAdMHMJ9A;src=10428681;type=cyber0;cat=cyber0;ord=6416287869040;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://10428681.fls.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://10428681.fls.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 17 May 2021 13:11:36 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 401
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 dc_pre=COf32qrl0PACFewbBgAddGgJdA;src=10272547;type=landing;cat=darkblog;ord=4207548206808;gtm=2wg5c1;auiddc=*;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware
adservice.google.com/ddm/fls/z/ Frame 62EF 42 B
63 B 57ms
42ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=COf32qrl0PACFewbBgAddGgJdA;src=10272547;type=landing;cat=darkblog;ord=4207548206808;gtm=2wg5c1;auiddc=*;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware

Requested by

Host: 10272547.fls.doubleclick.net
URL: https://10272547.fls.doubleclick.net/activityi;dc_pre=COf32qrl0PACFewbBgAddGgJdA;src=10272547;type=landing;cat=darkblog;ord=4207548206808;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware?

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10272547.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 13:11:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CLnw16rl0PACFU8QBgAdN6EO8g;src=10272547;type=landing;cat=allsite;ord=8891239052184;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darks... Show response
adservice.google.de/ddm/fls/i/ Frame 3AF9 194 B
265 B 45ms
45ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/dc_pre=CLnw16rl0PACFU8QBgAdN6EO8g;src=10272547;type=landing;cat=allsite;ord=8891239052184;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CLnw16rl0PACFU8QBgAdN6EO8g;src=10272547;type=landing;cat=allsite;ord=8891239052184;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: adservice.google.de
:scheme: https
:path: /ddm/fls/i/dc_pre=CLnw16rl0PACFU8QBgAdN6EO8g;src=10272547;type=landing;cat=allsite;ord=8891239052184;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://adservice.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://adservice.google.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 17 May 2021 13:11:36 GMT
expires: Mon, 17 May 2021 13:11:36 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 177
x-xss-protection: 0
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 /
www.facebook.com/tr/ 44 B
354 B 16ms
16ms Image
image/gif 2a03:2880:f130:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=116645602292181&ev=PageView&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&rl=&if=false&ts=1621257096788&sw=1600&sh=1200&v=2.9.39&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1621257096787.1539339666&it=1621257096724&coo=false&exp=l1&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Mon, 17 May 2021 13:11:36 GMT

GET
H2 200 modules.0fd8b750824023792fba.js Show response
script.hotjar.com/ 220 KB
58 KB 177ms
77ms Script
application/javascript 13.224.95.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.0fd8b750824023792fba.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-704918.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.61 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-61.zrh50.r.cloudfront.net

Software

Resource Hash

65cef8a94d8a09cac56b85e15c92c37ea129d38a094fa8e1f3fd812a550b74be

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 07:37:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 452071
x-cache: Hit from cloudfront
content-length: 59191
access-control-allow-origin: *
last-modified: Wed, 12 May 2021 07:37:04 GMT
etag: "cd11ca1a90eced753504203f173db976"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 792f70324a941726ce7e749514e6fc3c.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: d2mZqF4iOxDuv9s3rhUm5qNyzETxPf7R4MyV-RvVFZpY98WiH8PRtg==

GET
H2 204 asyncPixelSync
pixel.sitescout.com/dmp/ Frame 5620 0
0 84ms
24ms Document
text/plain 66.155.71.25
COGECO-PEER1

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.sitescout.com/dmp/asyncPixelSync
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.25 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash

Request headers

:method: GET
:authority: pixel.sitescout.com
:scheme: https
:path: /dmp/asyncPixelSync
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware

Response headers

cache-control: max-age=0,no-cache,no-store
pragma: no-cache
expires: Tue, 11 Oct 1977 12:34:56 GMT
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
date: Mon, 17 May 2021 13:11:36 GMT
server: AC1.1

GET
H2 200 6f002ab8596ff067
pixel.sitescout.com/up/ 43 B
267 B 26ms
24ms Image
image/gif 66.155.71.25
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sitescout.com/up/6f002ab8596ff067?cntr_url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.25 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 13:11:36 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
cache-control: max-age=0,no-cache,no-store
content-type: image/gif
content-length: 43
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/misc/ 43 B
480 B 33ms
31ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/misc/img?mm_bnc&bcdv=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3736 915c305 master zrh-pixel-x25 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 13:11:36 GMT
Server: MT3 3736 915c305 master zrh-pixel-x25
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 17 May 2021 13:11:39 GMT

GET
H3-29

200

/
www.google.de/pagead/1p-conversion/934771702/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/934771702/?random=249174163&cv=9&fst=1621257096759&num=1&value=0&label=fA-8CL7ah5MCEPb33b0D&guid=ON&resp=GooglemKTybQhCsO&eid=250505...
https://www.google.com/pagead/1p-conversion/934771702/?random=249174163&cv=9&fst=1621257096759&num=1&value=0&label=fA-8CL7ah5MCEPb33b0D&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=160...
https://www.google.de/pagead/1p-conversion/934771702/?random=249174163&cv=9&fst=1621257096759&num=1&value=0&label=fA-8CL7ah5MCEPb33b0D&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600...

42 B
64 B

21ms
21ms

Image
image/gif

2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/934771702/?random=249174163&cv=9&fst=1621257096759&num=1&value=0&label=fA-8CL7ah5MCEPb33b0D&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg5c1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&tiba=Cybereason%20vs.%20DarkSide%20Ransomware&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=iGuiYJ3SL5nagQeViYCwBA&cid=CAQSKQCNIrLMVTUKQCs316x0d-5RrwWZiTsZ58KKYBYUZBfCLQY7TjvUc7KJ&eitems=ChEI8KiIhQYQ_YPW3eLl0JfVARIdAD07NIvfHVjg6h0ZzciArxVvlGYy6OxCP3x-tlI&random=3413197055&resp=GooglemKTybQhCsO&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 13:11:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 17 May 2021 13:11:37 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-conversion/934771702/?random=249174163&cv=9&fst=1621257096759&num=1&value=0&label=fA-8CL7ah5MCEPb33b0D&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg5c1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&tiba=Cybereason%20vs.%20DarkSide%20Ransomware&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=iGuiYJ3SL5nagQeViYCwBA&cid=CAQSKQCNIrLMVTUKQCs316x0d-5RrwWZiTsZ58KKYBYUZBfCLQY7TjvUc7KJ&eitems=ChEI8KiIhQYQ_YPW3eLl0JfVARIdAD07NIvfHVjg6h0ZzciArxVvlGYy6OxCP3x-tlI&random=3413197055&resp=GooglemKTybQhCsO&ipr=y
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

/
www.google.de/pagead/1p-conversion/401574070/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/401574070/?random=1258896289&cv=9&fst=1621257096739&num=1&value=0&label=6wPaCOv09oACELaRvr8B&guid=ON&resp=GooglemKTybQhCsO&eid=25050...
https://www.google.com/pagead/1p-conversion/401574070/?random=1258896289&cv=9&fst=1621257096739&num=1&value=0&label=6wPaCOv09oACELaRvr8B&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=16...
https://www.google.de/pagead/1p-conversion/401574070/?random=1258896289&cv=9&fst=1621257096739&num=1&value=0&label=6wPaCOv09oACELaRvr8B&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=160...

42 B
64 B

22ms
22ms

Image
image/gif

2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/401574070/?random=1258896289&cv=9&fst=1621257096739&num=1&value=0&label=6wPaCOv09oACELaRvr8B&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg5c1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&tiba=Cybereason%20vs.%20DarkSide%20Ransomware&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=iGuiYPnRL9KngQeD-YigCg&cid=CAQSKQCNIrLMe6S9hxdciSsHomn3Y5CrtSg6B1N8T-u671jV3B7XEtjZx6-a&eitems=ChEI8KiIhQYQ_YPW3eLl0JfVARIdAD07NItltsio2lHUHyq4Tba2k5vu17FEv0g01JM&random=1560583430&resp=GooglemKTybQhCsO&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 13:11:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 17 May 2021 13:11:36 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-conversion/401574070/?random=1258896289&cv=9&fst=1621257096739&num=1&value=0&label=6wPaCOv09oACELaRvr8B&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg5c1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&tiba=Cybereason%20vs.%20DarkSide%20Ransomware&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=iGuiYPnRL9KngQeD-YigCg&cid=CAQSKQCNIrLMe6S9hxdciSsHomn3Y5CrtSg6B1N8T-u671jV3B7XEtjZx6-a&eitems=ChEI8KiIhQYQ_YPW3eLl0JfVARIdAD07NItltsio2lHUHyq4Tba2k5vu17FEv0g01JM&random=1560583430&resp=GooglemKTybQhCsO&ipr=y
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/934771702/ 42 B
64 B 36ms
35ms Image
image/gif 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/934771702/?random=1621257096761&cv=9&fst=1621256400000&num=1&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg5c1&sendb=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&tiba=Cybereason%20vs.%20DarkSide%20Ransomware&async=1&fmt=3&is_vtc=1&random=794959938&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 13:11:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/934771702/ 42 B
64 B 36ms
35ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/934771702/?random=1621257096761&cv=9&fst=1621256400000&num=1&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg5c1&sendb=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&tiba=Cybereason%20vs.%20DarkSide%20Ransomware&async=1&fmt=3&is_vtc=1&random=794959938&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 13:11:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 dc_pre=CNHO2Krl0PACFegHBgAdMHMJ9A;src=10428681;type=cyber0;cat=cyber0;ord=6416287869040;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darksid... Show response
adservice.google.de/ddm/fls/i/ Frame B7C7 194 B
199 B 58ms
42ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/dc_pre=CNHO2Krl0PACFegHBgAdMHMJ9A;src=10428681;type=cyber0;cat=cyber0;ord=6416287869040;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CNHO2Krl0PACFegHBgAdMHMJ9A;src=10428681;type=cyber0;cat=cyber0;ord=6416287869040;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: adservice.google.de
:scheme: https
:path: /ddm/fls/i/dc_pre=CNHO2Krl0PACFegHBgAdMHMJ9A;src=10428681;type=cyber0;cat=cyber0;ord=6416287869040;gtm=2wg5c1;auiddc=1366443504.1621257097;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://adservice.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://adservice.google.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 17 May 2021 13:11:36 GMT
expires: Mon, 17 May 2021 13:11:36 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 177
x-xss-protection: 0
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 456 B
948 B 124ms
73ms XHR
application/json 13.32.25.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&page_title=Cybereason%20vs.%20DarkSide%20Ransomware&src=tag&auth=MOftAmbp2Aha4tkNEmeyvcipKYfCUyVJMXpCWBMS
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/6e1424cff90e9cd4.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.25.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-25-16.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: 0949207621f5c59b13b0cecd0748f8381152674bf88541aa8ebf87f9c52747c9

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA56-C2
x-cache: Miss from cloudfront
request-id: db532239-6b0a-4f3a-bf23-c79978c7fb86
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://www.cybereason.com
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 d8670b0c6b76371fb58f730881dfe505.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: d63wKvBDOpFbuUpYmL5wrspirEh3ghJvCZS3LYBbRZnp-43MOEJMlA==
expires: Sun, 16 May 2021 13:11:36 GMT

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AACUCE7BRNcAACr7HSShXw
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AACUCE7BRNcAACr7HSShXw&verifyHash=66f04893332a1c0843ff8b4eb8bb72629d006ea5

26 B
409 B

132ms
131ms

Image
image/gif

13.224.95.88
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=choca&user_id=AACUCE7BRNcAACr7HSShXw&verifyHash=66f04893332a1c0843ff8b4eb8bb72629d006ea5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-88.zrh50.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 13:11:37 GMT
Via: 1.1 666ff4ad81b3b60af3d2241160893ee3.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ZRH50-C1
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
trace-id: 2c9ef6e03c678016
X-Amz-Cf-Id: p7dtu2TbhC2XNdvbYY2QIEk4VAPi-qCcS_t_Wk1a-qodCHwglES72w==

Redirect headers

Date: Mon, 17 May 2021 13:11:37 GMT
Via: 1.1 666ff4ad81b3b60af3d2241160893ee3.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ZRH50-C1
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=choca&user_id=AACUCE7BRNcAACr7HSShXw&verifyHash=66f04893332a1c0843ff8b4eb8bb72629d006ea5
Connection: keep-alive
trace-id: 1725556581f5e1c8
Content-Length: 0
X-Amz-Cf-Id: RJpeeCk3BTHwDWYmoUyLPlEvESdEtUrEcTP012f5xGaeohMuw7k4wQ==

GET
H2 451 464526.gif
id.rlcdn.com/ 0
66 B 57ms
22ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/464526.gif
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:36 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

GET
H2 200 box-5e3cec51ed8e99df6977c199d27812d7.html Show response
vars.hotjar.com/ Frame A514 1 KB
1 KB 122ms
39ms Document
text/html 13.224.95.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-5e3cec51ed8e99df6977c199d27812d7.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-704918.js?sv=7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-74.zrh50.r.cloudfront.net
Software: /
Resource Hash: 486762d56893f9b12fdfad41c3a76f11fc745b5436e97e596a63c22ee13d2e33

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-5e3cec51ed8e99df6977c199d27812d7.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware

Response headers

content-type: text/html
content-length: 684
date: Tue, 30 Mar 2021 16:10:32 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "4e332edbbc3b46800c87f197cc7d3bb6"
last-modified: Tue, 30 Mar 2021 14:48:51 GMT
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 666ff4ad81b3b60af3d2241160893ee3.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: DafR5BNNHGzfJlxk3moxsfk_cMkmMlPzJCPnmD5F1lSjTXuGL3JDYw==
age: 4136464

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/561371164/ 42 B
64 B 22ms
21ms Image
image/gif 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/561371164/?random=1621257096736&cv=9&fst=1621256400000&num=1&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg5c1&sendb=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&tiba=Cybereason%20vs.%20DarkSide%20Ransomware&async=1&fmt=3&is_vtc=1&random=1928100247&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 13:11:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/561371164/ 42 B
64 B 20ms
19ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/561371164/?random=1621257096736&cv=9&fst=1621256400000&num=1&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg5c1&sendb=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&tiba=Cybereason%20vs.%20DarkSide%20Ransomware&async=1&fmt=3&is_vtc=1&random=1928100247&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 13:11:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
6ms Image
image/gif 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j90&a=1125818919&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&ul=en-us&de=UTF-8&dt=Cybereason%20vs.%20DarkSide%20Ransomware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aHBAAEABAAAAAC~&jid=&gjid=&cid=98923819.1621257097&tid=UA-56367941-1&_gid=1429539086.1621257097&cd3=(Non-Company%20Visitor)&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=(Non-Company%20Visitor)&cd8=(Non-Company%20Visitor)&cd9=Bot&cd10=(Non-Company%20Visitor)&cd11=(Non-Company%20Visitor)&cd12=Amsterdam&cd13=NH&cd14=Netherlands&z=132785617

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 10:20:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 10237
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 core Show response
js.driftt.com/ Frame C5F7 3 KB
1 KB 154ms
153ms Document
text/html 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1621257300000/zdcd6x8yhg85.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

62db2d78cb8f121b16164f35aad9ff10ad489fe121f0d440ce05877c9cdf76f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: js.driftt.com
:scheme: https
:path: /core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware

Response headers

content-type: text/html; charset=utf-8
server: nginx
last-modified: Fri, 14 May 2021 15:50:57 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 4SJ61NndCbxkDpjTOLcBH8vjh4SHaTPl
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Mon, 17 May 2021 13:11:37 GMT
cache-control: no-cache
etag: W/"5d69a6e60873bde482c681a43a24f4ea"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: WjFSoSp8ic2GErjcGnz9FAgpGiWAuSzgIKNPwOjsuIV-KY4pXxlYzg==

GET
H2 200 chat Show response
js.driftt.com/core/ Frame 147D 3 KB
1 KB 161ms
161ms Document
text/html 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1621257300000/zdcd6x8yhg85.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

62db2d78cb8f121b16164f35aad9ff10ad489fe121f0d440ce05877c9cdf76f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: js.driftt.com
:scheme: https
:path: /core/chat
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware

Response headers

content-type: text/html; charset=utf-8
server: nginx
last-modified: Fri, 14 May 2021 15:50:57 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 4SJ61NndCbxkDpjTOLcBH8vjh4SHaTPl
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Mon, 17 May 2021 13:11:37 GMT
cache-control: no-cache
etag: W/"5d69a6e60873bde482c681a43a24f4ea"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: nr85YxryxfLvcLkkgvJ14mpnlQlb84FND8q27MPG3teU5iK6Yq5vvw==

GET
H2 200 runtime~main.9fbac000.js Show response
js.driftt.com/core/assets/js/ Frame C5F7 5 KB
3 KB 42ms
40ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

89ce2eb03f6ac3cab82377a82525d1b81de41320db899db497a1475fb6ece931

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 14 May 2021 15:50:56 GMT
content-encoding: gzip
age: 249641
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 14 May 2021 14:54:21 GMT
server: nginx
etag: W/"128ce6dbc37733faaaefdd334c21f99b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: sHXMsUUdeNm_UeN.FOewei._tKf_s_E5
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: pB8OSoykpca2rqezLODcmrB7DhjV9PlIYq68RVnyix6bwqOXl8c5xw==

GET
H2 200 39.00daf76c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5F7 40 KB
12 KB 42ms
38ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/39.00daf76c.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

d3528e4a656c1898832bd0aadf4b7493a6dab833bcf77de82220134cff487105

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Apr 2021 19:12:07 GMT
content-encoding: gzip
age: 1792770
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 25 Mar 2021 19:27:43 GMT
server: nginx
etag: W/"6899bddb0243691ddc6399866847b6f4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: pQPjI5lQAXUmoIh3KnIJ_HEoAO12ALHT
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: mLCtmF2N9dsUzJ7rHpacvJvvptgImx87jGoFYfKa7n8rtmOwats7oQ==

GET
H2 200 24.51b9fb55.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5F7 42 KB
12 KB 46ms
42ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.51b9fb55.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

d411775260d8563a58272ca5581260d0594ff8377e4820e885eac1ffcba4d858

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 25 Mar 2021 20:55:02 GMT
content-encoding: gzip
age: 4551395
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 25 Mar 2021 20:27:10 GMT
server: nginx
etag: W/"cef2e36f386b30af63a3565f56cb570c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 2YkFlG1sZ1uGuw9fRJhr_rduXEPaItbU
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 09dyTVgyuTLYqoAt-GzovXUeKbj-yNIKkGeHfo84OCWbfVWKxZKelg==

GET
H2 200 19.afca98a9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5F7 70 KB
21 KB 49ms
45ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.afca98a9.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

9aff01bc783d8594a56120806445b231bf83e9cabd5b293a7ccfa61826a1edd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 13:54:02 GMT
content-encoding: gzip
age: 1466255
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 13:24:11 GMT
server: nginx
etag: W/"de8e76f9e682100165e9ef4b0640a064"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: y3HP_ATSoqjmnuaTWV_4JHbjLc6op0_8
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: BvgdPre83T7zKkd5qcps2rJEXbvFfyJLZ0KHzCsHMndJratOsJdWgg==

GET
H2 200 31.66558c5d.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5F7 48 KB
15 KB 49ms
45ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/31.66558c5d.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

ecaef097a49429f00f55336367b45e898f27c6e85801c55cebb6e2f25ad8742e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 13:54:02 GMT
content-encoding: gzip
age: 1466255
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 13:24:11 GMT
server: nginx
etag: W/"93e71078f48622110fd00fcfb723530b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: cH5FvrQDgYk7DLHbCMiEeTj0prpfEvxI
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: S_qS9-9O_PNNqRQpLUgeMw-kHb4HYGLxMRuUCSbpV-4ygeSwQPjnaQ==

GET
H2 200 18.afae54c8.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5F7 29 KB
8 KB 48ms
45ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.afae54c8.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

e7657b3001a9523fb81152df7eb790ac0e7c7a163d06c31c5052b6e1b25ca77d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 13:54:02 GMT
content-encoding: gzip
age: 1466255
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 13:24:11 GMT
server: nginx
etag: W/"aa46b8d2411ca710860501cb70b87aa6"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: RsEAITRzirmwXWJLuxexiqSCME3tTtns
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8KBYbWGXmww-H8pmei98o7zPQQbuynLfFtgYB_ht4oOsYyfzDlXQ8Q==

GET
H2 200 20.b1014b02.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5F7 39 KB
10 KB 49ms
45ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.b1014b02.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

4f4ab87946162884af2a2fc74e126b9ac2f3e6553212104d1938528bd3dc1d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 13:54:02 GMT
content-encoding: gzip
age: 1466255
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 13:24:11 GMT
server: nginx
etag: W/"c8172651926eb7a7f4a4f3cb5e513f9c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: N9S.PkVsS9nYjNVu8bkXjETwWPfdkyvR
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: rYuvrvH5E2lMo87D5LUjZO80hbQNd-1IQQXCMz6hc3bar5IS3qSrEQ==

GET
H2 200 36.9240267e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5F7 52 KB
18 KB 48ms
45ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/36.9240267e.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

e01a31d1eb9be759017e7eb1cca7a856cdb6c73fd2495a3cae6fe24e15f3fef9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 15:36:07 GMT
content-encoding: gzip
age: 1114530
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 03 May 2021 19:03:06 GMT
server: nginx
etag: W/"c0367e53a004313148d8c4e96e76faaf"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: lLAVslw4_BY14xUoHU0HjzW1V7f26K5g
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: HFjwmHEEO60_9rbAK3IM9qU_CpTg4XYnhG3egaSg2zbajEgMY3nPVQ==

GET
H2 200 34.e9aa1a63.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5F7 24 KB
10 KB 49ms
46ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/34.e9aa1a63.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

4b96fcdb0d9e90f7527b30c33c4259e8a83595f0cf73d7224df7b6e362c82af6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Apr 2021 08:18:48 GMT
content-encoding: gzip
age: 1831969
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 25 Mar 2021 19:27:42 GMT
server: nginx
etag: W/"a0fa2d7dab28f390fc90a7d949fd9d59"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 3CkjyVu7dK8vCrDzm2Z_AQEoaWDrYFtT
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: bBvN3F5XX6LmAeVIZ0otkV9DI3yWqokPEOSsY67y0gXG-kgvqVZmVA==

GET
H2 200 14.b0278960.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5F7 60 KB
21 KB 49ms
46ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.b0278960.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

d75c1823f06b25faffc4d8177e4fbad465186322ee07a862adabf1de9f6606ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 13:54:02 GMT
content-encoding: gzip
age: 1466255
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 13:24:10 GMT
server: nginx
etag: W/"f0ce14b295202c78f02177e314fdf340"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: XvmmE.MlaEpf2uz.SJHuSFnPeHj97JvY
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ldXKB1cdKMpEm8uKMqO7Sx_DVv9Wmg8GF1-a5WDhKjCk20qyCpLB3g==

GET
H2 200 main~493df0b3.62d159f1.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5F7 21 KB
7 KB 72ms
69ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.62d159f1.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

c5f40a52562acf46d2c01ee4eb34a484b81d63c40a05d5e0881f5ab98661c6a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 05 May 2021 18:30:02 GMT
content-encoding: gzip
age: 1017695
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 05 May 2021 18:19:10 GMT
server: nginx
etag: W/"25a10d79ebd9f87f6a76b3e0bae334be"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: U2z.8ZLglAvJQPLI2Zg0qUlzzW94Dj9E
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: P9BR8_nuF9TcA6dgYMF3_Z9fZ-YxV86jqHMA8cta2LR2BCmBkAjZSA==

GET
H2 200 main~970f9218.c5d671ef.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5F7 64 KB
16 KB 72ms
70ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~970f9218.c5d671ef.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

50a9587181d1213451ae78755905b3109d0f9a89fdc643da419ccb92c05a977a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 14 May 2021 15:50:56 GMT
content-encoding: gzip
age: 249641
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 14 May 2021 14:54:20 GMT
server: nginx
etag: W/"7922b27ebfcab9d01eb207f4f7f63f72"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: ffw0naK76NVWI3_BbSNYyO547yxNYdQz
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: e_ZdbQhEVNhQTnzW3sSI7OXpshcSf5QYT5ZSb9rO_wet439kmtWs5g==

GET
H2 200 main~89e24786.52bc12fb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5F7 65 KB
18 KB 72ms
70ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~89e24786.52bc12fb.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

12fbb598ebd7b5c3b114fbe4f9513ba2ef3741eb4345d855b7b27a8b0556db16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 19:05:54 GMT
content-encoding: gzip
age: 497143
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 11 May 2021 18:48:19 GMT
server: nginx
etag: W/"7259e3a136dd124d7a891c1c958f46a9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: rRRilteFP2bg09_ua0t..4C6ZuaWUxlF
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: STlyO628UD75XzdNdX8nXaYAfifGxjzJ_BFY9riwtA6qpLIDe17m4g==

GET
H2 200 main~53ca99a6.c6e33c8e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5F7 30 KB
10 KB 72ms
70ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~53ca99a6.c6e33c8e.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

4fee4b55adfbf770691ac424f13ba400bb8520aba1370419ba8954e686438323

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 14 May 2021 15:50:56 GMT
content-encoding: gzip
age: 249641
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 14 May 2021 14:54:20 GMT
server: nginx
etag: W/"f875511110d3338297fa3535d74d60c7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: z9AK8NMW9FEN95brAXQt3wnyR8gYOWPr
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ajoiDypCP4hBnRa_4eInS782AOLfmKTQY2E9DBfYowZVp7UCPQoPXw==

GET
H2 200 runtime~main.9fbac000.js Show response
js.driftt.com/core/assets/js/ Frame 147D 5 KB
3 KB 68ms
67ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

89ce2eb03f6ac3cab82377a82525d1b81de41320db899db497a1475fb6ece931

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 14 May 2021 15:50:56 GMT
content-encoding: gzip
age: 249641
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 14 May 2021 14:54:21 GMT
server: nginx
etag: W/"128ce6dbc37733faaaefdd334c21f99b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: sHXMsUUdeNm_UeN.FOewei._tKf_s_E5
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qVw7axfARlEvmuPVS4jO38_dgY8j1MJWx7pTMYglnbvbGPC1uqrksQ==

GET
H2 200 39.00daf76c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 40 KB
12 KB 69ms
68ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/39.00daf76c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

d3528e4a656c1898832bd0aadf4b7493a6dab833bcf77de82220134cff487105

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Apr 2021 19:12:07 GMT
content-encoding: gzip
age: 1792770
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 25 Mar 2021 19:27:43 GMT
server: nginx
etag: W/"6899bddb0243691ddc6399866847b6f4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: pQPjI5lQAXUmoIh3KnIJ_HEoAO12ALHT
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 6Z7XiCQCYn1YsgaJJi4N73G4U3EULCXU-LurYsGmJj-bNleBRkEljw==

GET
H2 200 24.51b9fb55.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 42 KB
12 KB 67ms
66ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.51b9fb55.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

d411775260d8563a58272ca5581260d0594ff8377e4820e885eac1ffcba4d858

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 25 Mar 2021 20:55:02 GMT
content-encoding: gzip
age: 4551395
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 25 Mar 2021 20:27:10 GMT
server: nginx
etag: W/"cef2e36f386b30af63a3565f56cb570c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 2YkFlG1sZ1uGuw9fRJhr_rduXEPaItbU
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: fGIbLBm3Lk2rmJWza1v4xdMM8Sd0qIX9CozS6KilYcXEJeg4Oz5RxA==

GET
H2 200 19.afca98a9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 70 KB
21 KB 67ms
66ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.afca98a9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

9aff01bc783d8594a56120806445b231bf83e9cabd5b293a7ccfa61826a1edd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 13:54:02 GMT
content-encoding: gzip
age: 1466255
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 13:24:11 GMT
server: nginx
etag: W/"de8e76f9e682100165e9ef4b0640a064"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: y3HP_ATSoqjmnuaTWV_4JHbjLc6op0_8
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: nD4qliCNM9GM5hbZRYZfPTgYcyWKmo8AVjlh7bsTNuxFWRk7ruqY8g==

GET
H2 200 31.66558c5d.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 48 KB
15 KB 67ms
66ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/31.66558c5d.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

ecaef097a49429f00f55336367b45e898f27c6e85801c55cebb6e2f25ad8742e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 13:54:02 GMT
content-encoding: gzip
age: 1466255
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 13:24:11 GMT
server: nginx
etag: W/"93e71078f48622110fd00fcfb723530b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: cH5FvrQDgYk7DLHbCMiEeTj0prpfEvxI
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: xYCciWBasHV3jhVdc_MHhqIJIZNAidpZfc8LrjXYdudqPoGEvTr-uA==

GET
H2 200 18.afae54c8.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 29 KB
8 KB 68ms
66ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.afae54c8.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

e7657b3001a9523fb81152df7eb790ac0e7c7a163d06c31c5052b6e1b25ca77d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 13:54:02 GMT
content-encoding: gzip
age: 1466255
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 13:24:11 GMT
server: nginx
etag: W/"aa46b8d2411ca710860501cb70b87aa6"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: RsEAITRzirmwXWJLuxexiqSCME3tTtns
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 7FIoe1KY7Mctjq5Sx8C05C5itVGOxywRLLrV4lH0Y7sihF2eIXBUzQ==

GET
H2 200 20.b1014b02.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 39 KB
10 KB 68ms
66ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.b1014b02.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

4f4ab87946162884af2a2fc74e126b9ac2f3e6553212104d1938528bd3dc1d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 13:54:02 GMT
content-encoding: gzip
age: 1466255
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 13:24:11 GMT
server: nginx
etag: W/"c8172651926eb7a7f4a4f3cb5e513f9c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: N9S.PkVsS9nYjNVu8bkXjETwWPfdkyvR
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wKArlzrxhjJ4xBjbctB551Yvn6JOiZqMoUrUU74F4BOLntrb1KuHKA==

GET
H2 200 36.9240267e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 52 KB
18 KB 68ms
66ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/36.9240267e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

e01a31d1eb9be759017e7eb1cca7a856cdb6c73fd2495a3cae6fe24e15f3fef9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 15:36:07 GMT
content-encoding: gzip
age: 1114530
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 03 May 2021 19:03:06 GMT
server: nginx
etag: W/"c0367e53a004313148d8c4e96e76faaf"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: lLAVslw4_BY14xUoHU0HjzW1V7f26K5g
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: dZbffRudJsoTgcxJXPxE7tiGlKeqWyS_jtZ7UaeT-JolUcgBjhr4Ig==

GET
H2 200 34.e9aa1a63.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 24 KB
10 KB 68ms
67ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/34.e9aa1a63.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

4b96fcdb0d9e90f7527b30c33c4259e8a83595f0cf73d7224df7b6e362c82af6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Apr 2021 08:18:48 GMT
content-encoding: gzip
age: 1831969
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 25 Mar 2021 19:27:42 GMT
server: nginx
etag: W/"a0fa2d7dab28f390fc90a7d949fd9d59"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 3CkjyVu7dK8vCrDzm2Z_AQEoaWDrYFtT
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ZTc6zJXznZRE3AzEnBlsbFmRx7Y3FXk8N40A2wod5s5Ww44eBrrpSA==

GET
H2 200 14.b0278960.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 60 KB
21 KB 68ms
67ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.b0278960.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

d75c1823f06b25faffc4d8177e4fbad465186322ee07a862adabf1de9f6606ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 13:54:02 GMT
content-encoding: gzip
age: 1466255
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 13:24:10 GMT
server: nginx
etag: W/"f0ce14b295202c78f02177e314fdf340"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: XvmmE.MlaEpf2uz.SJHuSFnPeHj97JvY
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: yhFeRngNUDBUY8Xn4FvAiL4mrJVpTNWIRhdG9FEkCsti1yZ-LnVKbQ==

GET
H2 200 main~493df0b3.62d159f1.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 21 KB
7 KB 68ms
67ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.62d159f1.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

c5f40a52562acf46d2c01ee4eb34a484b81d63c40a05d5e0881f5ab98661c6a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 05 May 2021 18:30:02 GMT
content-encoding: gzip
age: 1017695
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 05 May 2021 18:19:10 GMT
server: nginx
etag: W/"25a10d79ebd9f87f6a76b3e0bae334be"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: U2z.8ZLglAvJQPLI2Zg0qUlzzW94Dj9E
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: yC3uJCsZvCBPz4nAEMY2XsDuVGyYZQgQVDiPRRF0d9l9njd4xoAq7A==

GET
H2 200 main~970f9218.c5d671ef.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 64 KB
16 KB 88ms
87ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~970f9218.c5d671ef.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

50a9587181d1213451ae78755905b3109d0f9a89fdc643da419ccb92c05a977a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 14 May 2021 15:50:56 GMT
content-encoding: gzip
age: 249641
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 14 May 2021 14:54:20 GMT
server: nginx
etag: W/"7922b27ebfcab9d01eb207f4f7f63f72"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: ffw0naK76NVWI3_BbSNYyO547yxNYdQz
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: KnCzTsB8gW6zue4OSEaYENm4eEJLUraEqPSLP0ao_kohaK8iLw7h8w==

GET
H2 200 main~89e24786.52bc12fb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 65 KB
18 KB 88ms
87ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~89e24786.52bc12fb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

12fbb598ebd7b5c3b114fbe4f9513ba2ef3741eb4345d855b7b27a8b0556db16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 19:05:54 GMT
content-encoding: gzip
age: 497143
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 11 May 2021 18:48:19 GMT
server: nginx
etag: W/"7259e3a136dd124d7a891c1c958f46a9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: rRRilteFP2bg09_ua0t..4C6ZuaWUxlF
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 7bjNfnLvtUYAgAGDyF8wvqmgbAmie33KNEVYcDzOVqCHmalOKpdI7w==

GET
H2 200 main~53ca99a6.c6e33c8e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 30 KB
10 KB 88ms
87ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~53ca99a6.c6e33c8e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

4fee4b55adfbf770691ac424f13ba400bb8520aba1370419ba8954e686438323

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 14 May 2021 15:50:56 GMT
content-encoding: gzip
age: 249641
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 14 May 2021 14:54:20 GMT
server: nginx
etag: W/"f875511110d3338297fa3535d74d60c7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: z9AK8NMW9FEN95brAXQt3wnyR8gYOWPr
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XWD7nM6Ed0z1Lc4VDjklugbong3A2KpTqeqB8mGUSw7IbEkqyVZLUA==

GET
H2 200 37.1524c45f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5F7 6 KB
3 KB 44ms
44ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/37.1524c45f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

09698cbca28bc2f3d73d1f57ac823d2c707082442b068badf5fdd774f3d9b1b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 24 Mar 2021 16:09:54 GMT
content-encoding: gzip
age: 4654903
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 24 Mar 2021 15:54:59 GMT
server: nginx
etag: W/"7f201e07ac5ddc749c01b70d37a9493d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 51PVSJmk69CTLsdohL8915wFPt3ROPsP
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 4X086K20Af6AyYjjfpHngtPs_JwYk3yoeEGp2hrOXUJxhdZJlkrvmQ==

GET
H2 200 35.cfdb5c47.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5F7 107 KB
34 KB 45ms
44ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.cfdb5c47.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

84481c66973dbcfaad9597e7109d4f2039bcddd5c734429bff4174fdcde5a0da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 13:19:07 GMT
content-encoding: gzip
age: 1468350
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 25 Mar 2021 19:27:43 GMT
server: nginx
etag: W/"c32754b3254617ea5f88500d61f4bbe8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: fc_g.7YiGZPDN9.T0qtjUXORfLw1QpXW
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: i2TsOOHousr5T85mg4JCAkvQrTy1Peth8i5OrhzdT-At6WB15-xT9Q==

GET
H2 200 29.2a721b89.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5F7 27 KB
9 KB 45ms
44ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/29.2a721b89.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

213d581ff3f5d3c5b793ff7da45b91626637f1759aaadbfa536697ed5030fa63

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 14 May 2021 15:50:57 GMT
content-encoding: gzip
age: 249640
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 14 May 2021 14:54:18 GMT
server: nginx
etag: W/"3eed7e2ff8bd7069572d52389e1e4c9d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: Yv69WbcvOhuAuZ7J8NyoWbDNl.IRs2Tb
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qa72s3duymSkgHbMFoMForSwSCZLBCHrl_xBqrdx2AIGS5LCOVmRPQ==

GET
H2 200 32.71167ac0.chunk.css
js.driftt.com/core/assets/css/ Frame C5F7 1 KB
1 KB 45ms
44ms Stylesheet
text/css 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/32.71167ac0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

ed56292da2883fe23fa81f64fcedb3c6dff5f09b4f2aed777be50699e7f04ba7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 13:54:02 GMT
content-encoding: gzip
age: 1466255
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 13:24:08 GMT
server: nginx
etag: W/"7362dc7cbde5becc44253ec6d0061465"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: DZvba4KR5xrPx4nMdtAa3vElmrzSYCNc
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: y4qwfUFEWMD9J9_TkZ_5N_jqidIZ5JK0Hm6BcPoVpiMyoMZT7Qm3qA==

GET
H2 200 32.3cd5627d.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5F7 5 KB
2 KB 45ms
45ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/32.3cd5627d.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

ac8a9e34747520ef3113e768e6c23a8917b60005d2f4197241142e4425f24cf8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 14 May 2021 15:50:57 GMT
content-encoding: gzip
age: 249640
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 14 May 2021 14:54:18 GMT
server: nginx
etag: W/"7ff9862d94ece95b4a308cc1c44f67e3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: zvy1JWsiRWcvOpogEYMeHWJPImRXvdOh
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: DSH7P1DeiwkcJ0CATInC6Mts4D06AtRE0oTSvZsd1MO_Ii_3BGabwA==

GET
H2 200 37.1524c45f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 6 KB
3 KB 42ms
41ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/37.1524c45f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

09698cbca28bc2f3d73d1f57ac823d2c707082442b068badf5fdd774f3d9b1b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 24 Mar 2021 16:09:54 GMT
content-encoding: gzip
age: 4654903
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 24 Mar 2021 15:54:59 GMT
server: nginx
etag: W/"7f201e07ac5ddc749c01b70d37a9493d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 51PVSJmk69CTLsdohL8915wFPt3ROPsP
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: UnJteyH-6dVu8X8YU6R-MGvgF_KjJ501Pc0ZeK3Amcnkn8oNYvuYwQ==

GET
H2 200 35.cfdb5c47.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 107 KB
34 KB 42ms
41ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.cfdb5c47.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

84481c66973dbcfaad9597e7109d4f2039bcddd5c734429bff4174fdcde5a0da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 13:19:07 GMT
content-encoding: gzip
age: 1468350
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 25 Mar 2021 19:27:43 GMT
server: nginx
etag: W/"c32754b3254617ea5f88500d61f4bbe8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: fc_g.7YiGZPDN9.T0qtjUXORfLw1QpXW
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: P0L6_XtSE_3qeLOwN-7HlSjMlXlGlVrhtjmIwIbaivPuoB15zNMwiA==

GET
H2 200 29.2a721b89.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 27 KB
9 KB 42ms
41ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/29.2a721b89.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

213d581ff3f5d3c5b793ff7da45b91626637f1759aaadbfa536697ed5030fa63

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 14 May 2021 15:50:57 GMT
content-encoding: gzip
age: 249640
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 14 May 2021 14:54:18 GMT
server: nginx
etag: W/"3eed7e2ff8bd7069572d52389e1e4c9d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: Yv69WbcvOhuAuZ7J8NyoWbDNl.IRs2Tb
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: a0ozd_IksanMQRQLUcdE1dwFLkimOyBthZ5PkjBXfuasBMf44uSXPg==

GET
H2 200 32.71167ac0.chunk.css
js.driftt.com/core/assets/css/ Frame 147D 1 KB
1 KB 41ms
41ms Stylesheet
text/css 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/32.71167ac0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

ed56292da2883fe23fa81f64fcedb3c6dff5f09b4f2aed777be50699e7f04ba7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 13:54:02 GMT
content-encoding: gzip
age: 1466255
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 13:24:08 GMT
server: nginx
etag: W/"7362dc7cbde5becc44253ec6d0061465"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: DZvba4KR5xrPx4nMdtAa3vElmrzSYCNc
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: SJRo62jvOzKArK-Ys_iM-WtzO5ec72Yd5jPZ2ST9IjZZoMeTcFizXw==

GET
H2 200 32.3cd5627d.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 5 KB
2 KB 42ms
41ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/32.3cd5627d.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

ac8a9e34747520ef3113e768e6c23a8917b60005d2f4197241142e4425f24cf8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 14 May 2021 15:50:57 GMT
content-encoding: gzip
age: 249640
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 14 May 2021 14:54:18 GMT
server: nginx
etag: W/"7ff9862d94ece95b4a308cc1c44f67e3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: zvy1JWsiRWcvOpogEYMeHWJPImRXvdOh
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: mRvsutkT1oY2K8qKNTwAgj14E4cmHxnzpQRv6Rwp68kws5nJUKm3zg==

POST
H3-29 200 /
www.facebook.com/tr/ 0
15 B 32ms
16ms Ping
text/plain 2a03:2880:f130:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryRaWtjq608vmhNkqy

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Mon, 17 May 2021 13:11:37 GMT
content-type: text/plain
access-control-allow-origin: https://www.cybereason.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i

GET
H2 200 0.45eb4005.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5F7 17 KB
6 KB 42ms
41ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.45eb4005.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

65d29e040c59a5e843952c3f0da27028455dc63372440602d129681883891276

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Apr 2021 22:58:04 GMT
content-encoding: gzip
age: 2384013
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 19 Apr 2021 19:42:26 GMT
server: nginx
etag: W/"7e689afacd5eb298702f393c9c2f70f8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 1g7Hv6w3YDIKnLSLbX8uZi9cdYzVnmu5
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: SvGLt2mgBnBZaIlGb81T_2Te9enqD2Mc50mdtRYKlHi2y7p5hP2Neg==

GET
H2 200 1.0af467a5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5F7 68 KB
20 KB 42ms
41ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/1.0af467a5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

817c7a8de5f73b3bd9358babbbd8f904fa639279f18bc86d320fcfb7fcfa8485

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 06 Feb 2021 01:42:28 GMT
content-encoding: gzip
age: 8681349
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 05 Feb 2021 20:58:44 GMT
server: nginx
etag: W/"aedd244e100709f43b70a84bb3945ca6"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: kErXw93froxamEp2BnqkXpG57uNk3Qr1
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8s5FHL0VV53NmCbecvAD-hrBNv2my61JCZwD9mrgqKBv2_bHxN6PxQ==

GET
H2 200 28.9cdbaf61.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5F7 42 KB
12 KB 43ms
42ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/28.9cdbaf61.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

fb309977e76a8d02957f3d4f597788cde72b1dbb56b95cd505f7ff1c3faeaa4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 14 May 2021 15:50:57 GMT
content-encoding: gzip
age: 249640
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 14 May 2021 14:54:18 GMT
server: nginx
etag: W/"9767090161c54b818f21a312eedd7f61"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 00xVYkYss9kVLBzT54kSf3Soi51k.ITz
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: AJXt-8vPD3nz5jhL8GV4L4inH3OvcYij55y7TONXaih5JrmyzjRfHw==

GET
H2 200 2.939f0edf.chunk.css
js.driftt.com/core/assets/css/ Frame C5F7 2 KB
1 KB 43ms
42ms Stylesheet
text/css 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/2.939f0edf.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

62b33c7813e7ad094f92e3917fa81aff0546a584602763b43ce4bcd4ea7b46c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 15:19:03 GMT
content-encoding: gzip
age: 1979554
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 22 Apr 2021 15:02:33 GMT
server: nginx
etag: W/"49bde0a5fadb142d912e44161f3d4f36"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: i4oLOCo1CoXq5YZVZzPbQhQAY8Tkp_5R
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: xJKDPneevYa0xNoT3CimKSq6Ic4-lQtB1XRqYeIqUkyagW0c_eG8ag==

GET
H2 200 2.4cd53141.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5F7 33 KB
11 KB 43ms
43ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/2.4cd53141.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

7b9be083609cdb03285eae8d967c4b7f0c91f9056049335e5fd5aa26b6afa0a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 17:13:09 GMT
content-encoding: gzip
age: 1454308
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 15:32:27 GMT
server: nginx
etag: W/"ac28ebd37a2821d11d55291ec77f7893"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: Nq.bZfZwqxc3pr2BF44uerpZjwt2F_Ei
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Qqsxeh6NYfoQKsB2IvM6x5pZ3F-hzavqjxQFjidTb6ChllYrk_-jGA==

GET
H2 200 27.02e62d23.chunk.css
js.driftt.com/core/assets/css/ Frame C5F7 8 KB
2 KB 43ms
42ms Stylesheet
text/css 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/27.02e62d23.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

475dbccf84ca50f8d13df95ef5a85c58198fd65fefa481850453de7feb2d4bb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 13:54:02 GMT
content-encoding: gzip
age: 1466255
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 13:24:08 GMT
server: nginx
etag: W/"4a7ea3158114815c3ce4a439e64bb20f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: mQrumdy7biVwQR1YnMnJxX26TKzC8eK0
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: jNfGVOLMAQSPm-UJs4JRhaD7ZMkqmxOlJwDKNjaiizt7dLHnozfANw==

GET
H2 200 27.8a04ae12.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5F7 64 KB
18 KB 43ms
43ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/27.8a04ae12.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

6bb4c767e3d4734abd6084c69014d5fd9237953ef76dd9da97ee29e01791ab90

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&forceShow=false&skipCampaigns=false&sessionId=a8d588cf-b4bb-4213-9ff3-51592e81ab23&sessionStarted=1621257096&campaignRefreshToken=94ba3652-7d26-4539-b6fc-6186fd22352e&hideController=false&pageLoadStartTime=1621257095333&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 14 May 2021 15:50:57 GMT
content-encoding: gzip
age: 249640
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 14 May 2021 14:54:18 GMT
server: nginx
etag: W/"4e6d1673847e78a1a8a3bd79cc403b9f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: IcwOKIWAirvzGk4nSnTaZv8ChG0Q8Gvj
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: mm86lKxJijKLrHEGL70ofl5cpFZ35bFUbSdVllbWnU1mcu2lqEqiRw==

GET
H2 200 0.45eb4005.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 17 KB
6 KB 46ms
41ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.45eb4005.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

65d29e040c59a5e843952c3f0da27028455dc63372440602d129681883891276

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Apr 2021 22:58:04 GMT
content-encoding: gzip
age: 2384013
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 19 Apr 2021 19:42:26 GMT
server: nginx
etag: W/"7e689afacd5eb298702f393c9c2f70f8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 1g7Hv6w3YDIKnLSLbX8uZi9cdYzVnmu5
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: steDEZzDbpCsQmgowowtVrF929OBEO6fUNTqJiM2mG5BXOhxGL2MCA==

GET
H2 200 33.e776e5b0.chunk.css
js.driftt.com/core/assets/css/ Frame 147D 6 KB
1 KB 43ms
40ms Stylesheet
text/css 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/33.e776e5b0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

f8e3f110b75b3f1951f50fb7795c6eaf5bee4f07b787a1b535b39e734c7f1723

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 13:54:02 GMT
content-encoding: gzip
age: 1466255
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 13:24:08 GMT
server: nginx
etag: W/"9f36443a9402e1e03bf8070ddc88b8db"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: KGLpEbzDUJECLa.dPnGsWLXLQnFKU.qP
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: W7wksyIGSK71k_kZ-aGxkH7sXEE9GCAVqtVdkB_NvbTM5OeA_awIzQ==

GET
H2 200 33.94f6fafc.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 2 KB
2 KB 42ms
41ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/33.94f6fafc.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

a530f18a3872bed929f7723682c3b1a67d302308741586dea8e73d756d85fb61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 13:54:02 GMT
content-encoding: gzip
age: 1466255
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 13:24:11 GMT
server: nginx
etag: W/"674f6cfb7acbf1f937711877f406db2a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: hrxaGGmeYSGn4fq7yLkHzgC8VF8A.WkN
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: P0LlMd6BOYt9hdlqGst8KlbEuq1HCWE11nN-9-X1Hz91RkkHP0mhFQ==

GET
H2 200 1.0af467a5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 68 KB
20 KB 41ms
39ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/1.0af467a5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

817c7a8de5f73b3bd9358babbbd8f904fa639279f18bc86d320fcfb7fcfa8485

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 06 Feb 2021 01:42:28 GMT
content-encoding: gzip
age: 8681349
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 05 Feb 2021 20:58:44 GMT
server: nginx
etag: W/"aedd244e100709f43b70a84bb3945ca6"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: kErXw93froxamEp2BnqkXpG57uNk3Qr1
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 1WXWE1Tucfc_33Ao8RcgKCB1JJgARFpgHvGOVrzRfEVzJTW_It09yg==

GET
H2 200 7.07aa08a5.chunk.css
js.driftt.com/core/assets/css/ Frame 147D 7 KB
2 KB 45ms
42ms Stylesheet
text/css 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/7.07aa08a5.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 13:54:03 GMT
content-encoding: gzip
age: 1466254
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 13:24:09 GMT
server: nginx
etag: W/"189aeffd571884559dababa22c66d75a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: qRE432HVQ7Y1w.s9lcCBDT5jZX9YXsTD
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: imLnk6D_1aQ6UP0Aec_intIw4v4FhJBU4F-ezVt3qpxOwtr1HfQ5KQ==

GET
H2 200 7.d2b06f0f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 38 KB
13 KB 45ms
43ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/7.d2b06f0f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

a700f71fb1bb8fbba02eb3a6e70c73441e24337c4521bacc1c4e2b97d7b191a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 13:54:03 GMT
content-encoding: gzip
age: 1466254
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 13:24:12 GMT
server: nginx
etag: W/"d22fa8dd9fdbdcdde74443bcd7a64fa3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: xnIs15mgedQOb8VhFDNVv2E4rRhqKdBF
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 4ylihll5FTUZX2f-T6FINjLP672tewvBjTcncLxXwC1m-QjG1_wYAA==

GET
H2 200 4.83e6fbb0.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 50 KB
14 KB 45ms
43ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/4.83e6fbb0.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

773e03ac001d0d50aa313e801d59d2acb8e8740d969a218e004effc8f1334ef0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Apr 2021 20:57:30 GMT
content-encoding: gzip
age: 2996047
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 12 Apr 2021 20:26:14 GMT
server: nginx
etag: W/"1055d5233f397035f9106d9c6067332c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: VEA2c_RsciIuDC7GppXra6t044BndYBr
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: CU-k8iPtkkLMwGoRBFtJ0WCDFIH_JXoloJfPrKo6WTmZDjhyLuGBYg==

GET
H2 200 2.939f0edf.chunk.css
js.driftt.com/core/assets/css/ Frame 147D 2 KB
1 KB 46ms
44ms Stylesheet
text/css 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/2.939f0edf.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

62b33c7813e7ad094f92e3917fa81aff0546a584602763b43ce4bcd4ea7b46c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Apr 2021 15:19:03 GMT
content-encoding: gzip
age: 1979554
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 22 Apr 2021 15:02:33 GMT
server: nginx
etag: W/"49bde0a5fadb142d912e44161f3d4f36"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: i4oLOCo1CoXq5YZVZzPbQhQAY8Tkp_5R
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 3xTEN4V87RcDw1QmkTeFG6i7HotIj4oIHZWAM0sL9_QSnFu0WyLnpw==

GET
H2 200 2.4cd53141.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 33 KB
11 KB 47ms
45ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/2.4cd53141.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

7b9be083609cdb03285eae8d967c4b7f0c91f9056049335e5fd5aa26b6afa0a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 17:13:09 GMT
content-encoding: gzip
age: 1454308
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 15:32:27 GMT
server: nginx
etag: W/"ac28ebd37a2821d11d55291ec77f7893"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: Nq.bZfZwqxc3pr2BF44uerpZjwt2F_Ei
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: JJo8XafgScccFqrjxGULKJRZBxdSx9hgahKKoSP67LilvfXaf2pPWw==

GET
H2 200 8.be5de6bd.chunk.css
js.driftt.com/core/assets/css/ Frame 147D 11 KB
3 KB 46ms
44ms Stylesheet
text/css 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/8.be5de6bd.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

c8adaf3188585a5b34f8888433375deca3246c299c1c10b46bc804641bd55ddd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 13:54:03 GMT
content-encoding: gzip
age: 1466254
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 13:24:09 GMT
server: nginx
etag: W/"9dfbe8830427f45dc3297497130b7b2c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: RfAWXJwSBOjm4EZfS4bYmkx2z25QfMeE
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: TV3m-otuoLw5HqdTGWVvkvbFZ4eOvxByTJ1zU2TNg59DlXDV2VdUIg==

GET
H2 200 8.e88f9167.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 16 KB
6 KB 47ms
45ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.e88f9167.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

8fa7e02441ac12b38e71dbcd72a60015e83a4b650962350fdce37bab18cf454f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 18:12:39 GMT
content-encoding: gzip
age: 1105138
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 03 May 2021 19:03:07 GMT
server: nginx
etag: W/"62635289f26869c6f433cf9c33b54daa"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 4hOdeQJqD6awGaDqiGcfUZHW7b71a6PT
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ysQEH2BBmxJY4MCIUM0Qgn0H4N_gRPCalMhjVlGhc07dcMLjsP0anw==

GET
H2 200 6.f255bf33.chunk.css
js.driftt.com/core/assets/css/ Frame 147D 6 KB
2 KB 46ms
45ms Stylesheet
text/css 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/6.f255bf33.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

067a3f3a6d50349a650f9df58b4c118f0ca0a2136ee24163742dea4625b85cff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 03 May 2021 00:29:46 GMT
content-encoding: gzip
age: 1255311
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 15:32:25 GMT
server: nginx
etag: W/"8c7c720f617083d90026fa60c98b5a13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: edJOzWaQXLLsoourudYjr8PEEV1DoTzJ
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: zH81oOWKakpaekqTOdarmvGG9WqUVJ8f0JDGAZkHMUbFIr4dZThzFQ==

GET
H2 200 6.d3be9570.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 14 KB
6 KB 47ms
45ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/6.d3be9570.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

69b51ce5274738bb3e7a3462b821870ff6fdab7ed0181213356b7a789f3483ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 13:54:03 GMT
content-encoding: gzip
age: 1466254
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 13:24:12 GMT
server: nginx
etag: W/"328a6e8dee518c8853e3eaecedf73870"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: Ojdv32iQx.BHoP1Fx6z2J_UkuDpcU40s
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: kjbGfSTUASAvM5rJ_FX8tpVwdOpt5nouvIdT0O5Hc3wSDA_z1z_npA==

GET
H2 200 3.0ea1fc6e.chunk.css
js.driftt.com/core/assets/css/ Frame 147D 34 KB
6 KB 46ms
45ms Stylesheet
text/css 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/3.0ea1fc6e.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

82a557180fc468bdfc051140172475ed640c424fd73a78f27211c8ce949b5134

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 13:54:03 GMT
content-encoding: gzip
age: 1466254
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 13:24:08 GMT
server: nginx
etag: W/"7c265a43e77a50dc1332a0ea224ce907"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: a5_O7eOu8Ol.QJzqIQ_iJcSYdMoZvBIz
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: IdoBNQ97Vqw48ELnOePOPkHHyz_D8U8MIMQGqX20hJORVE7VRIuGAw==

GET
H2 200 3.630f5bec.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 65 KB
20 KB 47ms
46ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/3.630f5bec.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

0588e87b65546b42f7b174af89da96a192a3a9adf400d5b616c8e922d68f7cf8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 18:12:39 GMT
content-encoding: gzip
age: 1105138
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 03 May 2021 19:03:06 GMT
server: nginx
etag: W/"3dfc112a7a1a9db82e4585d0b7ba2a5e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: rzF1HxDE4uH8Ts6ufmrBH9MMFKBjW3JH
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: RK21hrDB-A2tS291G_6yCJv2pSu5o-KeqcHXEy9dKSeZRxpNLVaoyQ==

GET
H2 200 5.aa6aede7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 17 KB
7 KB 47ms
46ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/5.aa6aede7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

ef403c6c759d482925f23c6f42e164d0d615d0b0f6fde37d8aeaf92c63833e2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 18:12:39 GMT
content-encoding: gzip
age: 1105138
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 03 May 2021 19:03:06 GMT
server: nginx
etag: W/"15ad3f8329820418cf516a77de765986"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: mNIY2WgtBbR4puGR59Q4MizZG2__8Bf8
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Kq7LobWM97ky8ysstdwRyUe-GsFMBH7XAxWaABsjLCRoSpSYayC9Sg==

GET
H2 200 25.0f3076d4.chunk.css
js.driftt.com/core/assets/css/ Frame 147D 16 KB
3 KB 47ms
46ms Stylesheet
text/css 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/25.0f3076d4.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

6a937cac6c1f73afedba2ff302d69c69560b9413ab327158718fd76bdc66a669

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 13:54:03 GMT
content-encoding: gzip
age: 1466254
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 13:24:08 GMT
server: nginx
etag: W/"d668c40d88e269f4226308e1d0dac5b2"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: NdcDF_vbGtotEEQVPrIyw1H7r8._J1KG
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 9DPIk0F6b1IoicTb-qdWPY-sibjOMgChMmzQ5AX_uxclpuygtYNA7w==

GET
H2 200 25.1eac91ab.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 21 KB
7 KB 47ms
46ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.1eac91ab.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

302e1a06cf45cb9dc221eee6eb8a619a6af3820e7918f1e4bf50f091954526f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 15:03:50 GMT
content-encoding: gzip
age: 1462067
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 14:00:06 GMT
server: nginx
etag: W/"c32d5afe0a9036a95fb759026e8c7dbc"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: K9Kdej32FiwvEQIDR4Oa4gZqmCF5CwtR
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: fmeNz8dTh_UurwumuD9L00TIL75i6xeRKk0_FwIGWV8SetOL_YAEYA==

OPTIONS
H2 200 v2
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame 0
0 307ms
103ms Preflight
text/plain 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v2

Protocol

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 17 May 2021 13:11:37 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: driftffca8b544c597a85bff1a2d4bcf
content-length: 13
x-envoy-upstream-service-time: 0
server: istio-envoy

GET
H2 200 css
fonts.googleapis.com/ Frame C5F7 4 KB
739 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open%20Sans|Open%20Sans:bold&display=swap

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/2.4cd53141.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1476c101cda6283fbd6a7b4381767b7ecde6d8e1bd871dd43bfba89f1b950a87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://js.driftt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 17 May 2021 11:57:33 GMT
server: ESF
date: Mon, 17 May 2021 13:11:37 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 17 May 2021 13:11:37 GMT

POST
H2 200 v2 Show response
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame C5F7 25 B
123 B 117ms
117ms XHR
application/json 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/39.00daf76c.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Authorization
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 17 May 2021 13:11:37 GMT
server: istio-envoy
requestid: 5f7b00187b5e7fb4
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 15
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

GET
H2 200 zdcd6x8yhg85.json Show response
embeds.driftcdn.com/embeds/ Frame C5F7 46 KB
11 KB 140ms
51ms XHR
application/json 13.224.95.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://embeds.driftcdn.com/embeds/zdcd6x8yhg85.json
Requested by: Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/39.00daf76c.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.95.48 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-95-48.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3f8736d74e8663925d5d6f12b8fe2f734636181c902a84f2ac7c2664d6d16451

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:33 GMT
content-encoding: gzip
age: 5
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Mon, 10 May 2021 15:54:11 GMT
server: AmazonS3
etag: W/"eeefc8b8426f8c34977294a02e082759"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/json; charset=UTF-8
via: 1.1 7e81b1a3e22ce96cdfb0b6c2db121d58.cloudfront.net (CloudFront)
cache-control: public, max-age=30
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: W3PsKpgVQDW4jMrLAZeUOhIMNt1w4iGQp3ybrU0IjaXpb-JSHryZpw==

POST
H2 200 utk Show response
customer.api.drift.com/integrations/hubspot/ Frame C5F7 2 B
122 B 160ms
160ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://customer.api.drift.com/integrations/hubspot/utk

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/39.00daf76c.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Authorization
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 17 May 2021 13:11:38 GMT
server: istio-envoy
requestid: 5ffa92cf4ba84796
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 57
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 2
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

OPTIONS
H2 200 utk
customer.api.drift.com/integrations/hubspot/ Frame 0
0 333ms
106ms Preflight
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://customer.api.drift.com/integrations/hubspot/utk

Protocol

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 17 May 2021 13:11:37 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: driftad322af4bd1ad50b3acf2d10fff
content-length: 13
x-envoy-upstream-service-time: 1
server: istio-envoy

POST
H2 200 widget_bootstrap Show response
bootstrap.api.drift.com/ Frame C5F7 3 KB
2 KB 490ms
489ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/39.00daf76c.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f75f356bba78b908657479698c4726b9af24166c68f03b7009e8f2d757294e4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 17 May 2021 13:11:38 GMT
content-encoding: gzip
server: istio-envoy
requestid: 68918ecd9d4ab9d7
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 374
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 1624
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

OPTIONS
H2 200 zdcd6x8yhg85
targeting.api.drift.com/hours/availability/combined/ Frame 0
0 129ms
127ms Preflight
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/hours/availability/combined/zdcd6x8yhg85

Protocol

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 17 May 2021 13:11:38 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: HEAD,GET,OPTIONS
requestid: drifta5d7f7e44e19ff1125da9695a3f
content-length: 18
x-envoy-upstream-service-time: 1
server: istio-envoy

GET
H2 200 zdcd6x8yhg85 Show response
targeting.api.drift.com/hours/availability/combined/ Frame C5F7 88 B
151 B 124ms
123ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/hours/availability/combined/zdcd6x8yhg85

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/39.00daf76c.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

1ff4ac5ee9d859db05eb2ecb1de12a94982e4e74ad9f7e5cccf20866090c651b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiI5Njc3MjY2NDY1IiwiY2xpZW50SWQiOiJmNnp1aXpkeWh4cm03ciIsInVzZXJJZFR5cGUiOiJMRUFEIiwic2NvcGUiOiJsZWFkIiwiaXNzIjoiMTM4MTI3NyIsImV4cCI6MTY1Mjc5MzA5OCwiaWF0IjoxNjIxMjU3MDk4fQ.z-tY3ZZXO5cN9O1G4Yyp78XxwU1KTa_ZqQdRBCcTqoWKzmf4YtDRrdjj7x1VRuSgeCdncGtxFglSjqVIBTd0Xw

Response headers

date: Mon, 17 May 2021 13:11:38 GMT
server: istio-envoy
requestid: 8dd7239d7220d396
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 18
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 88
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

POST
H2 200 track Show response
event.api.drift.com/ Frame C5F7 600 B
1 KB 103ms
103ms XHR
application/json 54.145.60.34
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/39.00daf76c.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.145.60.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-145-60-34.compute-1.amazonaws.com

Software

Resource Hash

4f1610c34f15dd7077a6bfd94afa0a018ab802b348a9c1ef86e4287629c192bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiI5Njc3MjY2NDY1IiwiY2xpZW50SWQiOiJmNnp1aXpkeWh4cm03ciIsInVzZXJJZFR5cGUiOiJMRUFEIiwic2NvcGUiOiJsZWFkIiwiaXNzIjoiMTM4MTI3NyIsImV4cCI6MTY1Mjc5MzA5OCwiaWF0IjoxNjIxMjU3MDk4fQ.z-tY3ZZXO5cN9O1G4Yyp78XxwU1KTa_ZqQdRBCcTqoWKzmf4YtDRrdjj7x1VRuSgeCdncGtxFglSjqVIBTd0Xw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 17 May 2021 13:11:39 GMT
requestid: 983f4c8d84340762
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 600

OPTIONS
H2 200 track
event.api.drift.com/ Frame 0
0 312ms
103ms Preflight
text/plain 54.145.60.34
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Protocol

Server

54.145.60.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-145-60-34.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 17 May 2021 13:11:38 GMT
content-type: text/plain
content-length: 13
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
allow: POST,OPTIONS
requestid: drift7eefa5e44c98f19415385659319

GET
H2 200 44.a62fd4b8.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 147D 17 KB
6 KB 40ms
40ms Script
application/javascript 13.224.95.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/44.a62fd4b8.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9fbac000.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.95.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-95-104.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

324d01ef7f0060b668eb74ff00816d2daedbe385bb4a9d83ffacd023a51464c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 13:10:26 GMT
content-encoding: gzip
age: 1555272
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 25 Mar 2021 19:27:43 GMT
server: nginx
etag: W/"975a68568d054bd43cff65c64b196a99"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: GF2od9k.Rlz.mQ8IIJyUY3sxYlADtpc8
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: ZRH50-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: kieKTnpQf4L1FtLDV9dqt03FetSpftQjqrhER4kZ1famswawBh2rmA==

GET
H3-29 200 css
fonts.googleapis.com/ Frame 147D 4 KB
643 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open%20Sans|Open%20Sans:bold&display=swap

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/2.4cd53141.chunk.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1476c101cda6283fbd6a7b4381767b7ecde6d8e1bd871dd43bfba89f1b950a87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://js.driftt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 17 May 2021 11:16:51 GMT
server: ESF
date: Mon, 17 May 2021 13:11:38 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 17 May 2021 13:11:38 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 147D 14 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open%20Sans|Open%20Sans:bold&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://js.driftt.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 01:50:37 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:22 GMT
server: sffe
age: 559261
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14380
x-xss-protection: 0
expires: Wed, 11 May 2022 01:50:37 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 147D 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open%20Sans|Open%20Sans:bold&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://js.driftt.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 20:40:38 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:11:00 GMT
server: sffe
age: 491460
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15056
x-xss-protection: 0
expires: Wed, 11 May 2022 20:40:38 GMT

OPTIONS
H2 200 evaluate_with_log
targeting.api.drift.com/targeting/ Frame 0
0 105ms
105ms Preflight
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/targeting/evaluate_with_log

Protocol

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 17 May 2021 13:11:38 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: driftc88753b41edb380866bd2043ad9
content-length: 13
x-envoy-upstream-service-time: 1
server: istio-envoy

POST
H2 200 evaluate_with_log Show response
targeting.api.drift.com/targeting/ Frame C5F7 491 B
354 B 104ms
103ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/targeting/evaluate_with_log

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/39.00daf76c.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

393306838cdda3ae12f09f3de85f70afb226736389ceb50f189cd519e50f9dd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiI5Njc3MjY2NDY1IiwiY2xpZW50SWQiOiJmNnp1aXpkeWh4cm03ciIsInVzZXJJZFR5cGUiOiJMRUFEIiwic2NvcGUiOiJsZWFkIiwiaXNzIjoiMTM4MTI3NyIsImV4cCI6MTY1Mjc5MzA5OCwiaWF0IjoxNjIxMjU3MDk4fQ.z-tY3ZZXO5cN9O1G4Yyp78XxwU1KTa_ZqQdRBCcTqoWKzmf4YtDRrdjj7x1VRuSgeCdncGtxFglSjqVIBTd0Xw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 17 May 2021 13:11:39 GMT
content-encoding: gzip
server: istio-envoy
requestid: a785470c27daf786
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 270
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

POST
H2 200 render_initial Show response
flow.api.drift.com/flows/ Frame C5F7 3 KB
2 KB 126ms
126ms XHR
application/json 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://flow.api.drift.com/flows/render_initial

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/39.00daf76c.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

fca14522d7547e6d7f422279c827c2499656816966840de469575a9d0e5458b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiI5Njc3MjY2NDY1IiwiY2xpZW50SWQiOiJmNnp1aXpkeWh4cm03ciIsInVzZXJJZFR5cGUiOiJMRUFEIiwic2NvcGUiOiJsZWFkIiwiaXNzIjoiMTM4MTI3NyIsImV4cCI6MTY1Mjc5MzA5OCwiaWF0IjoxNjIxMjU3MDk4fQ.z-tY3ZZXO5cN9O1G4Yyp78XxwU1KTa_ZqQdRBCcTqoWKzmf4YtDRrdjj7x1VRuSgeCdncGtxFglSjqVIBTd0Xw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 17 May 2021 13:11:39 GMT
content-encoding: gzip
server: istio-envoy
requestid: cfdd048300f293a4
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 24
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 1817
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

OPTIONS
H2 200 render_initial
flow.api.drift.com/flows/ Frame 0
0 106ms
102ms Preflight
text/plain 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://flow.api.drift.com/flows/render_initial

Protocol

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 17 May 2021 13:11:39 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: drift315c61744758c6a53b9c13ad45d
content-length: 13
x-envoy-upstream-service-time: 0
server: istio-envoy

GET
H2 200 https%3A%2F%2Fdriftt.imgix.net%2Fhttps%253A%252F%252Fs3.amazonaws.com%252Fcustomer-api-avatars-prod%252F1950898%252F44040b1add9db6e3a15830880da27877c9ux969zbsnb%3Ffit%3Dmax%26fm%3Dpng%26h%3D200%26w...
driftt.imgix.net/ Frame C5F7 10 KB
11 KB 9ms
7ms Image
image/png 2a04:4e42:1b::720
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://driftt.imgix.net/https%3A%2F%2Fdriftt.imgix.net%2Fhttps%253A%252F%252Fs3.amazonaws.com%252Fcustomer-api-avatars-prod%252F1950898%252F44040b1add9db6e3a15830880da27877c9ux969zbsnb%3Ffit%3Dmax%26fm%3Dpng%26h%3D200%26w%3D200%26s%3Ddcb764475a9de0b7e8b5ade9b81dce84?fit=max&fm=png&h=200&w=200&s=bf94b917bd5f91c187cf909c5caabdc0

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::720 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

imgix /

Resource Hash

fa13fcd4be1e630a71640ecbcfefb1dbdbeb47acc72d1ad16298d9bb9c858285

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.driftt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 13:11:39 GMT
x-content-type-options: nosniff
fastly-restarts: 1
last-modified: Thu, 08 Apr 2021 11:18:14 GMT
server: imgix
age: 3376405
x-cache: MISS, HIT, HIT, HIT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=315360000
x-imgix-id: 896d59920610d3f5f9d7b1d4fa39f436cd656d77
accept-ranges: bytes
content-length: 10596
cross-origin-resource-policy: cross-origin
x-served-by: cache-sjc10052-SJC, cache-sjc10024-SJC, cache-sjc10080-SJC, cache-hhn4076-HHN

GET
H3-29 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v18/ Frame C5F7 14 KB
14 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open%20Sans|Open%20Sans:bold&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://js.driftt.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 01:50:37 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:22 GMT
server: sffe
age: 559262
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14380
x-xss-protection: 0
expires: Wed, 11 May 2022 01:50:37 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
87 B 12ms
12ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1125818919&t=event&ni=1&_s=3&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fcybereason-vs-darkside-ransomware&ul=en-us&de=UTF-8&dt=Cybereason%20vs.%20DarkSide%20Ransomware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Drift%20Widget&ea=Playbook%20Fired&el=Playbook%20ID%3A%202247795&_u=aHBAAEABAAAAAC~&jid=1660792101&gjid=1799762085&cid=98923819.1621257097&tid=UA-56367941-1&_gid=1429539086.1621257097&_r=1&cd3=(Non-Company%20Visitor)&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=(Non-Company%20Visitor)&cd8=(Non-Company%20Visitor)&cd9=Bot&cd10=(Non-Company%20Visitor)&cd11=(Non-Company%20Visitor)&cd12=Amsterdam&cd13=NH&cd14=Netherlands&z=1676920869

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 17 May 2021 13:11:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cybereason.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 widget Show response
targeting.api.drift.com/impressions/ Frame C5F7 0
37 B 113ms
113ms XHR
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/impressions/widget

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/39.00daf76c.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiI5Njc3MjY2NDY1IiwiY2xpZW50SWQiOiJmNnp1aXpkeWh4cm03ciIsInVzZXJJZFR5cGUiOiJMRUFEIiwic2NvcGUiOiJsZWFkIiwiaXNzIjoiMTM4MTI3NyIsImV4cCI6MTY1Mjc5MzA5OCwiaWF0IjoxNjIxMjU3MDk4fQ.z-tY3ZZXO5cN9O1G4Yyp78XxwU1KTa_ZqQdRBCcTqoWKzmf4YtDRrdjj7x1VRuSgeCdncGtxFglSjqVIBTd0Xw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 17 May 2021 13:11:39 GMT
server: istio-envoy
requestid: 81d6c1020d492666
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 9
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

OPTIONS
H2 200 widget
targeting.api.drift.com/impressions/ Frame 0
0 107ms
107ms Preflight
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/impressions/widget

Protocol

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 17 May 2021 13:11:39 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: drift24d30414966886937da5b336d20
content-length: 13
x-envoy-upstream-service-time: 1
server: istio-envoy

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-56367941-1&cid=98923819.1621257097&jid=1660792101&gjid=1799762085&_gid=1429539086.1621257097&_u=aHBAAEABAAAAAC~&z=1921719285

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 17 May 2021 13:11:39 GMT
content-type: text/plain
access-control-allow-origin: https://www.cybereason.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 28ms
28ms Image
image/gif 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-56367941-1&cid=98923819.1621257097&jid=1660792101&_u=aHBAAEABAAAAAC~&z=217872170

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 13:11:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 29ms
29ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-56367941-1&cid=98923819.1621257097&jid=1660792101&_u=aHBAAEABAAAAAC~&z=217872170

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 17 May 2021 13:11:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 bulk Show response
metrics.api.drift.com/monitoring/metrics/event2/ Frame C5F7 25 B
84 B 119ms
119ms XHR
application/json 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event2/bulk

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/39.00daf76c.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiI5Njc3MjY2NDY1IiwiY2xpZW50SWQiOiJmNnp1aXpkeWh4cm03ciIsInVzZXJJZFR5cGUiOiJMRUFEIiwic2NvcGUiOiJsZWFkIiwiaXNzIjoiMTM4MTI3NyIsImV4cCI6MTY1Mjc5MzA5OCwiaWF0IjoxNjIxMjU3MDk4fQ.z-tY3ZZXO5cN9O1G4Yyp78XxwU1KTa_ZqQdRBCcTqoWKzmf4YtDRrdjj7x1VRuSgeCdncGtxFglSjqVIBTd0Xw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 17 May 2021 13:11:39 GMT
server: istio-envoy
requestid: 2898c6d30ca92b5
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 15
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

OPTIONS
H2 200 bulk
metrics.api.drift.com/monitoring/metrics/event2/ Frame 0
0 105ms
104ms Preflight
text/plain 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event2/bulk

Protocol

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 17 May 2021 13:11:39 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: driftb016aae441f8abc4388829e7578
content-length: 13
x-envoy-upstream-service-time: 1
server: istio-envoy

POST
H2 200 perf Show response
www.cybereason.com/_hcms/ 2 B
518 B 442ms
441ms XHR
text/plain 199.60.103.226
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/_hcms/perf
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.226 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-fetch-mode: cors
origin: https://www.cybereason.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
content-length: 804
:path: /_hcms/perf
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: www.cybereason.com
referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/json

Response headers

date: Mon, 17 May 2021 13:11:39 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2
cf-request-id: 0a1c0d30fd00004c4a583ff000000001
server: cloudflare
x-trace: 2B0806FCCBED75EE163DC14EF5F6AAF6376521F4A0000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2FeZ1A8ihhsHjaHV87N5YTE%2BwnB8uevaJU2g6TuSFZd9jKiI%2FVlL2nSmu0qnIcWBSjpAxi96TFVB2e4Ftyl5NiUNH8EH451W9EVG%2Fi0ZuF4SXMEU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-robots-tag: none
access-control-allow-credentials: false
set-cookie: __cfruid=77367beef06a6a35fcb4dded9df86275d2d2747a-1621257099; path=/; domain=.www.cybereason.com; HttpOnly; Secure; SameSite=None
cf-ray: 650d17c7faba4c4a-AMS

POST
H/1.1 200
OK / Show response
fg8vvsvnieiv3ej16jby.litix.io/ 0
172 B 103ms
102ms XHR
text/plain 34.236.95.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://fg8vvsvnieiv3ej16jby.litix.io/
Requested by: Host: fast.wistia.com
URL: https://fast.wistia.com/assets/external/wistia-mux.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.236.95.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-236-95-28.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 17 May 2021 13:11:42 GMT
Connection: keep-alive
Content-Length: 0
Access-Control-Allow-Methods: POST, GET

OPTIONS
H/1.1 200
OK /
fg8vvsvnieiv3ej16jby.litix.io/ Frame 0
0 409ms
102ms Preflight 34.236.95.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://fg8vvsvnieiv3ej16jby.litix.io/
Protocol: HTTP/1.1
Server: 34.236.95.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-236-95-28.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.cybereason.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: POST, GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Date: Mon, 17 May 2021 13:11:41 GMT
Content-Length: 0
Connection: keep-alive

POST
H2 200 bulk Show response
metrics.api.drift.com/monitoring/metrics/add/ Frame C5F7 25 B
84 B 104ms
104ms XHR
application/json 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/add/bulk

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/39.00daf76c.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiI5Njc3MjY2NDY1IiwiY2xpZW50SWQiOiJmNnp1aXpkeWh4cm03ciIsInVzZXJJZFR5cGUiOiJMRUFEIiwic2NvcGUiOiJsZWFkIiwiaXNzIjoiMTM4MTI3NyIsImV4cCI6MTY1Mjc5MzA5OCwiaWF0IjoxNjIxMjU3MDk4fQ.z-tY3ZZXO5cN9O1G4Yyp78XxwU1KTa_ZqQdRBCcTqoWKzmf4YtDRrdjj7x1VRuSgeCdncGtxFglSjqVIBTd0Xw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 17 May 2021 13:11:42 GMT
server: istio-envoy
requestid: f61543e9795a67e6
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

OPTIONS
H2 200 bulk
metrics.api.drift.com/monitoring/metrics/add/ Frame 0
0 103ms
103ms Preflight
text/plain 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/add/bulk

Protocol

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 17 May 2021 13:11:42 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: driftb129f4e4ea4a9b8f51a97a1e0c1
content-length: 13
x-envoy-upstream-service-time: 1
server: istio-envoy

GET
H/1.1 200
OK img
pixel.mathtag.com/misc/ 43 B
635 B 59ms
58ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/misc/img?mm_bnc&bcdv=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3736 915c305 master zrh-pixel-x31 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 17 May 2021 13:11:46 GMT
Server: MT3 3736 915c305 master zrh-pixel-x31
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 17 May 2021 13:11:49 GMT

Verdicts & Comments Add Verdict or Comment

140 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cybereason.com/	1970-01-19 18:20:58	Name: __hssc Value: 85683782.1.1621257096518
.cybereason.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.cybereason.com/	1970-01-20 03:42:33	Name: hubspotutk Value: e0deab6fbbbdd41c995ce284112a31d7
.cybereason.com/	1970-01-20 03:42:33	Name: __hstc Value: 85683782.e0deab6fbbbdd41c995ce284112a31d7.1621257096518.1621257096518.1621257096518.1
.www.cybereason.com/	1969-12-31 23:59:59	Name: __cfruid Value: b1820303938093f3b07ad5ce181814f0ed2bc56b-1621257095
www.cybereason.com/blog	1969-12-31 23:59:59	Name: loglevel Value: WARN

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://js.driftt.com/core/assets/js/24.51b9fb55.chunk.js(Line 1) Message: react-i18next:: You will need to pass in an i18next instance by using initReactI18next

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10272547.fls.doubleclick.net
10428681.fls.doubleclick.net
adservice.google.com
adservice.google.de
alb.reddit.com
analytics.google.com
analytics.twitter.com
api.company-target.com
api.hubapi.com
apt.techtarget.com
bat.bing.com
bootstrap.api.drift.com
cdn.pdst.fm
cdn2.hubspot.net
cdnjs.cloudflare.com
connect.facebook.net
customer.api.drift.com
distillery.wistia.com
driftt.imgix.net
embeds.driftcdn.com
embedwistia-a.akamaihd.net
event.api.drift.com
fast.wistia.com
fast.wistia.net
fg8vvsvnieiv3ej16jby.litix.io
flow.api.drift.com
fonts.googleapis.com
fonts.gstatic.com
forms.hubspot.com
googleads.g.doubleclick.net
id.rlcdn.com
js.driftt.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hsleadflows.net
lltrck.com
match.prod.bidr.io
meetings.cybereason.com
metrics.api.drift.com
p.typekit.net
pixel.mathtag.com
pixel.sitescout.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
script.hotjar.com
segments.company-target.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
syndication.twitter.com
t.co
tag.demandbase.com
targeting.api.drift.com
track.hubspot.com
trk.techtarget.com
up.pixel.ad
use.typekit.net
vars.hotjar.com
ws.zoominfo.com
www.cybereason.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.redditstatic.com
104.244.42.200
104.244.42.67
104.244.42.69
108.174.10.14
13.224.193.53
13.224.95.104
13.224.95.48
13.224.95.61
13.224.95.74
13.224.95.88
13.224.95.99
13.32.25.16
142.250.184.194
151.101.113.140
163.171.128.148
172.217.16.134
178.79.227.167
199.232.136.157
199.60.103.226
2.16.186.18
2.18.233.201
206.19.49.24
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2800:234:46c:e8b:1e2f:2bd:694
2606:4700::6810:125e
2606:4700::6810:135e
2606:4700::6810:650c
2606:4700::6811:44b0
2606:4700::6811:72b0
2606:4700::6811:c9cc
2606:4700::6811:d6cc
2606:4700::6811:e7cc
2606:4700::6811:f3cc
2606:4700::6812:15bf
2606:4700::6813:9b53
2620:119:50e6:101::6cae:b05
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:802::2003
2a00:1450:4001:803::2002
2a00:1450:4001:803::2003
2a00:1450:4001:808::2008
2a00:1450:4001:808::200e
2a00:1450:4001:80e::2004
2a00:1450:4001:80e::200e
2a00:1450:4001:810::2002
2a00:1450:4001:811::2008
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2002
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::200a
2a00:1450:4001:830::2003
2a00:1450:400c:c0a::9c
2a00:1450:400c:c0c::9b
2a02:26f0:6c00:28d::19fd
2a02:26f0:6c00:295::25ea
2a02:26f0:6c00::210:ba2a
2a03:2880:f030:13:face:b00c:0:3
2a03:2880:f130:83:face:b00c:0:25de
2a04:4e42:1b::622
2a04:4e42:1b::720
3.220.33.83
34.193.113.164
34.236.95.28
35.244.142.80
35.244.174.68
50.16.7.188
52.49.40.147
54.145.60.34
54.82.204.38
54.86.117.43
66.155.71.25
023694a0472dde38c6600bf88e6330765839e53f64f94edb63714aeab3de7e51
03a4a2fb4e6a07345b252ee66651bd11f6f1f2748fa934067fd02fff4aa26f05
0588e87b65546b42f7b174af89da96a192a3a9adf400d5b616c8e922d68f7cf8
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
067a3f3a6d50349a650f9df58b4c118f0ca0a2136ee24163742dea4625b85cff
08d2b7ceec0a988f4ec3ef01f1c2678dadcdbae061a31962f766ff81cbd5df1c
0949207621f5c59b13b0cecd0748f8381152674bf88541aa8ebf87f9c52747c9
09698cbca28bc2f3d73d1f57ac823d2c707082442b068badf5fdd774f3d9b1b5
0a01ccc74b123f12168bc8ea47d9ca1de16c4e3c5916017177efcfc661dcb6ee
0a1db8e6cb7ae20e5ac308a25943b94734e7ad0f794b26eb778c7e38ae2b51e0
0a43c8d4fb49da539d64078a7fbd43483b379cbed3f4362d043911d60042bd21
0d48b1c1e713dedd809ea1e17c9d667ae36bec85435e457e4141de2c68fb134f
0d70bbc33b9ab5904f074e79e55138f94a77f10356984d870b89654a0dac6643
0ea7d23d55fdda4f42a373f9a16ddb9a744c682714a9516dc95e9acdc5b3ce40
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
10e5ad8f6aab7933888e789f5b9eed29f6064a9a256fe35c384c8da0b648d3dc
119bf322a2ce6d2a82422b51404bc54b375c881f12a120205598d1691fa48820
12127e3110351f54262db955bafe353593dd58c89c7f6b6fc159c10515e93c61
12fbb598ebd7b5c3b114fbe4f9513ba2ef3741eb4345d855b7b27a8b0556db16
1476c101cda6283fbd6a7b4381767b7ecde6d8e1bd871dd43bfba89f1b950a87
1491de1b31182d38593bcf660c99bc6018af8e192d91663f67ec9d045a3b5ccc
1d6a4e20897d29f82109c0c241b94c22ced7007288ef6aced4b56640a595eb07
1ff4ac5ee9d859db05eb2ecb1de12a94982e4e74ad9f7e5cccf20866090c651b
213d581ff3f5d3c5b793ff7da45b91626637f1759aaadbfa536697ed5030fa63
218877f60296297dec8266377083291f36d46f2980c1ff027471904470d14f49
2311b7d2f30a6ab89191098f12c99253267df7219477c0702d58bf4999f4a703
267c1ae37916b433b1515b4687883dbc2fef448a533e33bbe97085d42c7738d5
2ba7f20b1d8990e17a47fe3d88e4c766628aaa2baf1dd30fca0a0db59836f5f9
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e96bf761583273e370136ed0b934a38ad1e08b386accb37277252b37b9c9961
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
300518d93c6debf5c1e8d6e26bfa3e3144dd001aa9fab79b0c6ad9c02ad8734c
302e1a06cf45cb9dc221eee6eb8a619a6af3820e7918f1e4bf50f091954526f5
3183481f09352eade87e53d32ac3c1f6ab5b853e2b5bde4035834680b53d9299
32387836fb24cb0196a59da5f3fc92cff01d4a88f35aecd7f4d49785179aff88
324d01ef7f0060b668eb74ff00816d2daedbe385bb4a9d83ffacd023a51464c3
331832c691138d758bba20d45ceb85f21f13a56d027211690a837b1cd7024350
341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170
359197d1e7ab63fe678db88914f31f1f9f6a37bd182e0de565fc7a68302a1f50
365a7ca6f52df29efedfdac2e08a9d0f03e4e2122dd9a49803bf8dacd58480fc
38c9e8d2dfaf439f732463b5ae80c7d5da32bd8594172a56041794f080b2a3bc
393306838cdda3ae12f09f3de85f70afb226736389ceb50f189cd519e50f9dd0
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3cdde25457091c77ab94c24b73dfc5774bda788202b6e61198ca8b10699b58c1
3f8736d74e8663925d5d6f12b8fe2f734636181c902a84f2ac7c2664d6d16451
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45562afe40cb44bb8b33f75a984b4ab652a45b2156f404d9b3c4789a31dc38f3
46710f0509008ad4a31212927e35441764b757d672b2ed4f892ee4e2f0804abb
475dbccf84ca50f8d13df95ef5a85c58198fd65fefa481850453de7feb2d4bb2
485cccdd8ff15cbd62137df080aa75d0c9488d4f39923f839332a11a6bc1e2da
486762d56893f9b12fdfad41c3a76f11fc745b5436e97e596a63c22ee13d2e33
4b96fcdb0d9e90f7527b30c33c4259e8a83595f0cf73d7224df7b6e362c82af6
4c52e4274ebdbe29cd5b4983d888c247496b6d3bb55e05d4c0769d1b946d14f8
4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a
4f1610c34f15dd7077a6bfd94afa0a018ab802b348a9c1ef86e4287629c192bc
4f4ab87946162884af2a2fc74e126b9ac2f3e6553212104d1938528bd3dc1d0e
4fee4b55adfbf770691ac424f13ba400bb8520aba1370419ba8954e686438323
50a9587181d1213451ae78755905b3109d0f9a89fdc643da419ccb92c05a977a
50f12aacdf20168f912a1b9d0565ec81207a28907960276992b971dda9cc4d83
51443fc1aa325f301b39d89ffeae8f8a7833ed59491b89419902b32ef30b3b39
51e08a9e2f2c2863811a16408722b042907c797cb952086c4b266926c09ca51c
5268606d0deb0a86dc61af598ff0f74f109c0ebce932ff35b3b866da05e5e900
552cfd1e6d14c5ab2dacb1cda4c96439986da44df239609f8f87a36f75e5d2cb
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
56ea7700033e23b9ed426af694b4149d4bf042a9f74e0272b593ee39a476911f
59d91999b3e0f1e6191f29f73b2b079ee1aa1350f3d88795db7518ca40a9be60
5bdf1120c4df8c868092d0bcb7f2540a85456fd94cd1e1a5570c9b63906b1a5b
5c0e1558ea6a2064b2ca77c8e3b905b6073b1f8c6c43b4346e9e4c3f3a00803f
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2
5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3
5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f
604f11b1aa0c94217abb80eb7a5c7de728f9463e4f045fe8a34339f438a50cec
62b33c7813e7ad094f92e3917fa81aff0546a584602763b43ce4bcd4ea7b46c8
62db2d78cb8f121b16164f35aad9ff10ad489fe121f0d440ce05877c9cdf76f1
651bb26936af19984c786a0f494947ef827d782e88fe26dbc3b80970c0fa61fc
65cef8a94d8a09cac56b85e15c92c37ea129d38a094fa8e1f3fd812a550b74be
65d29e040c59a5e843952c3f0da27028455dc63372440602d129681883891276
66b4fac9494bbeda177f4637fa3e7423fc8ef54b11a6875e68cdf3e472293b2a
66ba9d76c09ad6dd52135d52c368f6d87ac40b5b4ce418e41a105fb221c7e470
67285b2eacc90d3436ea8747ee6f8c8eac151b29f7f3d26487e7779c14386049
69b51ce5274738bb3e7a3462b821870ff6fdab7ed0181213356b7a789f3483ad
6a937cac6c1f73afedba2ff302d69c69560b9413ab327158718fd76bdc66a669
6af036a4ec23088a2e702e364d84320dbcd420a0c8c5ef82bac37006554e3ea6
6bb4c767e3d4734abd6084c69014d5fd9237953ef76dd9da97ee29e01791ab90
6fca2c5e5aaab1d7892626750f40235ca3a66b8a12cdf6a45a28d6238bd87678
7219936e6e56b9932b2f1dd06cfff09b655a729bb17d0aa6d757e14184512384
7231e9fb31e352b246e216a5bf286cdab02911984f87133b6a8fe0b90de0bd1e
72fe18777ebf37b44d58c82be9b67edceefb88c2c6984c614c72991d6e3b8853
735e44959f60192ae3b93cfafd034f89a1cd8a95510fbac7aabaf9fa05d9465a
73e947e87bcf63ef807fc988abf6e214b0d184319cbec8fc764f77e4d94d34fc
74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b
74ab92cf214a72564666dfd3a365e21509c47d1a5319fa09f23037633cbbbd86
765097740b7490e6ab6a2d8624199ab7b147e8c6cec064b6cce257750fdb1985
773e03ac001d0d50aa313e801d59d2acb8e8740d969a218e004effc8f1334ef0
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7b9be083609cdb03285eae8d967c4b7f0c91f9056049335e5fd5aa26b6afa0a8
7be87687a970231a3a55b5b9819148f930fe05de09eb1e149723d3bb644938fc
8150eac82f94042cd505764e4d41d05bd10704a0b526f0775d8f5083a5b3dfe9
817c7a8de5f73b3bd9358babbbd8f904fa639279f18bc86d320fcfb7fcfa8485
8292049c0f7e7fc6406874e976ed7e4134d3e34c16a790084b51f48595848aa0
82a557180fc468bdfc051140172475ed640c424fd73a78f27211c8ce949b5134
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
835866cae4df18da17dc4e3f4d6ae62967b3e344cc0bfe029fe529ed94ae7dff
843803aeba82f94da6f1cbe1f853ccd12f5d7cc6a3afa20923e57e5df60c412d
84481c66973dbcfaad9597e7109d4f2039bcddd5c734429bff4174fdcde5a0da
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
862bf0e8ce5a7ad35858e77e2c4d67ebd10617aee62a6e075f06c7d4f60e9167
87c950d2f6280e424541ed091a19d486456637ab7ae5ec002384789c6a2d22a7
89ce2eb03f6ac3cab82377a82525d1b81de41320db899db497a1475fb6ece931
8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e
8fa7e02441ac12b38e71dbcd72a60015e83a4b650962350fdce37bab18cf454f
91b667b9d0de69583ee16753496325f38b91e7f77dcb34a5e49bdca3b670002a
924f2664d9400c7519001de6e2d34d9b5fbf341b19af8e450fd2902ad3531d8a
94f3bedf2806e9a796113d97244f9a7cf07a8b4d312aadd9a26a857c0824b289
9586d0fb1354dd56116ff8e2bf4c54bb5e283cf33abd801f338ef6054c501978
9607506688417bb09b8d6c29362c2fe29bc1b047b793cccddfce876d927fa57b
9656e07d2620e3a6f1135793beabb273e45218b3f86e647a7d809c3efe74f2c1
967c68acc84d07a2978411f34456c69766b76cfcb001cc0fc6669f6c9359c6f0
97829f8a6f2a471117ed06d0b06a81d543b091a262192369c531380779148c5c
97831ff4832c4f000e924a97b5730bebd91816c3282cc2502fca83feebd993a8
979ddb6f0c77e6744b104f96e9d7ab0f8fc56d7f24ab10d853e4e96fa425e9c5
997f5bfb9f0c74974ec265633b71dd76c5f0224611dd26775db3cc823ec24947
9aff01bc783d8594a56120806445b231bf83e9cabd5b293a7ccfa61826a1edd9
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52
9ee63a2ce9251063533d17d87c6a2d7f06f0a3c0e38d8c9f107131ce580c057b
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19
a517525b8a7d39bcaf1cf5f9695c5be8fce7a6b920a3924c1a4f70e8ea748c05
a530f18a3872bed929f7723682c3b1a67d302308741586dea8e73d756d85fb61
a700f71fb1bb8fbba02eb3a6e70c73441e24337c4521bacc1c4e2b97d7b191a9
a70b9e0f0da1cfd0bc3c3dabc64e98e7a759cbcd12a82cd582b1ff53922da71d
a78759ea185fd0fa42ca9be1fc5bca4d3167a2836dc6c85e479a19dbf57fe2c2
a90e21c46231e20048209952d51a8de790cf605c095023d54a1ac463493ff2c2
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ac8a9e34747520ef3113e768e6c23a8917b60005d2f4197241142e4425f24cf8
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bc18843ac29270ed6a2507533256ac4c2c1ee8205a7cdcfec211b2a4aa9fa170
bd3724dffd91133f8ed977e904e58f8ef23c4465dba14306e050e6eed319745d
bf35dde549061e9d7fdf83d3136d9c5014a93d3b4119d0a9b4fcadeb3e9618e8
bf6c1e2f8c250b7efeb5d250181599880b1c17efc3c94466aa5d847454bf14ef
c3f99c65ea3d6186991a21add80eeea6d79500fcb3c9d8263680e0de270e0753
c5f40a52562acf46d2c01ee4eb34a484b81d63c40a05d5e0881f5ab98661c6a4
c7ca38cecccab4af04fcd806f7b06bfe0f5a94575c0c9068dba658c76a65dbee
c7ed0b55ae115363eb49a77c71032bcd46a7f42ab12c27bcca26e5847c871b9f
c8adaf3188585a5b34f8888433375deca3246c299c1c10b46bc804641bd55ddd
c9130ee8c979a74ab038cf5e8a06db5cb94253eab35ea5242f515d605f4781ad
c9815821ab1442501b9e9bae3d4bc5730315d6a513c8b40141b2d47b76da1916
cc1a36b2bb4a5f1534cfc063216a1300751f84cb6ffd6ad872f42785cf1de51d
d0d6d775569ee98335559a58a0bbe9a98bc8d5cbfd6267a151cf69901db17520
d3528e4a656c1898832bd0aadf4b7493a6dab833bcf77de82220134cff487105
d411775260d8563a58272ca5581260d0594ff8377e4820e885eac1ffcba4d858
d543da407b1d76e7b09ea114f4413de9ad56bc4bb2562e0e0e91d7b6ad7ff618
d75c1823f06b25faffc4d8177e4fbad465186322ee07a862adabf1de9f6606ce
d82231820461c83d1b0966caae71bd2732bd89e9a910fdb90d193c3dca16dbc7
d95eb4ff52eaf6ab7e098c22b6e88c124afb0648a61b55d583e7868b1955c9c5
da407a15b1ea0c1b4bb774bd77bb608d6b1c90397b5a75b8895bbccfda5feb63
db18af414c43d80f36f78ccb870bf63a43b25ea7f6939cdad7cc2e1104e36606
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc60a34edfb87bde5ffb8a20c861063b6657a865b265856b7000d4a128041dfb
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df1e5306fc7dde214ccee178a231d9390390513fd9914165f2385aa2eb3938e1
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e01a31d1eb9be759017e7eb1cca7a856cdb6c73fd2495a3cae6fe24e15f3fef9
e25be07e98d8af6966a317f09b01392cce60447ed768a034ec1b18843ee6dcbc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4a38b04932e2ad77d85997f5cef0de384ecc1bb0b854cf619cb32501158692e
e7657b3001a9523fb81152df7eb790ac0e7c7a163d06c31c5052b6e1b25ca77d
eb23edf11fd3b59074aa91afab71072500344c5cdab4bf8ce021ac254a8c4742
ecaef097a49429f00f55336367b45e898f27c6e85801c55cebb6e2f25ad8742e
ed56292da2883fe23fa81f64fcedb3c6dff5f09b4f2aed777be50699e7f04ba7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef403c6c759d482925f23c6f42e164d0d615d0b0f6fde37d8aeaf92c63833e2d
f0f9e87469afce3e7a383140714c8d4af85c3a6afc8797f51d37761452bbaae1
f75f356bba78b908657479698c4726b9af24166c68f03b7009e8f2d757294e4f
f874143c548c59fd077637bb1196b9de15884981241c9583026db1a027ef54da
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
f8e3f110b75b3f1951f50fb7795c6eaf5bee4f07b787a1b535b39e734c7f1723
f903f416e22249cfab4769b65c97a216746ff7d579fc7fa983740943240a9362
f9db6465a204cc4186368b72a0ba4f063e64569aa4fc96e0f40c7ac69423121b
fa13fcd4be1e630a71640ecbcfefb1dbdbeb47acc72d1ad16298d9bb9c858285
fa9340e938066079ceffed496d98404186fa88e974b1a4c9a6ae1a40882cc251
fb309977e76a8d02957f3d4f597788cde72b1dbb56b95cd505f7ff1c3faeaa4c
fca14522d7547e6d7f422279c827c2499656816966840de469575a9d0e5458b6
fd7dea585947dc1d0d57dfabad162c4879034140dea139820b12136d06600f88
fe2d7250cc0730dc655721c5fa4bf5236dcabdf57f8593e8fe2096a42c0c8baf

www.cybereason.com Open in urlscan Pro 199.60.103.226 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

261 Requests

100 %HTTPS

54 %IPv6

49 Domains

73 Subdomains

69 IPs

6 Countries

3805 kBTransfer

9576 kBSize

6 Cookies

36 Outgoing links

Page URL History

Redirected requests

261 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.cybereason.com Open in urlscan Pro
199.60.103.226 Public Scan

Screenshot
Live screenshot

Full Image

261
Requests

100 %
HTTPS

54 %
IPv6

49
Domains

73
Subdomains

69
IPs

6
Countries

3805 kB
Transfer

9576 kB
Size

6
Cookies

261 HTTP transactions
2 data transactions