urlscan.io logo urlscan.io
SecurityTrails logo

corelight.com Open in urlscan Pro
199.60.103.6  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://hello.corelight.com/api/mailings/click/PMRGSZBCHI2DSOBQGEYSYITVOJWCEORCNB2HI4DTHIXS643JM5XGC5DVOJSXGLTDN5ZGK3DJM5UHI...
Effective URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source...
Submission: On July 24 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 44 IPs in 5 countries across 34 domains to perform 99 HTTP transactions. The main IP is 199.60.103.6, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is corelight.com.
TLS certificate: Issued by WE1 on July 19th 2024. Valid for: 3 months.
This is the only time corelight.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 34.214.84.46 16509 (AMAZON-02)
1 1 54.147.27.151 14618 (AMAZON-AES)
14 199.60.103.6 209242 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
2 104.18.142.119 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 18.66.102.11 16509 (AMAZON-02)
3 172.67.139.119 13335 (CLOUDFLAR...)
1 13.32.27.21 16509 (AMAZON-02)
6 104.19.175.188 13335 (CLOUDFLAR...)
11 2.17.100.193 20940 (AKAMAI-ASN1)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 146.75.120.157 54113 (FASTLY)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f08... 32934 (FACEBOOK)
1 34.107.254.219 396982 (GOOGLE-CL...)
1 104.16.118.43 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
4 2606:4700:440... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
5 2606:4700::68... 13335 (CLOUDFLAR...)
1 93.184.221.165 15133 (EDGECAST)
1 104.244.42.67 13414 (TWITTER)
1 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 172.217.23.99 15169 (GOOGLE)
1 3 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
6 142.250.186.164 15169 (GOOGLE)
1 34.117.110.211 396982 (GOOGLE-CL...)
2 2a03:2880:f17... 32934 (FACEBOOK)
1 1 142.250.185.226 15169 (GOOGLE)
1 185.89.210.122 29990 (ASN-APPNEX)
1 2a02:26f0:ab0... 20940 (AKAMAI-ASN1)
1 172.217.18.99 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 76.223.9.105 16509 (AMAZON-02)
1 2600:9000:225... 16509 (AMAZON-02)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 2600:9000:225... 16509 (AMAZON-02)
99 44
1    34.214.84.46 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-214-84-46.us-west-2.compute.amazonaws.com
hello.corelight.com
1    54.147.27.151 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-147-27-151.compute-1.amazonaws.com
signatures.corelight.com
14    199.60.103.6 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
corelight.com
1    2606:4700:4400::6812:2844 (United States)

ASN13335 (CLOUDFLARENET, US)
kit.fontawesome.com
2    2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
fonts.googleapis.com
2    104.18.142.119 (None, )

ASN13335 (CLOUDFLARENET, US)
js.hsforms.net
1    2606:4700::6811:ac5b (United States)

ASN13335 (CLOUDFLARENET, US)
static.hsappstatic.net
2    2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    18.66.102.11 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-11.fra56.r.cloudfront.net
static.hotjar.com
3    172.67.139.119 (United States)

ASN13335 (CLOUDFLARENET, US)
ka-f.fontawesome.com
1    13.32.27.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-21.fra56.r.cloudfront.net
script.hotjar.com
6    104.19.175.188 (None, )

ASN13335 (CLOUDFLARENET, US)
forms.hsforms.com
forms-na1.hsforms.com
perf-na1.hsforms.com
11    2.17.100.193 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-193.deploy.static.akamaitechnologies.com
j.6sc.co
c.6sc.co
b.6sc.co
2    2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a02:26f0:3500:10::210:a9a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
1    146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
2    2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
2    2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    34.107.254.219 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 219.254.107.34.bc.googleusercontent.com
www.influ2.com
1    104.16.118.43 (None, )

ASN13335 (CLOUDFLARENET, US)
ws.zoominfo.com
2    2606:4700::6812:1fb0 (United States)

ASN13335 (CLOUDFLARENET, US)
tracking.g2crowd.com
4    2606:4700:4400::ac40:991b (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
1    2606:4700::6811:afc9 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
1    2606:4700::6811:80ac (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsadspixel.net
2    2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hubspot.com
cta-service-cms2.hubspot.com
2    2606:4700::6810:6bfe (United States)

ASN13335 (CLOUDFLARENET, US)
js.hscollectedforms.net
forms.hscollectedforms.net
5    2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)
app.hubspot.com
track.hubspot.com
1    93.184.221.165 (London, United Kingdom)

ASN15133 (EDGECAST, US)
t.co
1    104.244.42.67 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
1    2a00:1450:400c:c1d::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    172.217.23.99 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f99.1e100.net
www.google.de
3    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
1    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
6    142.250.186.164 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f4.1e100.net
www.google.com
1    34.117.110.211 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 211.110.117.34.bc.googleusercontent.com
t.influ2.com
2    2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net
www.googleadservices.com
1    185.89.210.122 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
secure.adnxs.com
1    2a02:26f0:ab00::214:8e70 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
ipv6.6sc.co
1    172.217.18.99 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f99.1e100.net
www.gstatic.com
2    2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    76.223.9.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: ac3ff6aafb2cddae2.awsglobalaccelerator.com
epsilon.6sense.com
1    2600:9000:225e:8400:f:7ae2:7780:93a1 (United States)

ASN16509 (AMAZON-02, US)
corelight.widget.insent.ai
1    2606:4700:4400::ac40:911d (United States)

ASN13335 (CLOUDFLARENET, US)
metadata-static-files.sfo2.cdn.digitaloceanspaces.com
1    2600:9000:225e:8e00:f:7ae2:7780:93a1 (United States)

ASN16509 (AMAZON-02, US)
corelight.widget.insent.ai
Apex Domain
Subdomains		 Transfer
16 corelight.com
hello.corelight.com
signatures.corelight.com
corelight.com
801 KB
12 6sc.co
j.6sc.co — Cisco Umbrella Rank: 12402
c.6sc.co — Cisco Umbrella Rank: 16017
ipv6.6sc.co — Cisco Umbrella Rank: 12823
b.6sc.co — Cisco Umbrella Rank: 6896
23 KB
7 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 3773
www.google.com — Cisco Umbrella Rank: 10
2 KB
7 hubspot.com
js.hubspot.com — Cisco Umbrella Rank: 8139
app.hubspot.com — Cisco Umbrella Rank: 10634
cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 8074
track.hubspot.com — Cisco Umbrella Rank: 5359
28 KB
6 hsforms.com
forms.hsforms.com — Cisco Umbrella Rank: 9382
forms-na1.hsforms.com — Cisco Umbrella Rank: 15115
perf-na1.hsforms.com — Cisco Umbrella Rank: 8524
8 KB
5 gstatic.com
www.gstatic.com
fonts.gstatic.com
280 KB
4 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 669
px4.ads.linkedin.com — Cisco Umbrella Rank: 7330
3 KB
4 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 5067
29 KB
4 fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 3618
ka-f.fontawesome.com — Cisco Umbrella Rank: 7493
25 KB
2 insent.ai
corelight.widget.insent.ai
23 KB
2 6sense.com
epsilon.6sense.com — Cisco Umbrella Rank: 18992
713 B
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 108
3 KB
2 google.de
www.google.de — Cisco Umbrella Rank: 6716
174 B
2 hscollectedforms.net
js.hscollectedforms.net — Cisco Umbrella Rank: 9601
forms.hscollectedforms.net — Cisco Umbrella Rank: 9837
25 KB
2 g2crowd.com
tracking.g2crowd.com — Cisco Umbrella Rank: 19182
2 KB
2 influ2.com
www.influ2.com — Cisco Umbrella Rank: 105176
t.influ2.com — Cisco Umbrella Rank: 100964
3 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 236
72 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 104
21 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 1335
script.hotjar.com — Cisco Umbrella Rank: 2017
60 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
222 KB
2 hsforms.net
js.hsforms.net — Cisco Umbrella Rank: 14516
156 KB
2 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 641
fonts.googleapis.com — Cisco Umbrella Rank: 110
32 KB
1 digitaloceanspaces.com
metadata-static-files.sfo2.cdn.digitaloceanspaces.com — Cisco Umbrella Rank: 267216
2 KB
1 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 764
694 B
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 176
20 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 252
252 B
1 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 1356
394 B
1 t.co
t.co — Cisco Umbrella Rank: 979
377 B
1 hsadspixel.net
js.hsadspixel.net — Cisco Umbrella Rank: 7189
4 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 5135
24 KB
1 zoominfo.com
ws.zoominfo.com — Cisco Umbrella Rank: 10891
2 KB
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 1253
15 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 1884
14 KB
1 hsappstatic.net
static.hsappstatic.net — Cisco Umbrella Rank: 12087
5 KB
99 34
Domain Requested by
14 corelight.com corelight.com
8 b.6sc.co corelight.com
6 www.google.com js.hsforms.net
www.gstatic.com
4 track.hubspot.com
4 js.hs-banner.com corelight.com
js.hs-banner.com
3 px.ads.linkedin.com 1 redirects snap.licdn.com
3 www.gstatic.com www.googletagmanager.com
www.gstatic.com
www.google.com
3 forms.hsforms.com js.hsforms.net
corelight.com
3 ka-f.fontawesome.com kit.fontawesome.com
2 corelight.widget.insent.ai corelight.com
corelight.widget.insent.ai
2 epsilon.6sense.com j.6sc.co
2 fonts.gstatic.com fonts.googleapis.com
2 www.facebook.com corelight.com
2 forms-na1.hsforms.com corelight.com
2 www.google.de corelight.com
2 tracking.g2crowd.com corelight.com
tracking.g2crowd.com
2 connect.facebook.net corelight.com
connect.facebook.net
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 j.6sc.co www.googletagmanager.com
j.6sc.co
2 www.googletagmanager.com corelight.com
www.googletagmanager.com
2 js.hsforms.net corelight.com
1 metadata-static-files.sfo2.cdn.digitaloceanspaces.com corelight.com
1 perf-na1.hsforms.com corelight.com
1 fonts.googleapis.com js.hs-banner.com
1 cta-service-cms2.hubspot.com js.hubspot.com
1 ipv6.6sc.co j.6sc.co
1 c.6sc.co j.6sc.co
1 secure.adnxs.com j.6sc.co
1 forms.hscollectedforms.net js.hscollectedforms.net
1 www.googleadservices.com 1 redirects
1 t.influ2.com www.influ2.com
1 px4.ads.linkedin.com corelight.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 region1.analytics.google.com www.googletagmanager.com
1 analytics.twitter.com corelight.com
1 t.co corelight.com
1 app.hubspot.com corelight.com
1 js.hscollectedforms.net corelight.com
1 js.hubspot.com corelight.com
1 js.hsadspixel.net corelight.com
1 js.hs-analytics.net corelight.com
1 ws.zoominfo.com corelight.com
1 www.influ2.com www.googletagmanager.com
1 static.ads-twitter.com www.googletagmanager.com
1 snap.licdn.com www.googletagmanager.com
1 script.hotjar.com static.hotjar.com
1 static.hotjar.com corelight.com
1 static.hsappstatic.net corelight.com
1 ajax.googleapis.com corelight.com
1 kit.fontawesome.com corelight.com
1 signatures.corelight.com 1 redirects
1 hello.corelight.com 1 redirects
99 52

This site contains no links.

Subject Issuer Validity Valid
corelight.com
WE1		 2024-07-19 -
2024-10-17		 3 months crt.sh
*.fontawesome.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-12-04 -
2025-01-03		 a year crt.sh
upload.video.google.com
WR2		 2024-07-01 -
2024-09-23		 3 months crt.sh
hsforms.net
WE1		 2024-06-13 -
2024-09-11		 3 months crt.sh
hsappstatic.net
E5		 2024-07-06 -
2024-10-04		 3 months crt.sh
*.google-analytics.com
WR2		 2024-07-01 -
2024-09-23		 3 months crt.sh
*.hotjar.com
Amazon RSA 2048 M03		 2024-05-22 -
2025-06-20		 a year crt.sh
ka-f.fontawesome.com
WE1		 2024-07-01 -
2024-09-29		 3 months crt.sh
hsforms.com
WE1		 2024-06-14 -
2024-09-12		 3 months crt.sh
6sc.co
R11		 2024-07-03 -
2024-10-01		 3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2023-12-13 -
2024-12-12		 a year crt.sh
ads-twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-06-25 -
2025-06-24		 a year crt.sh
*.gstatic.com
WR2		 2024-07-01 -
2024-09-23		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-05-02 -
2024-07-31		 3 months crt.sh
influ2.com
WR3		 2024-07-23 -
2024-10-21		 3 months crt.sh
zoominfo.com
E5		 2024-07-18 -
2024-10-16		 3 months crt.sh
g2crowd.com
WE1		 2024-06-23 -
2024-09-21		 3 months crt.sh
hs-banner.com
E1		 2024-05-30 -
2024-08-28		 3 months crt.sh
hs-analytics.net
WE1		 2024-06-11 -
2024-09-09		 3 months crt.sh
hsadspixel.net
E6		 2024-06-14 -
2024-09-12		 3 months crt.sh
hubspot.com
E5		 2024-07-21 -
2024-10-19		 3 months crt.sh
hscollectedforms.net
E1		 2024-05-27 -
2024-08-25		 3 months crt.sh
t.co
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-05-08 -
2025-05-07		 a year crt.sh
*.twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-10-31 -
2024-10-29		 a year crt.sh
*.g.doubleclick.net
WR2		 2024-06-24 -
2024-09-16		 3 months crt.sh
*.google.de
WR2		 2024-07-01 -
2024-09-23		 3 months crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2024-07-01 -
2025-01-01		 6 months crt.sh
*.google.com
WR2		 2024-07-01 -
2024-09-23		 3 months crt.sh
t.influ2.com
R11		 2024-07-16 -
2024-10-14		 3 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2024-02-14 -
2025-03-16		 a year crt.sh
*.6sense.com
Amazon RSA 2048 M03		 2024-03-31 -
2025-04-29		 a year crt.sh
*.widget.insent.ai
Amazon RSA 2048 M03		 2024-01-30 -
2025-02-27		 a year crt.sh
*.sfo2.cdn.digitaloceanspaces.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-04-20 -
2025-05-07		 a year crt.sh

This page contains 6 frames:

Primary Page: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Frame ID: CBE5CCAB8302274B2E0B6D3C31697C50
Requests: 93 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9jb3JlbGlnaHQuY29tOjQ0Mw..&hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=invisible&badge=inline&cb=ntxaa4tp065y
Frame ID: 813237C723FAA440980F8E8AEB5219C1
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9jb3JlbGlnaHQuY29tOjQ0Mw..&hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=invisible&badge=inline&cb=bgxf037q9oef
Frame ID: D34FE86B3A022981F07E42F95DB2AEEF
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Frame ID: 635603EAF986397A8EA3A910182D31C8
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Frame ID: CACE980F0EA6ADE2EB0866DA1D2763DA
Requests: 1 HTTP requests in this frame

Frame: https://corelight.widget.insent.ai/?project_key=ifR9qnekVxidCVXYhrNb&blog_url=corelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware&event_listener=7jkfy4SrsV2lsHk&marketo_cookies=[]&hubspot_cookies=[]&pardot_cookies=[]&eloqua_cookies=[]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Frame ID: 09C0CD9A45E55860FE536C4B526CCFC5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Open NDR and Close the Case - Ransomware

Page URL History Show full URLs

  1. https://hello.corelight.com/api/mailings/click/PMRGSZBCHI2DSOBQGEYSYITVOJWCEORCNB2HI4DTHIXS643JM5XGC5DVO... HTTP 302
    https://signatures.corelight.com/uc/6042a38403abc955f8068d7a/c_623cf50d759b7e0024f3f00f/b_623cf55ab9e7f4006f3... HTTP 302
    https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medi... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • kit\.fontawesome\.com/([0-9a-z]+).js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

99
Requests

98 %
HTTPS

52 %
IPv6

34
Domains

52
Subdomains

44
IPs

5
Countries

1884 kB
Transfer

4912 kB
Size

32
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://hello.corelight.com/api/mailings/click/PMRGSZBCHI2DSOBQGEYSYITVOJWCEORCNB2HI4DTHIXS643JM5XGC5DVOJSXGLTDN5ZGK3DJM5UHILTDN5WS65LDF43DANBSMEZTQNBQGNQWEYZZGU2WMOBQGY4GIN3BF5RV6NRSGNRWMNJQMQ3TKOLCG5STAMBSGRTDGZRQGBTC6YS7GYZDGY3GGU2WCYRZMU3WMNBQGA3GMMZZMFRDCMJ7OA6W65LUOJSWCY3ILR2TAMBSGZZGKY3JOBUWK3TUHVVWK43IOJUS443FNNUG63SAOJXXGLTDN5WSELBCN5ZGOIR2EI3DQZBXGVRWMMRNMEYGKNBNGRRDAMZNHAZDIMBNGRSWCZJYGY3DKOLEGJSCELBCOZSXE43JN5XCEORCGQRCYITTNFTSEORCMI2GY2KVFV4UQTLIM5EDMVJXIZWW4ODOHFXUK2SCKVZESQTONZZXOVDKGNEGQ6KLGF3DQPJCPU====== HTTP 302
    https://signatures.corelight.com/uc/6042a38403abc955f8068d7a/c_623cf50d759b7e0024f3f00f/b_623cf55ab9e7f4006f39ab11?p=outreach&recipient=keshri.sekhon@ros.com HTTP 302
    https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 52
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1721794701308&url=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1721794701308&url=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware&e_ipv6=AQLFz5VT3v5-yQAAAZDi9ihsiCwIlTHiLKw8WX2DHc9swMm6hzRLqx_8zhqFJJV6Iw
Request Chain 61
  • https://www.googleadservices.com/pagead/conversion/880638848/wcm?cc=ZZ&dn=18885479497&cl=EY8UCLat37QBEID39aMD&dma=1&dma_cps=syphamo&npa=1&ct_eid=2 HTTP 302
  • https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=18885479497&cl=EY8UCLat37QBEID39aMD&dma=1&dma_cps=syphamo

99 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request ransomware
corelight.com/cp/open-ndr/
Redirect Chain
  • https://hello.corelight.com/api/mailings/click/PMRGSZBCHI2DSOBQGEYSYITVOJWCEORCNB2HI4DTHIXS643JM5XGC5DVOJSXGLTDN5ZGK3DJM5UHILTDN5WS65LDF43DANBSMEZTQNBQGNQWEYZZGU2WMOBQGY4GIN3BF5RV6NRSGNRWMNJQMQ3TKO...
  • https://signatures.corelight.com/uc/6042a38403abc955f8068d7a/c_623cf50d759b7e0024f3f00f/b_623cf55ab9e7f4006f39ab11?p=outreach&recipient=keshri.sekhon@ros.com
  • https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
51 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
abc19198829cc8c7be8cf47283e580ada038f787b05ce5791a405ec507f82af8
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.corelight.com https://corelight.com https://www.corelight.com;; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Frame-Options sameorigin
X-Xss-Protection 1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
s-maxage=10800, max-age=0
cf-ray
8a811b0cab85bb85-FRA
content-encoding
br
content-security-policy
frame-ancestors 'self' *.corelight.com https://corelight.com https://www.corelight.com;; upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Wed, 24 Jul 2024 04:18:20 GMT
edge-cache-tag
CT-143091527220,P-8645105,E-143099371161,E-77969195071,E-77972429906,PGS-ALL,SW-0
last-modified
Mon, 22 Jul 2024 16:33:50 GMT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer-when-downgrade
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ttka4ZvnlDO7GuqIfIg2GtBHEZMExlPCEf9NMxVI8f0vZD2UUCFBkokGlSi4Xp1jJa5A69IVPdK4yxW76p8fSMLgTqFhWStmANpj9DEN5U2PKzIB%2BiPshJS4RJFHvXc%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-frame-options
sameorigin
x-hs-cache-config
BrowserCache-5s-EdgeCache-180s
x-hs-cache-control
s-maxage=10800, max-age=0
x-hs-cf-cache-status
REVALIDATED
x-hs-content-campaign-id
efe73bfb-9f43-46ab-af35-39aad3e2a2c5
x-hs-content-id
143091527220
x-hs-hub-id
8645105
x-hs-prerendered
Mon, 22 Jul 2024 16:33:50 GMT
x-xss-protection
1

Redirect headers

cache-control
no-cache, no-store, must-revalidate
content-length
236
content-type
text/html; charset=utf-8
date
Wed, 24 Jul 2024 04:18:20 GMT
expires
0
location
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload;
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
40e338ea-577b-4da9-8f2f-663bd22f22dd
x-runtime
0.028363
x-xss-protection
1; mode=block
child.min.css
corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/77969195071/1721665796898/Corelight_MojoFlex/ 		146 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/77969195071/1721665796898/Corelight_MojoFlex/child.min.css
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2bf337e11d027346c14faeb335885e662cd33b7a00084a2feb6ee6c7a75143e8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
gzip
age
62
x-amz-request-id
PY0KAC5HRV2Q91RV
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"ed3e62a299a8d15b8bae0eef2d9a5e5a"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1721665798138
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 24 Jul 2024 04:18:20 GMT
via
1.1 936f33bed45438343f0ef2adff442814.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-amz-version-id
rkenUVnaY0KOyYrWZf2fYoptUEJ3qWD9
x-cache
Miss from cloudfront
x-hubspot-correlation-id
41239c95-7850-48bd-9a62-bc5772c3890f
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
158
alt-svc
h3=":443"; ma=86400
x-amz-id-2
mrkmEMiu4s0OeuhN69qwnZIPC0xChk8rPk+PxFKtOXN/d416Lss7RpeRdKweAnuHID73yduoMrQ=
x-evy-trace-route-configuration
listener_https/all
x-request-id
41239c95-7850-48bd-9a62-bc5772c3890f
last-modified
Mon, 22 Jul 2024 16:29:59 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y3KXIpWqa97bgEL7MCajTPW%2BC7mcF%2FK%2FPr7K6El%2Fucv9GVSUixTRmFrQ6k4ulE%2FKA6A8%2BFxKzSjgbpK0m%2BxiTuMp23AKD1LEnaBey5xaTc5FEdAX6FVRQ7dtXCuqlSw%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-54bddf99d6-4fh2w
access-control-allow-credentials
false
cf-ray
8a811b0d5c32bb85-FRA
timing-allow-origin
corelight.com
x-amz-cf-id
Y8dnxuV93pErcaFebNwS-NJY0YJsFud2yY0WE7zOIly815a078r1Qg==
87f7e1e107.js
kit.fontawesome.com/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://kit.fontawesome.com/87f7e1e107.js
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c6a27bc2053f89e6daa28bb8a958ac16eda74260ee75aeb1f53f4a410e894325

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Origin
https://corelight.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:20 GMT
content-encoding
gzip
cf-cache-status
REVALIDATED
server
cloudflare
vary
origin, accept-encoding, access-control-request-headers, access-control-request-method
access-control-max-age
3000
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
*
content-type
text/javascript
cache-control
max-age=60, public, stale-while-revalidate=30
cf-ray
8a811b0dbb4b3a94-FRA
access-control-allow-headers
accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id
F-K9F4iMDrrovfEAdx1h
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 22:29:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
20955
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31021
x-xss-protection
0
last-modified
Fri, 08 May 2020 07:05:03 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 23 Jul 2025 22:29:05 GMT
black-hat-logo.svg
corelight.com/hubfs/images/black-hat-2023/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://corelight.com/hubfs/images/black-hat-2023/black-hat-logo.svg
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
658003edfddcde4ab589d70705d31ff4c6b50ab08e11c401c0f83debc633428c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-128462512042,FD-128463393801,P-8645105,FLS-ALL
x-amz-request-id
5C7NPDKAG9BWXMFB
x-amz-server-side-encryption
AES256
edge-cache-tag
F-128462512042,FD-128463393801,P-8645105,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"56c33f1cd005c0d3ad83bbff8497c1b8"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1691184346898
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 24 Jul 2024 04:18:21 GMT
strict-transport-security
max-age=31536000
via
1.1 0833e8be76641de099b8f4a92c7a1c4e.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
dXNDSQro44I156sKKbdacEfbo8t61blk
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-128462512042,FD-128463393801,P-8645105,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
5iDvbCKVp8ZA49dKRUFcV5hzZwuTWq/5iFGe0DyqMT9ysgMK9KXmzmZuRztY9KbfT4iUW2QO9agyaXWsnGQLGw==
last-modified
Fri, 04 Aug 2023 21:25:47 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=viBlV5RqvKXvLPaomZI0dTAq5pLPLRuzJziFs8NwQZVvAwmLcqxi%2B8Jj4tKiQTBUYO0t%2BZC5z9RMn14TgNwK33r8GM6SZFayX5FHmWbXIb8KUrfjhHiImupdsaTlRQk%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8a811b0d5c34bb85-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
yYzJfgtj0_kgx9HYVpnGJxrTX8KAPFwLSZH62sry-55XX2ks1MzeAg==
ebook-ransomware-readiness-guide.png
corelight.com/hubfs/images/thumbs/ 		282 KB
283 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://corelight.com/hubfs/images/thumbs/ebook-ransomware-readiness-guide.png
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a483429fbb599e5abcea263ac94b360ea639c92e6fd8e45bff5b9e0d8ebe49a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-169711540028,FD-95863673994,P-8645105,FLS-ALL
x-amz-request-id
5C7M3FC47F8PQXY9
x-amz-server-side-encryption
AES256
edge-cache-tag
F-169711540028,FD-95863673994,P-8645105,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag
public-indexable
etag
"2c83d346481f24d2f0d5d975942163d4"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/png
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1717699184626
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 24 Jul 2024 04:18:20 GMT
strict-transport-security
max-age=31536000
via
1.1 56df5811b9d89103539b9b0b5fd9b262.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
o3LZplpm8ddPDTMx.9WZ49pBX_XezFra
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-169711540028,FD-95863673994,P-8645105,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
288745
x-amz-id-2
jBoqiWoqbwE85XmBFQvvR18kQZ7n15KRJTkIjwguMbcW7CLYi6Uo3Yl+q7QA/lpdQBhubgydRIqVnNpbXH3eEjYJHw8Odfq3Y06FU8Uljh0=
last-modified
Thu, 06 Jun 2024 18:39:45 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N51ghy7QSkeSvUcrYZwCSWYUrYdmjNu4K2uIcj6l3gxXPC4I%2BOE08CIyYjf%2F1ztWgjoVWegPuP5U1AlKEO%2BwUlpdLcNLpTF%2BMnmTkKevBNxSwtakrFT6sqaH80lEU48%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8a811b0d5c35bb85-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
AqxTSHGqFsRqW5jXm_cHUX_C_19OafXABWFrVIHeF4AksuxKJlTarQ==
v2.js
js.hsforms.net/forms/embed/ 		482 KB
156 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsforms.net/forms/embed/v2.js
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.142.119 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
age
133
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5387/bundles/project-v2.js&cfRay=8a8117cc5ac88fd6-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"56164b8f5dbcf6e65e555e48d5d6176a"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
forms-embed/static-1.5387/bundles/project-v2.js
date
Wed, 24 Jul 2024 04:18:20 GMT
x-amz-version-id
mnlqbpb.vUvH_hPLxl7NeOxIrfIBia92
x-content-type-options
nosniff
cf-cache-status
HIT
via
1.1 a4f9ca051b97c1ac09e2af244690d376.cloudfront.net (CloudFront)
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
4abafe3e-70de-42e1-a19e-49526eb0cec2
x-cache
Hit from cloudfront
cache-tag
staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
4abafe3e-70de-42e1-a19e-49526eb0cec2
last-modified
Mon, 22 Jul 2024 15:22:07 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=12oxFdkBeJW4P11jvJD4vGGZur6JcVYw%2BVbEtIRRxHfSq9O0OZSXYNUGNSPAuD7kt3FsUf%2F5%2FAIlO45fZzXxJcJ86zHfAMhPjctyMxaZBjLUr1tkzhHMNKrazTa9q1hI"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-65f7f7c749-vzz6g
cf-ray
8a811b10ec353639-FRA
x-amz-cf-id
vKC8VOvlhAKZT6M0ewXX8beUayLxloGgTKsdU3Q9-CcFD92unbeKQg==
pin.png
corelight.com/hubfs/images/open-ndr-and-close-the-case/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://corelight.com/hubfs/images/open-ndr-and-close-the-case/pin.png
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
39e62d96f2cff8ca6014af56c4144294da8b2151675e4c1b006a3d90f330d073
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-144310530681,FD-143097031219,P-8645105,FLS-ALL
age
68793
x-amz-request-id
5C7QFXG6RA5GZ8R6
x-amz-server-side-encryption
AES256
edge-cache-tag
F-144310530681,FD-143097031219,P-8645105,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="pin.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"3b806865da4842a0a8dac42494e66103"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1699369313065
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 24 Jul 2024 04:18:20 GMT
strict-transport-security
max-age=31536000
via
1.1 f2a51982e289d888963f4f93b48c5f22.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
uo.06FUeDiWa6pcAKRwzpp5lkXr4pPnK
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=3106
x-cache
Miss from cloudfront
cache-tag
F-144310530681,FD-143097031219,P-8645105,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
1778
x-amz-id-2
We9GW+TsFBtKXUp7IMMOfYID7VVAC48olx9GCZB4gCzu+omQY5iUPMCXCkfvtdaCHREFRVYZx9GQZMiL57mDDw6HubRSYMra
last-modified
Tue, 07 Nov 2023 15:01:54 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wcqeoKeyi49k0wT2H15D2ADpcB8%2FLrYe0dGLNLv7gtmzZqGXPm%2BFcJaOAHkMW8KuwgH63GnI4DDizASFWYQqIhwu2xZgu8DIXQ0EYsVFK%2BhHAomGC%2Fjv4IXJUaUmn0M%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8a811b10d9a91e64-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
E1oGNj1yg4JhyoOWZJ_bn370mKOd1Ec1gOBSPOsW8gnRd2CPjtbdhw==
polaroid-1.png
corelight.com/hubfs/images/open-ndr-and-close-the-case/ 		156 KB
157 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://corelight.com/hubfs/images/open-ndr-and-close-the-case/polaroid-1.png
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
37fb161fbb58847709f83d523a5d418386d13532ea12bd687a9a02c610096931
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-149672377362,FD-143097031219,P-8645105,FLS-ALL
x-amz-request-id
Q2XZY9SRXTPKKEH3
x-amz-server-side-encryption
AES256
edge-cache-tag
F-149672377362,FD-143097031219,P-8645105,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
"c5429ea6bedb5e89802cc668f8dcebaf"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/png
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1702433648845
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 24 Jul 2024 04:18:21 GMT
strict-transport-security
max-age=31536000
via
1.1 f59e52adbf3a58a76dec03547cb4b34c.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
Lwknzp2J1jokcK4kxCtRKDYQYMv1lPkv
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
cache-tag
F-149672377362,FD-143097031219,P-8645105,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
159485
x-amz-id-2
qhIccaTE7v0ZM/GXfpTyux7QrWJzqzEI45Ed5niSa98H8sxSm9SIYXQzRv/GIqdcSdSAjDhFpS0=
last-modified
Wed, 13 Dec 2023 02:14:09 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c8I1a84NXJjRwSYy4C46RCpXHfyAKklI2AlAkUiDv2fpWI0ZvtYYMYglHAbdjzoLT979NSLM8PYT%2Bn5wmGx1IG4PW5%2Fn4%2FObcBJormUaaV3rISVS%2F2InUM0Ni0OB7rQ%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8a811b10d9aa1e64-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
7dT3DLWM_Fmut19INSafQx1ci3-6BEZ7eyTUunpiznfiLeJN_5m2mg==
polaroid-2.png
corelight.com/hubfs/images/open-ndr-and-close-the-case/ 		125 KB
126 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://corelight.com/hubfs/images/open-ndr-and-close-the-case/polaroid-2.png
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef404a48ea95162f5b17ad0cf9e7753fcccd0b6bf212f038828e6c00ca5b7a37
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-149674463901,FD-143097031219,P-8645105,FLS-ALL
age
187317
x-amz-request-id
3WZ9QKFQW2FF9K02
x-amz-server-side-encryption
AES256
edge-cache-tag
F-149674463901,FD-143097031219,P-8645105,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="polaroid-2.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"03c96e79743625e742af0c83eb13c93c"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1702433648931
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 24 Jul 2024 04:18:20 GMT
strict-transport-security
max-age=31536000
via
1.1 f14a77f80eb66aa455bd94a07a2a0c64.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
SXzALp.KX5q.5O9JBEUUauuFFmvgM9_f
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=197470
x-cache
Miss from cloudfront
cache-tag
F-149674463901,FD-143097031219,P-8645105,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
127602
x-amz-id-2
n0f9qwLUJBY5WXA8lVDnPQI7RrOhbX1aVxEtiZPVPBD9opu6TYZt77SyePxXZusRKt7xoOXujp8=
last-modified
Wed, 13 Dec 2023 02:14:10 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aYy87QydsNjWjCPemxAvPZE1mVqp%2BeQS%2BP4rxomwt8pjugFf9OjGCpMaoRgYYc%2FDGzo4upBcUlh3KzRTVFEu38hIitwl83rd3b9XjlDCNG8sGT9YGwyEH8N8kJ1wRcQ%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8a811b10d9ad1e64-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
k9su_gSvS3463pqmZuuOxBjb-mTeeWfDcfMRaHoH2MAi7FI9d9liRQ==
polaroid-3.png
corelight.com/hubfs/images/open-ndr-and-close-the-case/ 		173 KB
174 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://corelight.com/hubfs/images/open-ndr-and-close-the-case/polaroid-3.png
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7083baa139d874c2a8aed5b6e647368b802d6d96f600a85b21bfa8f06c296ae6
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-149667297664,FD-143097031219,P-8645105,FLS-ALL
x-amz-request-id
5C7VEQD9YPG908AT
x-amz-server-side-encryption
AES256
edge-cache-tag
F-149667297664,FD-143097031219,P-8645105,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
"6eacb6bfbc0a48fb3c827757ce5dba10"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/png
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1702433648972
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 24 Jul 2024 04:18:21 GMT
strict-transport-security
max-age=31536000
via
1.1 6ca8e27dbbf453f10039db7154486394.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
T1.zopivmAb5Tmab0h9tGU1zk4UNjW2U
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-149667297664,FD-143097031219,P-8645105,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
176654
x-amz-id-2
tYkk9VA868Qz2MpFdAaLoAkHN/5qLdXwprKnaW8wRM+so2iKUMo/7yjDfUDEfPes6Jkn1KREqew=
last-modified
Wed, 13 Dec 2023 02:14:10 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E49w0%2BkBGQAje8srsfx8thDkxV0Likc63MolvclM7PEEHlUOyTHmGoxgqSDujcICfvswpbhf8NAYoPmXlLGSv84veEfKmtle1QQBAIIAd2tb9MtdVeMuDyGow0ga0Ho%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8a811b10d9ae1e64-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
TAUg2v5-rWpEenLi5sWMr3leqCDVrX6QQPlIUPATQPJN5LVGsZR9Qg==
embed.js
static.hsappstatic.net/content-cwv-embed/static-1.971/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hsappstatic.net/content-cwv-embed/static-1.971/embed.js
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:ac5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
98dfeb1d061e8788b320a130a84723813efed0b2518921f30b40cc8a09bf8ecf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:20 GMT
x-amz-version-id
1gm1MaaLzWiIBc2FerIVtLdckhSMSaY7
content-encoding
gzip
cf-cache-status
HIT
via
1.1 9d1f21fface75767578955e1853e754e.cloudfront.net (CloudFront)
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P6
age
1766862
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Wed, 05 Jun 2024 15:05:39 GMT
server
cloudflare
etag
W/"26c40482b55a607cd44486a2958741d4"
vary
Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JrSG8cR4ZRIQtpD%2BUX2LdJUoBtiLRBCW9p7RKFQ8P%2FceFriG78JVTTHH3RDoytqrBrBcmo3MwJsTksWzhtIFV5M0UjytVaaclTzLQsq669a7qy6NaGhdKwiL6VKXvqleLYDYpc7Ahjc773IC7tu%2Fp4ZEIdc%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
8a811b111bf71c05-FRA
x-amz-cf-id
4KGI5t64pXc0VBpiZlqrGzYDMFRUiAtNY-kZWNgC73HhfnStC05rHQ==
expires
Thu, 24 Jul 2025 04:18:20 GMT
child.min.js
corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/77972429906/1718050703808/Corelight_MojoFlex/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://corelight.com/hs-fs/hub/8645105/hub_generated/template_assets/77972429906/1718050703808/Corelight_MojoFlex/child.min.js
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e286ced76cb03e955ddcdea650e8fa4894998c20ee9ac04621d55bde9ad7db07
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
62
x-amz-request-id
D6D95R5DJ85AZ7ZG
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
PENDING
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"a15b99eaeac6b42fc6efb07d9d1fe8d1"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1718050704030
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 24 Jul 2024 04:18:20 GMT
strict-transport-security
max-age=31536000
via
1.1 7f7e359e1c06a914d3d305785359b84c.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
SqdkoRs7rY11.8kmghU9ZAgg7lkWrO0k
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
acd52ebe-0bc2-4de1-8d48-9b673953a97b
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
282
alt-svc
h3=":443"; ma=86400
x-amz-id-2
lWH3y1qMvQFy1DAeq5OPyw446yYJh52LK78MPxKNxmbLgs+NylqXB35Llx+AxC3T4srsOOmCB74=
x-evy-trace-route-configuration
listener_https/all
x-request-id
acd52ebe-0bc2-4de1-8d48-9b673953a97b
last-modified
Mon, 10 Jun 2024 20:18:25 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rEHefoT%2FxKDykATZ%2Bz8u59v%2FJ18dzmvYF1xsN28TGAsg9AxZZS70CwRhhUD9vyaYz8lrRhgPhmqOKyz%2FmRDDpCP0NhEFgK9es0aiPh%2BZ%2B2h7EZttU9n24DD4uqXC4K0%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-x5qbk
access-control-allow-credentials
false
cf-ray
8a811b10d9ab1e64-FRA
timing-allow-origin
corelight.com
x-amz-cf-id
vFk-3BItssvyNtFMjXtmLbxew4osoO8TWgqVU6mzSlB92TBTYbiKgg==
8645105.js
corelight.com/hs/scriptloader/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://corelight.com/hs/scriptloader/8645105.js
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c923b93317300e5d189ef3938d3956fbe8b1640268ff7cbb7e0afb48386f1430
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:20 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
62
x-evy-trace-route-service-name
envoyset-translator
cf-polished
origSize=2529
x-hubspot-correlation-id
cb486a8f-b2f3-40e5-a0d1-d9e8e97eee14
content-encoding
br
x-envoy-upstream-service-time
12
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
cb486a8f-b2f3-40e5-a0d1-d9e8e97eee14
last-modified
Wed, 24 Jul 2024 04:17:18 GMT
cf-bgj
minify
server
cloudflare
vary
origin, Accept-Encoding
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://corelight.com
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-7dd59b876-dr9tl
cache-control
public, max-age=90
access-control-allow-credentials
true
x-evy-trace-virtual-host
all
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gyDgRQ6lkc5rwtVyRn%2F%2FCEiWFfTZZiqlMAoIpI458xiRaKLw05Hyi4eFEWijXQxowW9AiCubbhPNdcJLUwdH9%2F6FkRQuWmO2DAayT1vYZID60QoDw8nDShzCswuuMSM%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8a811b10d9b01e64-FRA
expires
Wed, 24 Jul 2024 04:19:50 GMT
index.js
corelight.com/hs/hsstatic/HubspotToolsMenu/static-1.349/js/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://corelight.com/hs/hsstatic/HubspotToolsMenu/static-1.349/js/index.js
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b987245cc5d802ec15d04b1797d14a16f002aca05348c13f79d31ecedecad8ac
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:20 GMT
content-encoding
gzip
via
1.1 fe3f25790bc50bc3d0e9d4585a26a248.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000
age
631407
x-amz-cf-pop
LHR50-P6
x-amz-server-side-encryption
AES256
content-security-policy
upgrade-insecure-requests
x-cache
Hit from cloudfront
x-amz-version-id
xQGlP28JK8czygjYT3ac5MmMcZh4SwPp
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 16 Jul 2024 20:51:48 GMT
server
cloudflare
etag
W/"804371e77c152132301ab9a09be49f93"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b1L2xOcFHE%2FEVoajprr9ZaX%2BbdK8yBBGyUwN%2BfhzbfevPvTwUS0si3aCGnnATN54CpAq1oQVYzGtZEpU13c3%2F6E7sp4czPMaMmKoejZrffzpR%2Fre%2FLioc1ea5yPO88M%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
8a811b10d9b31e64-FRA
x-amz-cf-id
oblp2cdpnaFkrH0rFz0hj0mu43CM2qjuZLI9TvbwOLCocbN9BV05hQ==
expires
Thu, 24 Jul 2025 04:18:20 GMT
gtm.js
www.googletagmanager.com/ 		347 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2446f4a36e1108a8f44d26a37d5170776347fe9ed2e18b41add05e1c3a541a67
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:20 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
116974
x-xss-protection
0
last-modified
Wed, 24 Jul 2024 03:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 24 Jul 2024 04:18:20 GMT
hotjar-875805.js
static.hotjar.com/c/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-875805.js?sv=6
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-11.fra56.r.cloudfront.net
Software
/
Resource Hash
6766b10d24a648138629fd47ebe70d6e2d85ed126de6155a4b383dda11b01f8a
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Wed, 24 Jul 2024 04:18:20 GMT
via
1.1 993c0866e705e48daa4fed5e30627712.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
etag
W/ebbda16885636e3856aba935d2483758
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cache-control
max-age=60
cross-origin-resource-policy
cross-origin
x-amz-cf-id
oNp7nyIyiDlqXkjTQaHZR1OLW2BrmgiIzGc0qgxDudhfGKh4SisZKQ==
free.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ 		59 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=87f7e1e107
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/87f7e1e107.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.139.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:20 GMT
content-encoding
gzip
via
1.1 a23dafbbb9a61c77bda1d66d97f24e2e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C2
age
10632050
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
etag
W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LGuGfUm%2FKBib8lFEn9vIliQ%2B7LzG7vZWDfpd%2FZLDrtMXMS2GNWn2wug4SUVSYE42xxg%2BqBAnpG66FpzHxHZxzX5WTplKG7IelBBntgPpyXXGfiRifDAq4H3SPFskcitD29qQhHTkJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31556926
vary
Accept-Encoding
cf-ray
8a811b10eec11981-FRA
access-control-allow-headers
fa-kit-token
x-amz-cf-id
E1P0EkaAIEOVsweGV1rKKdT-aEEZSoC2FmOShPPudCY8kVoZ4L5aSA==
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ 		26 KB
5 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=87f7e1e107
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/87f7e1e107.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.139.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:20 GMT
content-encoding
gzip
via
1.1 a7631312afe99e40229aa0da70662112.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C2
age
473064
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
etag
W/"76f34b71fc9fb641507ff6a822cc07f5"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wIpAEi5cbdXOv%2FeV%2BWDWMaqeYM%2BTGytIPeUQiUcg1hYGnWdcaIMg7OZgKK1wt3cxGDfSdRtlY2ipGhb50KAWjPA8M6sSwmFTnvl9fck9AmMUxRwGZVFSiWrhXUrAWcOZwjvjtFYf7g%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31556926
vary
Accept-Encoding
cf-ray
8a811b10eec01981-FRA
access-control-allow-headers
fa-kit-token
x-amz-cf-id
L4BM_qg3rDvbHjP48ygtHh7w5O4jR2budTxm32RhOmoLVZ99dt2mMA==
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ 		3 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-font-face.min.css?token=87f7e1e107
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/87f7e1e107.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.139.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:20 GMT
content-encoding
gzip
via
1.1 6c7a5d26be7fb35284e54d321f16b6f6.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C2
age
10632050
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
etag
W/"f2e0b2680d9b0bcb6e0039c4424e5a59"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ycGX4GRSjUfJQjTfCcc5xMAzmsTtimjo3EeWDzVzrj6j6A4UBJJGUo4wtX2sl5l7ZDOeOO9FCtZzuZYPHBcVBnzcMoCdWlLZJb0MmP9XM3E2Lip8kOIL%2F49so%2FUTDWlDCrwS3nfGuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31556926
vary
Accept-Encoding
cf-ray
8a811b10eebf1981-FRA
access-control-allow-headers
fa-kit-token
x-amz-cf-id
msEXf7kX08i4AjS9beWIY_mFhyV4gWV84b1-dxEBjo64-xNnrIlDrQ==
modules.6c69b5997f314810cfe8.js
script.hotjar.com/ 		223 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.6c69b5997f314810cfe8.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-875805.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-21.fra56.r.cloudfront.net
Software
/
Resource Hash
228d8e3efcde37de9193685d1f5aba49a0c508b3b14b83af774e7aae6bd44b42
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 09:41:07 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 07fbd2276304c86925071791c7032950.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
age
67034
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
56293
last-modified
Tue, 23 Jul 2024 09:40:30 GMT
etag
"30c513084f4759247a82ab90e6ffe4cb"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
mFk4DA2oRNfvwDKds24gqDtHszKP2FEGhUPk7ovvylmR37ZPo3nsnw==
json
forms.hsforms.com/embed/v3/form/8645105/0c43253e-22fa-4d22-b87b-bbd4b51379f5/ 		9 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hsforms.com/embed/v3/form/8645105/0c43253e-22fa-4d22-b87b-bbd4b51379f5/json?hs_static_app=forms-embed&hs_static_app_version=1.5387&X-HubSpot-Static-App-Info=forms-embed-1.5387
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/embed/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e5cf68aed98d7e7abbca2769439cb7d24177a77e815e069c3e7eed652bac6351
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-origin-hublet
na1
date
Wed, 24 Jul 2024 04:18:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
ed9e5977-856d-415e-95ea-56f50b2c379b
x-envoy-upstream-service-time
10
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
ed9e5977-856d-415e-95ea-56f50b2c379b
server
cloudflare
vary
origin
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://corelight.com
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
access-control-max-age
180
access-control-allow-credentials
false
cache-control
max-age=0, no-cache, no-store
x-robots-tag
none
access-control-allow-headers
*
cf-ray
8a811b11cebb9746-FRA
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-776cb5686f-gqvsp
pin.png
corelight.com/hubfs/images/open-ndr-and-close-the-case/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://corelight.com/hubfs/images/open-ndr-and-close-the-case/pin.png
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
39e62d96f2cff8ca6014af56c4144294da8b2151675e4c1b006a3d90f330d073
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-144310530681,FD-143097031219,P-8645105,FLS-ALL
age
68793
x-amz-request-id
5C7QFXG6RA5GZ8R6
x-amz-server-side-encryption
AES256
edge-cache-tag
F-144310530681,FD-143097031219,P-8645105,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="pin.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"3b806865da4842a0a8dac42494e66103"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1699369313065
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 24 Jul 2024 04:18:20 GMT
via
1.1 f2a51982e289d888963f4f93b48c5f22.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
uo.06FUeDiWa6pcAKRwzpp5lkXr4pPnK
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=3106
x-cache
Miss from cloudfront
cache-tag
F-144310530681,FD-143097031219,P-8645105,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
1778
x-amz-id-2
We9GW+TsFBtKXUp7IMMOfYID7VVAC48olx9GCZB4gCzu+omQY5iUPMCXCkfvtdaCHREFRVYZx9GQZMiL57mDDw6HubRSYMra
last-modified
Tue, 07 Nov 2023 15:01:54 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wcqeoKeyi49k0wT2H15D2ADpcB8%2FLrYe0dGLNLv7gtmzZqGXPm%2BFcJaOAHkMW8KuwgH63GnI4DDizASFWYQqIhwu2xZgu8DIXQ0EYsVFK%2BhHAomGC%2Fjv4IXJUaUmn0M%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8a811b10d9a91e64-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
E1oGNj1yg4JhyoOWZJ_bn370mKOd1Ec1gOBSPOsW8gnRd2CPjtbdhw==
v2.js
js.hsforms.net/forms/embed/ 		482 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsforms.net/forms/embed/v2.js
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.142.119 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
age
133
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5387/bundles/project-v2.js&cfRay=8a8117cc5ac88fd6-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"56164b8f5dbcf6e65e555e48d5d6176a"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
forms-embed/static-1.5387/bundles/project-v2.js
date
Wed, 24 Jul 2024 04:18:20 GMT
x-amz-version-id
mnlqbpb.vUvH_hPLxl7NeOxIrfIBia92
x-content-type-options
nosniff
cf-cache-status
HIT
via
1.1 a4f9ca051b97c1ac09e2af244690d376.cloudfront.net (CloudFront)
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
4abafe3e-70de-42e1-a19e-49526eb0cec2
x-cache
Hit from cloudfront
cache-tag
staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
4abafe3e-70de-42e1-a19e-49526eb0cec2
last-modified
Mon, 22 Jul 2024 15:22:07 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=12oxFdkBeJW4P11jvJD4vGGZur6JcVYw%2BVbEtIRRxHfSq9O0OZSXYNUGNSPAuD7kt3FsUf%2F5%2FAIlO45fZzXxJcJ86zHfAMhPjctyMxaZBjLUr1tkzhHMNKrazTa9q1hI"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-65f7f7c749-vzz6g
cf-ray
8a811b10ec353639-FRA
x-amz-cf-id
vKC8VOvlhAKZT6M0ewXX8beUayLxloGgTKsdU3Q9-CcFD92unbeKQg==
33c784e7-4393-41da-aeec-41573dd7de87.js
j.6sc.co/j/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://j.6sc.co/j/33c784e7-4393-41da-aeec-41573dd7de87.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
2aa4cad08cfb1709571cef69bbc567f0ad1f7ed6493054a0e8c370b6820afea1

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
L7CnBffRvnniVROlOlph3rFOEGQEIfLn
content-encoding
gzip
date
Wed, 24 Jul 2024 04:18:21 GMT
x-amz-cf-pop
FRA60-P8
x-amz-server-side-encryption
AES256
x-amz-meta-content-type
application/json
content-length
1451
last-modified
Thu, 21 Mar 2024 21:21:00 GMT
server
AmazonS3
etag
"cd1c533c0bed7058ef640f979dfa0df0"
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=1800
accept-ranges
bytes
x-amz-cf-id
9MGZET_i38l-HmdcxP3uRKLG9vUAFHK-UC9FBvcWp652qLCim7tDTg==
expires
Wed, 24 Jul 2024 04:48:21 GMT
js
www.googletagmanager.com/gtag/ 		351 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-MGJ29KWT26&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9d13f801bf9192a94b752549b663fe6843b243321f487a14d9b93b6e880d2424
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:21 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
109944
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 24 Jul 2024 04:18:21 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 24 Jul 2024 02:29:07 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
6554
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Wed, 24 Jul 2024 04:29:07 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		38 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:10::210:a9a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
dbfeb010a0c8acddc38dea97e228787f16ac5e30b4af96b764fa2252fe3827e4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 11 Jul 2024 09:19:33 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
max-age=29124
accept-ranges
bytes
content-length
14011
uwt.js
static.ads-twitter.com/ 		56 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:21 GMT
content-encoding
gzip
last-modified
Fri, 22 Mar 2024 21:07:24 GMT
x-amz-server-side-encryption
AES256
etag
"bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary
Accept-Encoding,Host
x-cache
HIT, HIT
content-type
application/javascript; charset=utf-8
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn
FT
cache-control
no-cache
accept-ranges
bytes
content-length
15412
x-served-by
cache-iad-kiad7000168-IAD, cache-fra-etou8220144-FRA
loader.js
www.gstatic.com/wcm/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/wcm/loader.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
670f77f11cb4c747f5de1affa5b53687cf7a20d1eaf99b0ef5c9c60858aefa55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:10:11 GMT
content-encoding
br
x-content-type-options
nosniff
age
490
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2133
x-xss-protection
0
last-modified
Wed, 20 Mar 2024 23:18:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 24 Jul 2024 05:10:11 GMT
fbevents.js
connect.facebook.net/en_US/ 		224 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
eaa003d85cb77f94fcae98396e583ce01d0c375b57235402c884ef8a792b951e
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 24 Jul 2024 04:18:21 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58677
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=6, rtx=0, c=12, mss=1297, tbw=2806, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
eooaAyO+pwfb9XrPAC+WlLY7Y300/xj0dTmAlsFakJhsMAVwRm+vfWZt2QR6vHTuRh9VQIdl+90GKpF7KvLalw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
tracker
www.influ2.com/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.influ2.com/tracker?clid=606b80d4-7186-42d4-b152-ea6d82d8fb61
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PVV5SJD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.254.219 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
219.254.107.34.bc.googleusercontent.com
Software
/
Resource Hash
018f194ee6561775260d0921fab8c7a6fd6840cdab3bd3c93b0e1e7fce2f0d9c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 24 Jul 2024 04:18:21 GMT
via
1.1 google
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
63bc49c2df7944a70685d2a6
ws.zoominfo.com/pixel/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ws.zoominfo.com/pixel/63bc49c2df7944a70685d2a6
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
8ddf4549cca65f1946ad92bf7492c2ae61778d76994e8f32709557277ec9b5d6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 google
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc
h3=":443"; ma=86400
cf-ray
8a811b120e1d3a7c-FRA
2971.js
tracking.g2crowd.com/attribution_tracking/conversions/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tracking.g2crowd.com/attribution_tracking/conversions/2971.js?p=https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware&e=
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
60886b458fce84b9bc0910297caec2cf1b3938afeecdadd347e8c53c76686736
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:21 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
content-encoding
br
x-permitted-cross-domain-policies
none
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
content-disposition
inline
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
cross-origin-opener-policy
same-origin
x-download-options
noopen
vary
Origin, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
origin-agent-cluster
?1
cf-ray
8a811b1219a230e2-FRA
json
forms.hsforms.com/embed/v3/form/8645105/0c43253e-22fa-4d22-b87b-bbd4b51379f5/ 		9 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hsforms.com/embed/v3/form/8645105/0c43253e-22fa-4d22-b87b-bbd4b51379f5/json?hs_static_app=forms-embed&hs_static_app_version=1.5387&X-HubSpot-Static-App-Info=forms-embed-1.5387
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/embed/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f73c5111f478ae4c00297113127acff4fdc680bf66fc4ded18b47d4a54eb3b7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-origin-hublet
na1
date
Wed, 24 Jul 2024 04:18:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
1f70b165-7cbe-45e4-a379-d0638638cf30
x-envoy-upstream-service-time
7
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
1f70b165-7cbe-45e4-a379-d0638638cf30
server
cloudflare
vary
origin
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://corelight.com
x-evy-trace-virtual-host
all
access-control-expose-headers
X-Origin-Hublet
access-control-max-age
180
access-control-allow-credentials
false
cache-control
max-age=0, no-cache, no-store
x-robots-tag
none
access-control-allow-headers
*
cf-ray
8a811b129f5d9746-FRA
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-776cb5686f-pnnjr
ebook-ransomware-readiness-guide.png
corelight.com/hubfs/images/thumbs/ 		282 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://corelight.com/hubfs/images/thumbs/ebook-ransomware-readiness-guide.png
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a483429fbb599e5abcea263ac94b360ea639c92e6fd8e45bff5b9e0d8ebe49a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-169711540028,FD-95863673994,P-8645105,FLS-ALL
x-amz-request-id
5C7M3FC47F8PQXY9
x-amz-server-side-encryption
AES256
edge-cache-tag
F-169711540028,FD-95863673994,P-8645105,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag
public-indexable
etag
"2c83d346481f24d2f0d5d975942163d4"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/png
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1717699184626
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 24 Jul 2024 04:18:20 GMT
via
1.1 56df5811b9d89103539b9b0b5fd9b262.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
o3LZplpm8ddPDTMx.9WZ49pBX_XezFra
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-169711540028,FD-95863673994,P-8645105,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
288745
x-amz-id-2
jBoqiWoqbwE85XmBFQvvR18kQZ7n15KRJTkIjwguMbcW7CLYi6Uo3Yl+q7QA/lpdQBhubgydRIqVnNpbXH3eEjYJHw8Odfq3Y06FU8Uljh0=
last-modified
Thu, 06 Jun 2024 18:39:45 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N51ghy7QSkeSvUcrYZwCSWYUrYdmjNu4K2uIcj6l3gxXPC4I%2BOE08CIyYjf%2F1ztWgjoVWegPuP5U1AlKEO%2BwUlpdLcNLpTF%2BMnmTkKevBNxSwtakrFT6sqaH80lEU48%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8a811b0d5c35bb85-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
AqxTSHGqFsRqW5jXm_cHUX_C_19OafXABWFrVIHeF4AksuxKJlTarQ==
banner.js
js.hs-banner.com/v2/8645105/ 		77 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/v2/8645105/banner.js
Requested by
Host: corelight.com
URL: https://corelight.com/hs/scriptloader/8645105.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7cdcdeb4eff86ff9f1ec0cc160cda0f30b6812b0dd172d30bc753edc84a71a66

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:21 GMT
x-amz-version-id
x2LurhVPNmCnKsIos9PoreFXogp7tAhg
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
1BNCC5KTMF88NT5X
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
d255803f-b215-43dd-9e86-6014b5725820
age
104
x-envoy-upstream-service-time
58
x-amz-id-2
j4ACaavVq5sl5t1I3pZoc9YFQt+hC1Gxf29LcQk++SgVXbpx+VjGdJaQknSO1dxNFTInXxJWJ5goqsluU2RQ2Ds3Du6i9y5lpLhrvsPQHeg=
x-evy-trace-listener
listener_https
x-request-id
d255803f-b215-43dd-9e86-6014b5725820
x-evy-trace-route-configuration
listener_https/all
last-modified
Tue, 16 Jul 2024 22:45:14 GMT
server
cloudflare
etag
W/"2529a549bbac921d2e41460fd41c4459"
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://corelight.com
x-evy-trace-virtual-host
all
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300,public
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-762px
vary
origin, Accept-Encoding
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
8a811b129e996ade-FRA
expires
Wed, 24 Jul 2024 04:21:37 GMT
8645105.js
js.hs-analytics.net/analytics/1721794500000/ 		68 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1721794500000/8645105.js
Requested by
Host: corelight.com
URL: https://corelight.com/hs/scriptloader/8645105.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
803454011f3f3889f5b603039fe1dca6776b942c365e6ee8a6e83a9226296dde

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:21 GMT
x-amz-version-id
null
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
BKM0EXZ968748SHW
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
481100c7-5c8f-4b8a-a591-c0c87ca16f8c
age
104
x-envoy-upstream-service-time
42
x-amz-id-2
n8BxIanAwPGCuIeiDvuEO4MJYlN/ac2Ah177gbnakmb8/uXzE1ZFs9p95ern8LyraxgozYR9q+Y=
x-evy-trace-listener
listener_https
x-request-id
481100c7-5c8f-4b8a-a591-c0c87ca16f8c
x-evy-trace-route-configuration
listener_https/all
last-modified
Tue, 23 Jul 2024 19:09:42 GMT
server
cloudflare
etag
W/"46af696e2303bc8a504ecd5d90dbe241"
vary
origin, Accept-Encoding
content-type
text/javascript
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-gkljw
cache-control
max-age=300,public
access-control-allow-credentials
false
cf-ray
8a811b1298911999-FRA
expires
Wed, 24 Jul 2024 04:21:37 GMT
fb.js
js.hsadspixel.net/ 		6 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: corelight.com
URL: https://corelight.com/hs/scriptloader/8645105.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:80ac , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dea7d93054c054d6908de184845b8db289207bb4928bbdd07d0ad8d52ec0708f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:21 GMT
x-amz-version-id
kl1dxvjzkssE.fV_O4PhpuAJA5n_6jGg
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 9d2dee9b44718f249b789987d2cbe62c.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
IAD12-P3
age
80
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.571/bundles/pixels-release.js&cfRay=8a81191e6aa41909-FRA
x-cache
Hit from cloudfront
x-hubspot-correlation-id
055df7d9-f239-4242-9686-ae544f9d2167
cache-tag
staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
2
x-amz-replication-status
COMPLETED
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
055df7d9-f239-4242-9686-ae544f9d2167
last-modified
Fri, 19 Jul 2024 20:16:33 UTC
server
cloudflare
etag
W/"5d8f21e5e9508f10da257acb3360bbbd"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-hs-cache-status
HIT
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-65f7f7c749-wf75s
cf-ray
8a811b129ea28eb5-FRA
x-amz-cf-id
t9cixCz3nGwRuciOBC1zPA8kTU_FJzlqrhucgUb-8RB3wlW_ZRKktw==
x-hs-target-asset
adsscriptloaderstatic/static-1.571/bundles/pixels-release.js
web-interactives-embed.js
js.hubspot.com/ 		82 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hubspot.com/web-interactives-embed.js
Requested by
Host: corelight.com
URL: https://corelight.com/hs/scriptloader/8645105.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c83d141e62216b5d071e70ca3a4d683ed137d20cfadebd57dd7a85aa672545a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Origin
https://corelight.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1270/bundles/project.js&cfRay=8a811b1298e503cd-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"3a0fbe94ca02fc82b8023b601eb1c059"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-hs-target-asset
web-interactives-embed/static-2.1270/bundles/project.js
date
Wed, 24 Jul 2024 04:18:21 GMT
x-amz-version-id
MxCt6gVg2smW7YsxOhv0LXmditJ.U_pY
x-content-type-options
nosniff
cf-cache-status
MISS
via
1.1 736ad67f05a9a5a8fd5ed8cba30196f4.cloudfront.net (CloudFront)
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
80161890-7d8f-4a53-ba79-085849bc7600
x-cache
Hit from cloudfront
cache-tag
staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
1
x-evy-trace-route-configuration
listener_https/all
x-request-id
80161890-7d8f-4a53-ba79-085849bc7600
last-modified
Tue, 23 Jul 2024 18:42:20 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Za2so2nauR2rjzN7P%2Be5zjw2563%2BzZ1bEHUsSiMp25BJxDFAofbXBKk9sEAxoxipF5Yo9H3KX2o1WtY3umfqLH%2FrMfKJiUnrZTm8AM4KuwO6%2FNktvSiQr5nnTRmyZZDqfEwx%2FolUkW9xe6BK"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-65f7f7c749-lkr4k
cf-ray
8a811b1298e503cd-FRA
x-amz-cf-id
Bvc8Uq5BsjXi_9mANUfJCr7mG2e1dBCnILp9dzjcDTO7gY8Hdhup3Q==
collectedforms.js
js.hscollectedforms.net/ 		69 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hscollectedforms.net/collectedforms.js
Requested by
Host: corelight.com
URL: https://corelight.com/hs/scriptloader/8645105.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6bfe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c78fab07d4ee469def66170220968c4e790992e5adc971a34edc7eabc695e79f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Origin
https://corelight.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
age
104
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.586/bundles/project.js&cfRay=8a81188b2c9a9c0d-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"ac41634810840adc02ea51748cb19c2f"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
collected-forms-embed-js/static-1.586/bundles/project.js
date
Wed, 24 Jul 2024 04:18:21 GMT
x-amz-version-id
FCxgV_B3nWescR00el0uV0Hdj2lazDBZ
x-content-type-options
nosniff
cf-cache-status
HIT
via
1.1 3c43e000c50d5633eb558057710f3c54.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
7551a324-01b6-4319-843b-3afb97692392
x-cache
Hit from cloudfront
cache-tag
staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
0
x-evy-trace-route-configuration
listener_https/all
x-request-id
7551a324-01b6-4319-843b-3afb97692392
last-modified
Tue, 23 Jul 2024 12:55:20 UTC
server
cloudflare
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-65f7f7c749-jxxbv
cf-ray
8a811b12af85bbcd-FRA
x-amz-cf-id
pgQXTAkX6s_NhQwzfWyW8anwBOUuS-uESkXg8Vfef0yN4EoV8614Vg==
has-permission-json
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=8645105
Requested by
Host: corelight.com
URL: https://corelight.com/hs/hsstatic/HubspotToolsMenu/static-1.349/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options no-sniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
no-sniff
cf-cache-status
DYNAMIC
x-hs-worker-debug-mode
false
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
9f30cf05-770c-4bcb-9b8f-4cbf352f5f21
x-envoy-upstream-service-time
3
x-evy-trace-route-configuration
listener_https/all
reporting-endpoints
default="https://send.hsbrowserreports.com/csp/reports?cfRay=8a811b129b40a043&resource=unknown"
x-evy-trace-listener
listener_https
x-request-id
9f30cf05-770c-4bcb-9b8f-4cbf352f5f21
server
cloudflare
vary
origin, Accept-Encoding
access-control-allow-methods
GET
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-origin
https://corelight.com
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-65f7f7c749-fvpqg
cache-control
max-age=0
access-control-allow-credentials
true
x-evy-trace-virtual-host
all
cf-ray
8a811b129b40a043-FRA
call-tracking_9.js
www.gstatic.com/call-tracking/ 		62 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/call-tracking/call-tracking_9.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/wcm/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6d8f8fd6de0b42e3acc7b2f3005c599e9f54d21355c3d6850a5c13daca10d5ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 11:45:57 GMT
content-encoding
br
x-content-type-options
nosniff
age
59544
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-telephony
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20777
x-xss-protection
0
last-modified
Mon, 22 Jan 2024 22:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-telephony"
vary
Accept-Encoding
report-to
{"group":"ads-telephony","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-telephony"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 23 Jul 2025 11:45:57 GMT
adsct
t.co/i/ 		43 B
377 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?bci=3&eci=2&event_id=a982a07f-0ae9-4dce-a627-acb177bc0aa1&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=0fe24bad-e78b-405d-98e7-237c4c31616e&tw_document_href=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nz8zc&type=javascript&version=2.3.30
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.165 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-response-time
176
date
Wed, 24 Jul 2024 04:18:20 GMT
strict-transport-security
max-age=0
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
d26870499a518490
cache-control
no-cache, no-store, max-age=0
perf
7402827104
x-connection-hash
6fa7e997a6cb5c9f5269dc781a813425091d000f13f472e0f59cecae5868c44c
content-length
43
adsct
analytics.twitter.com/i/ 		43 B
394 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=a982a07f-0ae9-4dce-a627-acb177bc0aa1&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=0fe24bad-e78b-405d-98e7-237c4c31616e&tw_document_href=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nz8zc&type=javascript&version=2.3.30
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.67 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-response-time
183
date
Wed, 24 Jul 2024 04:18:20 GMT
strict-transport-security
max-age=631138519
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
88d2598bc2c07c2f
cache-control
no-cache, no-store, max-age=0
perf
7402827104
x-connection-hash
9a396b37ab5cfcf002f15132d7f25e5930236ee3031c45c5264da8ebcb809321
content-length
43
collect
www.google-analytics.com/j/ 		3 B
206 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1947325343&t=pageview&_s=1&dl=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware&ul=de-de&de=UTF-8&dt=Open%20NDR%20and%20Close%20the%20Case%20-%20Ransomware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAGK~&jid=67963389&gjid=212762617&cid=707720110.1721794701&tid=UA-86222136-1&_gid=238320064.1721794701&_r=1&_slc=1&gtm=45He47h0n81PVV5SJDv78906126za200&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=0&npa=1&z=578557585
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 24 Jul 2024 04:18:21 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://corelight.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
expires
Fri, 01 Jan 1990 00:00:00 GMT
471244410413852
connect.facebook.net/signals/config/ 		60 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/471244410413852?v=2.9.162&r=stable&domain=corelight.com&hme=e67e7d148043b3a377ad0eb1c82669792a67ba5e3bb5734b69e611ae38f939ca&ex_m=68%2C115%2C102%2C106%2C59%2C3%2C95%2C67%2C15%2C92%2C85%2C49%2C52%2C163%2C166%2C178%2C174%2C175%2C177%2C28%2C96%2C51%2C74%2C176%2C158%2C161%2C171%2C172%2C179%2C124%2C39%2C33%2C136%2C14%2C48%2C184%2C183%2C126%2C17%2C38%2C1%2C41%2C63%2C64%2C65%2C69%2C89%2C16%2C13%2C91%2C88%2C87%2C103%2C50%2C105%2C37%2C104%2C29%2C25%2C159%2C162%2C133%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C55%2C60%2C62%2C72%2C97%2C26%2C73%2C8%2C7%2C77%2C46%2C20%2C99%2C98%2C100%2C93%2C9%2C19%2C18%2C82%2C54%2C80%2C32%2C71%2C0%2C90%2C31%2C79%2C84%2C45%2C44%2C83%2C36%2C4%2C86%2C78%2C42%2C34%2C81%2C2%2C35%2C61%2C40%2C101%2C43%2C76%2C66%2C107%2C58%2C57%2C30%2C94%2C56%2C53%2C47%2C75%2C70%2C23%2C108
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
98580249fc81ce8105deed4efdda798f21fdb0d189629ea9c122b6c2606e0a17
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 24 Jul 2024 04:18:21 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
12381
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=6, rtx=0, c=65, mss=1297, tbw=64238, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma
public
x-fb-debug
82YYFSMaRk6WvLVfZCNFZK7BCpmIq4TogF6awgG5URNPluCmw7pVdMgxyTeWjsFZRXNkohtt88Hcr+GegrUq5g==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
collect
region1.analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-MGJ29KWT26&gtm=45je47h0v895714547z878906126za200zb78906126&_p=1721794700444&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=707720110.1721794701&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1721794701&sct=1&seg=0&dl=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware&dt=Open%20NDR%20and%20Close%20the%20Case%20-%20Ransomware&en=page_view&_fv=1&_ss=1&tfd=2009&_z=fetch
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-MGJ29KWT26&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jul 2024 04:18:21 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://corelight.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
252 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-MGJ29KWT26&cid=707720110.1721794701&gtm=45je47h0v895714547z878906126za200zb78906126&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1&npa=1&frm=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-MGJ29KWT26&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c1d::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jul 2024 04:18:21 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://corelight.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-MGJ29KWT26&cid=707720110.1721794701&gtm=45je47h0v895714547z878906126za200zb78906126&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1&npa=1&frm=0&z=60856219
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f99.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jul 2024 04:18:21 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
counters.gif
forms-na1.hsforms.com/embed/v3/ 		35 B
885 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
b551ad99-0b09-485e-b7e5-dc31178591c9
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
b551ad99-0b09-485e-b7e5-dc31178591c9
server
cloudflare
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-776cb5686f-njspp
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
8a811b133c1e9064-FRA
6si.min.js
j.6sc.co/ 		68 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/j/33c784e7-4393-41da-aeec-41573dd7de87.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
4dba9e54570483a0624219ec53864f468c9cbdf4f9c1f23821e539de7cb0c9fc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jul 2024 04:18:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 12 Jul 2024 19:23:12 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"669182a0-10e5e"
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, proxy-revalidate, max-age=1800
accept-ranges
bytes
content-length
18671
expires
Wed, 24 Jul 2024 04:48:21 GMT
attribution_trigger
px.ads.linkedin.com/ 		2 B
811 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.ads.linkedin.com/attribution_trigger?pid=292564&time=1721794701308&url=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept
*
Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:20 GMT
content-encoding
gzip
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: C1F1BC11C03B48E6A88D2CCCE0B85BC9 Ref B: FRAEDGE1215 Ref C: 2024-07-24T04:18:21Z
access-control-allow-methods
GET, OPTIONS
x-li-fabric
prod-lor1
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
content-type
application/json
x-li-proto
http/2
x-restli-protocol-version
1.0.0
access-control-allow-headers
*
x-li-uuid
AAYd9pGOHCYv73exwnEBJw==
x-fs-uuid
00061df6918e1c262fef77b1c2710127
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1721794701308&url=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1721794701308&url=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm...
0
480 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1721794701308&url=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware&e_ipv6=AQLFz5VT3v5-yQAAAZDi9ihsiCwIlTHiLKw8WX2DHc9swMm6hzRLqx_8zhqFJJV6Iw
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:20 GMT
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 2CBE04CF567D4186B508697BFAB81262 Ref B: FRAEDGE1309 Ref C: 2024-07-24T04:18:21Z
linkedin-action
1
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type
application/javascript
x-li-fabric
prod-ltx1
x-cache
CONFIG_NOCACHE
x-li-proto
http/2
content-length
0
x-li-uuid
AAYd9pGQo3i4NnchL7fpaQ==

Redirect headers

date
Wed, 24 Jul 2024 04:18:20 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: C4CE257144B34AEFAF4DAFD7B7961BEC Ref B: FRAEDGE1610 Ref C: 2024-07-24T04:18:21Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=292564&time=1721794701308&url=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware&e_ipv6=AQLFz5VT3v5-yQAAAZDi9ihsiCwIlTHiLKw8WX2DHc9swMm6hzRLqx_8zhqFJJV6Iw
x-li-proto
http/2
content-length
0
x-li-uuid
AAYd9pGNy4uV2bxw55VZ3A==
enterprise.js
www.google.com/recaptcha/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise.js?&onload=hsRecaptchaLoaded_cd380135_6a61_4d3d_b3bd_24158dc2553e&render=explicit&hl=en
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/embed/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.164 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f4.1e100.net
Software
GSE /
Resource Hash
d27c1604358c865da27b025f7ae38590eee76052d9e66d10eccd43f543f76356
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Wed, 24 Jul 2024 04:18:21 GMT
assign
tracking.g2crowd.com/attribution_tracking/conversions/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by
Host: tracking.g2crowd.com
URL: https://tracking.g2crowd.com/attribution_tracking/conversions/2971.js?p=https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware&e=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1fb0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundary9iFBjuiL4gVw1B94

Response headers
truncated
/ 		461 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7e892b2c7f1547822bed16792439e413eb1e7cdd9752dba0c1a63d6d71229587

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
counters.gif
forms-na1.hsforms.com/embed/v3/ 		35 B
848 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
b17f9057-e75b-47da-a2bf-dbe8edbf66e6
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
b17f9057-e75b-47da-a2bf-dbe8edbf66e6
server
cloudflare
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-776cb5686f-gqvlc
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
8a811b137c3a9064-FRA
/
t.influ2.com/u/ 		62 B
330 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://t.influ2.com/u/?cb=1721794701352
Requested by
Host: www.influ2.com
URL: https://www.influ2.com/tracker?clid=606b80d4-7186-42d4-b152-ea6d82d8fb61
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.110.211 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
211.110.117.34.bc.googleusercontent.com
Software
nginx/1.25.5 /
Resource Hash
ca5d4bc6e2935b762dc1fddf1251ab7c29b990663ec168970a3148eabf49ee90

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:21 GMT
via
1.1 google
server
nginx/1.25.5
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://corelight.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
62
cf-location
js.hs-banner.com/v2/ 		5 B
148 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/v2/cf-location
Requested by
Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/8645105/banner.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2714df7747a8114a96372d68a1246208e3049e2f3805121e404f04ab943c508

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:21 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=1500
cf-ray
8a811b1398274d31-FRA
content-length
5
/
www.facebook.com/tr/ 		0
273 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=471244410413852&ev=PageView&dl=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware&rl=&if=false&ts=1721794701382&sw=1600&sh=1200&v=2.9.162&r=stable&ec=0&o=4126&fbp=fb.1.1721794701381.996028328551954046&ler=empty&cdl=API_unavailable&it=1721794701222&coo=false&rqm=GET
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=6, rtx=0, c=10, mss=1297, tbw=2788, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 24 Jul 2024 04:18:21 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=471244410413852&ev=PageView&dl=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware&rl=&if=false&ts=1721794701382&sw=1600&sh=1200&v=2.9.162&r=stable&ec=0&o=4126&fbp=fb.1.1721794701381.996028328551954046&ler=empty&cdl=API_unavailable&it=1721794701222&coo=false&rqm=FGET
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
zstd
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
date
Wed, 24 Jul 2024 04:18:21 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7395051932264822741", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=6, rtx=0, c=10, mss=1297, tbw=3105, tp=-1, tpl=-1, uplat=172, ullat=0
pragma
no-cache
x-fb-debug
mlmTIwH4eJtyUAQmM1sUmJ24VZ/jTE1Fxxnxy+ueapHJ+USy4kDjGzRVX/2BRMsbvP7BwiYkGWrTUjmQlmAPKw==
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7395051932264822741"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
wcm
www.google.de/pagead/attribution/
Redirect Chain
  • https://www.googleadservices.com/pagead/conversion/880638848/wcm?cc=ZZ&dn=18885479497&cl=EY8UCLat37QBEID39aMD&dma=1&dma_cps=syphamo&npa=1&ct_eid=2
  • https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=18885479497&cl=EY8UCLat37QBEID39aMD&dma=1&dma_cps=syphamo
80 B
111 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=18885479497&cl=EY8UCLat37QBEID39aMD&dma=1&dma_cps=syphamo
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H3
Server
172.217.23.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f99.1e100.net
Software
cafe /
Resource Hash
d933a98657089095397ca6126d62e3a07c39e70f82b36f8cea002c0ba5bf1e2c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
null
content-type
application/json; charset=UTF-8
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
87
x-xss-protection
0

Redirect headers

date
Wed, 24 Jul 2024 04:18:21 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=18885479497&cl=EY8UCLat37QBEID39aMD&dma=1&dma_cps=syphamo
access-control-allow-origin
https://corelight.com
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
json
forms.hscollectedforms.net/collected-forms/v1/config/ 		135 B
451 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=8645105&utk=
Requested by
Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6bfe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6505c4e892a55c1279deb8357fbc9882d36d34b90c488100e808883eb72d5f88
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:21 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
42f4b5e6-cbd7-43ab-8a4b-ac59a9bea4f5
x-envoy-upstream-service-time
8
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
42f4b5e6-cbd7-43ab-8a4b-ac59a9bea4f5
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://corelight.com
x-evy-trace-virtual-host
all
cache-control
max-age=0
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-65f7f7c749-2jprr
access-control-max-age
180
x-robots-tag
none
access-control-allow-headers
*
cf-ray
8a811b13d877bbcd-FRA
enterprise.js
www.google.com/recaptcha/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise.js?&onload=hsRecaptchaLoaded_bb168158_c891_4620_857b_598fa15933bd&render=explicit&hl=en
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/embed/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.164 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f4.1e100.net
Software
GSE /
Resource Hash
39adf9c297391d2383d659956cb61dd298e4a85213d3ea4147875c99d897d869
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Wed, 24 Jul 2024 04:18:21 GMT
getuidj
secure.adnxs.com/ 		11 B
694 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/getuidj
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jul 2024 04:18:21 GMT
an-x-request-uuid
f753b0be-9ae0-434b-bfac-60018983183d
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://corelight.com
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
81.95.5.38; 81.95.5.38; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
11
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
/
c.6sc.co/ 		7 B
191 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:21 GMT
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
text/html
access-control-allow-origin
https://corelight.com
access-control-allow-credentials
true
access-control-allow-headers
*
content-length
7
/
ipv6.6sc.co/ 		15 B
297 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ipv6.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::214:8e70 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
6d80d4648016aa87c91a3c59c2391183c31cfaed208e108d496eefdcce2d4271

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jul 2024 04:18:21 GMT
vary
Origin
content-type
text/html
access-control-allow-origin
https://corelight.com
cache-control
max-age=0, no-cache, no-store
6si-ipv6
2a01:4a0:2b::12
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1721794701450_34901612_57367671_23_761_6_21_219";dur=1
content-length
15
expires
Wed, 24 Jul 2024 04:18:21 GMT
combinedConfigs
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 		61 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=8645105&currentUrl=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware&contentId=143091527220
Requested by
Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
beaa769d-1db7-4aaf-a2d4-473aceb962a9
content-encoding
br
x-envoy-upstream-service-time
8
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
beaa769d-1db7-4aaf-a2d4-473aceb962a9
server
cloudflare
vary
origin
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://corelight.com
x-evy-trace-virtual-host
all
access-control-max-age
180
access-control-allow-credentials
true
cache-control
max-age=0, no-cache, no-store
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S21fFkbiwvmgmM%2F%2Bx2%2FX1GHbpwCi0pwb%2BGOPIOgy3f3V%2Bd9qb4LZ9tH1qgE51n73cEtnTNF5sis1DvRJbY25XcDfOumHm232lSqLfDM8YitQdBe6OVg8AziE5oFDqx42GFHHh6kporJ0NRLOunF5cXbMOuxkKG4nnYY%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag
noindex, follow
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray
8a811b141a3103cd-FRA
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-776cb5686f-nlgnj
recaptcha__en.js
www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/ 		534 KB
211 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?&onload=hsRecaptchaLoaded_cd380135_6a61_4d3d_b3bd_24158dc2553e&render=explicit&hl=en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f99.1e100.net
Software
sffe /
Resource Hash
0ec782544506a0aea967ea044659c633e1ee735b79e5172cb263797cc5cefe3a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Origin
https://corelight.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 23:58:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
15605
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
216123
x-xss-protection
0
last-modified
Sun, 23 Jun 2024 08:01:07 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 23 Jul 2025 23:58:16 GMT
css2
fonts.googleapis.com/ 		2 KB
709 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap
Requested by
Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/8645105/banner.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
fba31c2cd9699431dba47604216525f9bcc0cb1d5980fbae9b19c8b86454d2fc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 24 Jul 2024 04:18:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 24 Jul 2024 04:01:06 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 24 Jul 2024 04:18:21 GMT
view
js.hs-banner.com/v2/activity/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/v2/activity/view
Requested by
Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/8645105/banner.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 24 Jul 2024 04:18:21 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator, envoyset-translator
x-hubspot-correlation-id
56d645bb-aac9-42a4-8e0a-5aeb15dfe549
x-envoy-upstream-service-time
23
x-evy-trace-route-configuration
listener_http/all, listener_https/all
x-evy-trace-listener
listener_http, listener_https
x-request-id
56d645bb-aac9-42a4-8e0a-5aeb15dfe549
server
cloudflare
vary
origin
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-virtual-host
all, all
x-evy-trace-served-by-pod
iad02/private-hubapi-td/envoy-proxy-5f998ff6dc-djxfd, iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-gtkxs
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-origin
https://corelight.com
access-control-allow-credentials
true
access-control-max-age
604800
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
8a811b162a8b4d31-FRA
view
js.hs-banner.com/v2/activity/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/v2/activity/view
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://corelight.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin
https://corelight.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age
604800
cf-cache-status
DYNAMIC
cf-ray
8a811b1449154d31-FRA
content-length
0
content-type
application/octet-stream
date
Wed, 24 Jul 2024 04:18:21 GMT
server
cloudflare
timing-allow-origin
*
vary
origin
x-envoy-upstream-service-time
0
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-gtkxs
x-evy-trace-virtual-host
all
x-hubspot-correlation-id
96ae11a9-5d56-4153-b224-b1b6bac3bfdc
x-request-id
96ae11a9-5d56-4153-b224-b1b6bac3bfdc
img.gif
b.6sc.co/v1/beacon/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&visitor=c7fcc2f5-6e22-4817-8cf2-e330552c6791&session=2a6fce16-02ec-4a2e-8a3b-689c06257641&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A2b%3A%3A12%22%7D&isIframe=false&m=%7B%22description%22%3A%22Defy%20ransomware%20with%20Corelight%27s%20Open%20NDR%20Platform.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Open%20NDR%20and%20Close%20the%20Case%20-%20Ransomware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware&pageViewId=32cd3a24-f6c3-4440-88a3-07b56d3c854f&webTagId=33c784e7-4393-41da-aeec-41573dd7de87&ipv6=2a01%3A4a0%3A2b%3A%3A12&v=1.1.22
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jul 2024 04:18:21 GMT
x-content-type-options
nosniff
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5e502810-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jul 2024 04:18:21 GMT
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v24/ 		23 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://corelight.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 15:02:44 GMT
x-content-type-options
nosniff
age
47737
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23580
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:17:22 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 23 Jul 2025 15:02:44 GMT
S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://corelight.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 11:58:29 GMT
x-content-type-options
nosniff
age
58792
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23040
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:07:25 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 23 Jul 2025 11:58:29 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
258 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&visitor=c7fcc2f5-6e22-4817-8cf2-e330552c6791&session=2a6fce16-02ec-4a2e-8a3b-689c06257641&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2024%20Jul%202024%2004%3A18%3A21%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Defy%20ransomware%20with%20Corelight%27s%20Open%20NDR%20Platform.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Open%20NDR%20and%20Close%20the%20Case%20-%20Ransomware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware&pageViewId=32cd3a24-f6c3-4440-88a3-07b56d3c854f&an_uid=0&webTagId=33c784e7-4393-41da-aeec-41573dd7de87&ipv6=2a01%3A4a0%3A2b%3A%3A12&v=1.1.22
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jul 2024 04:18:21 GMT
x-content-type-options
nosniff
last-modified
Sat, 18 Feb 2023 01:45:17 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f02dad-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jul 2024 04:18:21 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&visitor=c7fcc2f5-6e22-4817-8cf2-e330552c6791&session=2a6fce16-02ec-4a2e-8a3b-689c06257641&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22e13725f521f4b7b8b185e2f10ffe13a5%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2004%3A18%3A21%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2004%3A18%3A21%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%229ff21f9713e91318ec2c279ceb7110eeb77aabe5%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2004%3A18%3A21%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2004%3A18%3A21%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2004%3A18%3A21%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2004%3A18%3A21%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2004%3A18%3A21%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2004%3A18%3A21%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%2233c784e7-4393-41da-aeec-41573dd7de87%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2004%3A18%3A21%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2004%3A18%3A21%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2004%3A18%3A21%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableMapCookieCapture%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2004%3A18%3A21%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2004%3A18%3A21%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Defy%20ransomware%20with%20Corelight%27s%20Open%20NDR%20Platform.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Open%20NDR%20and%20Close%20the%20Case%20-%20Ransomware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware&pageViewId=32cd3a24-f6c3-4440-88a3-07b56d3c854f&an_uid=0&webTagId=33c784e7-4393-41da-aeec-41573dd7de87&ipv6=2a01%3A4a0%3A2b%3A%3A12&v=1.1.22
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jul 2024 04:18:21 GMT
x-content-type-options
nosniff
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jul 2024 04:18:21 GMT
anchor
www.google.com/recaptcha/enterprise/ Frame 8132 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9jb3JlbGlnaHQuY29tOjQ0Mw..&hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=invisible&badge=inline&cb=ntxaa4tp065y
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.164 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-wbACSmCh-tw9nLorbJlhBw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-wbACSmCh-tw9nLorbJlhBw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 24 Jul 2024 04:18:21 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
anchor
www.google.com/recaptcha/enterprise/ Frame D34F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9jb3JlbGlnaHQuY29tOjQ0Mw..&hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=invisible&badge=inline&cb=bgxf037q9oef
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.164 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-mlSp_U2rFx32XJ3SgOZDtg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-mlSp_U2rFx32XJ3SgOZDtg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 24 Jul 2024 04:18:21 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
counters.gif
forms.hsforms.com/embed/v3/ 		35 B
574 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
47487470-9013-46e9-8d1e-f1d804d274b9
x-envoy-upstream-service-time
1
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
47487470-9013-46e9-8d1e-f1d804d274b9
server
cloudflare
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-776cb5686f-h29cs
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
8a811b157b69bbe5-FRA
details
epsilon.6sense.com/v3/company/ 		739 B
713 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://epsilon.6sense.com/v3/company/details
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software
nginx /
Resource Hash
bf297933154d102803f89d843a50fd7a40ddc7eca9ea6aab4df012c2a71ad84f

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Authorization
Token 9ff21f9713e91318ec2c279ceb7110eeb77aabe5
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
X-6s-CustomID
WebTag 33c784e7-4393-41da-aeec-41573dd7de87

Response headers

x-trace-id
7135933947683437043
date
Wed, 24 Jul 2024 04:18:21 GMT
content-encoding
gzip
server
nginx
vary
Origin, Accept-Encoding
content-type
application/json
x-6si-region
eu-central-1a
access-control-allow-origin
https://corelight.com
access-control-expose-headers
X-6si-Region
access-control-allow-credentials
true
timing-allow-origin
https://6sense.com, https://www.ssga.com
content-length
395
details
epsilon.6sense.com/v3/company/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://epsilon.6sense.com/v3/company/details
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,x-6s-customid
Access-Control-Request-Method
GET
Origin
https://corelight.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization,x-6s-customid
access-control-allow-methods
OPTIONS,GET
access-control-allow-origin
https://corelight.com
access-control-expose-headers
X-6si-Region
access-control-max-age
1800
date
Wed, 24 Jul 2024 04:18:21 GMT
server
nginx
timing-allow-origin
https://6sense.com, https://www.ssga.com
x-6si-region
eu-central-1a
x-trace-id
5046718985065246460
counters.gif
perf-na1.hsforms.com/embed/v3/ 		35 B
582 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
bfdb4f3d-1084-448d-942b-9c9b4fc6244a
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
bfdb4f3d-1084-448d-942b-9c9b4fc6244a
last-modified
Wed, 24 Jul 2024 04:18:21 GMT
server
cloudflare
vary
origin, Accept-Encoding
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-776cb5686f-h29cs
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
accept-ranges
bytes
x-robots-tag
none
cf-ray
8a811b15cd6d9064-FRA
/
px.ads.linkedin.com/wa/ 		0
408 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
*
Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 24 Jul 2024 04:18:20 GMT
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: F6776EE0FC814A44B4D405D3013DB930 Ref B: FRAEDGE1610 Ref C: 2024-07-24T04:18:21Z
linkedin-action
1
vary
Origin
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric
prod-ltx1
access-control-allow-origin
https://corelight.com
x-cache
CONFIG_NOCACHE
x-li-proto
http/2
access-control-allow-credentials
true
x-li-uuid
AAYd9pGTicsHVMd5sJlhLA==
insent
corelight.widget.insent.ai/ 		80 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://corelight.widget.insent.ai/insent
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:8400:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c0e96c0f51eb10934d2022f7d30dbeaf05f748f85d32dfe71711f2dbb21621d8

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
Do3I7W1ZAWXrXjTz8nc5rLMLlRnTeriu
content-encoding
gzip
via
1.1 a3c1615d6bdfc01a05a0b3a742d10d38.cloudfront.net (CloudFront)
date
Tue, 23 Jul 2024 06:13:33 GMT
last-modified
Wed, 18 Oct 2023 08:56:44 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P4
age
79489
etag
"6c640d0008fb2a23a0ff942202f8657c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
binary/octet-stream
content-length
23142
x-amz-cf-id
kOEkGWQUDd2Hz2Pgh9O3tvvAp9-F7TeMDApBiFla8aSa-uj4HXZvQA==
__ptq.gif
track.hubspot.com/ 		45 B
504 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=321484724&v=1.1&a=8645105&pi=143091527220&ct=standard-page&ccu=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware&cpi=143091527220&lpi=143091527220&lvi=143091527220&lvc=en&pu=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware&t=Open+NDR+and+Close+the+Case+-+Ransomware&cts=1721794701933&rv=1&vi=d0e6c59328ad6d005fb96bd21bbe04a7&nc=true&ce=false&cc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
13e3d15e-aa1d-47a5-ac29-70bad8ff35ed
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
6
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
13e3d15e-aa1d-47a5-ac29-70bad8ff35ed
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VRQiyDtzUNndvZuoGndtseSrpN%2BqlxNuBMrEtZKzlqxPdmYm6Sn12Km16SMsNt7VKTuE%2FVbotGjHgdu6lEIFNB4RPZX2KOiAiNUePJorAptaSqzT1Do6vzQy72AFyND5MR9JcwnNtRXwXcr3k6bP"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-756b8c8b56-9qxjr
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
8a811b173ed6a043-FRA
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
610 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=0c43253e-22fa-4d22-b87b-bbd4b51379f5&fci=cd380135-6a61-4d3d-b3bd-24158dc2553e&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=321484724&v=1.1&a=8645105&pi=143091527220&ct=standard-page&ccu=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware&cpi=143091527220&lpi=143091527220&lvi=143091527220&lvc=en&pu=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware&t=Open+NDR+and+Close+the+Case+-+Ransomware&cts=1721794701933&rv=1&vi=d0e6c59328ad6d005fb96bd21bbe04a7&nc=true&ce=false&cc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
b935e2ac-bb6b-4831-8eb3-9c12817dd77e
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
3
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
b935e2ac-bb6b-4831-8eb3-9c12817dd77e
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=akFLQzTbfTajUEc8PmaNL4GxF7%2BlRpyFxgpRVF5%2BEoZefkXCY8iIg6p5iHQPZXejEyaT%2Fq9g9xhQHyEueCPxE2NX%2BHnY9wsP8nGFdobi6uSF87H7d2iOVh8omw64suLIELxIUPZB82kQecmRXhUl"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-756b8c8b56-nmjzc
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
8a811b173edba043-FRA
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
434 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=17&fi=0c43253e-22fa-4d22-b87b-bbd4b51379f5&fci=cd380135-6a61-4d3d-b3bd-24158dc2553e&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=321484724&v=1.1&a=8645105&pi=143091527220&ct=standard-page&ccu=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware&cpi=143091527220&lpi=143091527220&lvi=143091527220&lvc=en&pu=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware&t=Open+NDR+and+Close+the+Case+-+Ransomware&cts=1721794701934&rv=1&vi=d0e6c59328ad6d005fb96bd21bbe04a7&nc=true&ce=false&cc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
bdd07ffc-aafc-48a8-b2ff-1f9bf518b9d7
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
7
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
bdd07ffc-aafc-48a8-b2ff-1f9bf518b9d7
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sPiLBfHt5zveWmhLI%2BFgffhr1JC1s7CbZbsN9xSmQpBHP1I5pdejuc%2B%2BCgBcxibBqdZBAiNMlJv2k%2BbKKWiipRqbeAoerFaytNF4ArSxKw82c%2FVDVE0LmQRdvgcsAwo6aoiq4igbl6f3q3iULQyy"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-756b8c8b56-d65qg
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
8a811b173ed7a043-FRA
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
441 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=0c43253e-22fa-4d22-b87b-bbd4b51379f5&fci=bb168158-c891-4620-857b-598fa15933bd&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=321484724&v=1.1&a=8645105&pi=143091527220&ct=standard-page&ccu=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware&cpi=143091527220&lpi=143091527220&lvi=143091527220&lvc=en&pu=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware&t=Open+NDR+and+Close+the+Case+-+Ransomware&cts=1721794701934&rv=1&vi=d0e6c59328ad6d005fb96bd21bbe04a7&nc=true&ce=false&cc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
c53b635c-ef71-49a6-8849-700cef89374a
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
7
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
c53b635c-ef71-49a6-8849-700cef89374a
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nTNz0GVsk4V531QMMnXhJ2NwWFaaV9Llz1KiGFH%2Bi5xL%2FSHs%2FmcgIDIcaEfaTk%2Bv4LhhzBrMzek8CFOo7%2Bh%2Bgzu7RqQXI4Wpl%2FhqmHptlyth4bcTPL7gjWdeor6sqd1EcMVk19gLXfC53dgqsK9Y"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-756b8c8b56-kjwp4
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
8a811b173ed9a043-FRA
x-robots-tag
none
lp.js
metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/lp.js
Requested by
Host: corelight.com
URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:911d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10261b710e399a8cee22c8ff4118167d91ac58254f5bf0291036d2219dd5cf25
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 04:18:22 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
tx0000017fcbf6bc503f379-0065ef2edd-54a620eb-sfo2a
age
563565
x-envoy-upstream-healthchecked-cluster
last-modified
Thu, 22 Sep 2022 17:10:43 GMT
server
cloudflare
etag
W/"9a8767fa98da937fb02cdbbc52a101bb"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
content-type
application/x-javascript
x-do-cdn-uuid
80b6018b-293e-4962-9bc8-48075e637d03
x-rgw-object-type
Normal
cache-control
max-age=604800
cf-ray
8a811b1819a93aa4-FRA
ig-icon-corelight-favicon-96x96.png
corelight.com/hubfs/ 		612 B
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://corelight.com/hubfs/ig-icon-corelight-favicon-96x96.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.6 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c1caf7396ae952c33d52b9eeee6417f38af0daadf70bacbe43a18f3b27a268e5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-68918519435,FD-67675262977,P-8645105,FLS-ALL
age
1794673
x-amz-request-id
1DACFDDZXJ5CMM9M
x-amz-server-side-encryption
AES256
edge-cache-tag
F-68918519435,FD-67675262977,P-8645105,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="ig-icon-corelight-favicon-96x96.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"524c1f68c5bd490a5cd34585a3b54349"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1647625472405
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Wed, 24 Jul 2024 04:18:22 GMT
strict-transport-security
max-age=31536000
via
1.1 12dba18ae3d66aa7dad74e664431ae9a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
Pyq.HqZ2M1EvwhMnZSiI.k5EcIHt8JX3
x-amz-cf-pop
FRA60-P7
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=1298
x-cache
RefreshHit from cloudfront
cache-tag
F-68918519435,FD-67675262977,P-8645105,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
612
x-amz-id-2
pPqGsO2+M3UqPWrMFCiUHbKn6mLiBmXGNTGaJvSle5uwt23UbzT7fuObHYh1OQ0RFaC95dSImCs=
last-modified
Tue, 21 Mar 2023 15:14:54 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zu6h9UVixpuhr3efUvf5Yoj6FpHk6T0wYTjxgwtPtQoCNPREMbACWVsRhr4SzqWxtRNRc1NJAS6RHLC0cDPiACE0nD2NwmlyxeucbM%2Ff4qldVgtLjGlD%2BgND5TiKqpU%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8a811b17384b1e64-FRA
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
lW5Ej6nDK-uMMbcphl7Zf6qSFl3BSLh1Q4qEgJXc6iW5WhNhSXfdaQ==
bframe
www.google.com/recaptcha/enterprise/ Frame 6356 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.164 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-edZDXXaMZ2znxJUg1P83-g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-edZDXXaMZ2znxJUg1P83-g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 24 Jul 2024 04:18:22 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
bframe
www.google.com/recaptcha/enterprise/ Frame CACE 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.164 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-EmwR8D8BmvYDEiHwh5jAXQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-EmwR8D8BmvYDEiHwh5jAXQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 24 Jul 2024 04:18:22 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
img.gif
b.6sc.co/v1/beacon/ 		43 B
258 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&visitor=c7fcc2f5-6e22-4817-8cf2-e330552c6791&session=2a6fce16-02ec-4a2e-8a3b-689c06257641&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2004%3A18%3A22%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2004%3A18%3A21%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Defy%20ransomware%20with%20Corelight%27s%20Open%20NDR%20Platform.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Open%20NDR%20and%20Close%20the%20Case%20-%20Ransomware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware&pageViewId=32cd3a24-f6c3-4440-88a3-07b56d3c854f&an_uid=0&webTagId=33c784e7-4393-41da-aeec-41573dd7de87&ipv6=2a01%3A4a0%3A2b%3A%3A12&v=1.1.22
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jul 2024 04:18:22 GMT
x-content-type-options
nosniff
last-modified
Sat, 18 Feb 2023 01:45:17 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f02dad-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jul 2024 04:18:22 GMT
/
corelight.widget.insent.ai/ Frame 09C0 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://corelight.widget.insent.ai/?project_key=ifR9qnekVxidCVXYhrNb&blog_url=corelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware&event_listener=7jkfy4SrsV2lsHk&marketo_cookies=[]&hubspot_cookies=[]&pardot_cookies=[]&eloqua_cookies=[]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Requested by
Host: corelight.widget.insent.ai
URL: https://corelight.widget.insent.ai/insent
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:8e00:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

age
20938483
cache-control
max-age=31536000
content-encoding
gzip
content-type
text/html
date
Fri, 24 Nov 2023 20:03:40 GMT
etag
W/"cea936b357d0fefbe67f396ac27ecc71"
last-modified
Wed, 18 Oct 2023 08:56:50 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-id
7MmQRdx4yopyybahs9XkxQE9sBS4V48uEaz-TP58XA_kJ_2vTBL5WQ==
x-amz-cf-pop
FRA60-P4
x-amz-version-id
wf2lJ.cKt7e1wlMSlpAOAV_K1ZPwVE5q
x-cache
Error from cloudfront
img.gif
b.6sc.co/v1/beacon/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&visitor=c7fcc2f5-6e22-4817-8cf2-e330552c6791&session=2a6fce16-02ec-4a2e-8a3b-689c06257641&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2004%3A18%3A23%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2004%3A18%3A22%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%222002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Defy%20ransomware%20with%20Corelight%27s%20Open%20NDR%20Platform.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Open%20NDR%20and%20Close%20the%20Case%20-%20Ransomware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware&pageViewId=32cd3a24-f6c3-4440-88a3-07b56d3c854f&an_uid=0&webTagId=33c784e7-4393-41da-aeec-41573dd7de87&ipv6=2a01%3A4a0%3A2b%3A%3A12&v=1.1.22
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jul 2024 04:18:23 GMT
x-content-type-options
nosniff
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jul 2024 04:18:23 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
258 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&visitor=c7fcc2f5-6e22-4817-8cf2-e330552c6791&session=2a6fce16-02ec-4a2e-8a3b-689c06257641&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2004%3A18%3A24%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2004%3A18%3A23%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%223004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Defy%20ransomware%20with%20Corelight%27s%20Open%20NDR%20Platform.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Open%20NDR%20and%20Close%20the%20Case%20-%20Ransomware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware&pageViewId=32cd3a24-f6c3-4440-88a3-07b56d3c854f&an_uid=0&webTagId=33c784e7-4393-41da-aeec-41573dd7de87&ipv6=2a01%3A4a0%3A2b%3A%3A12&v=1.1.22
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jul 2024 04:18:24 GMT
x-content-type-options
nosniff
last-modified
Sat, 18 Feb 2023 01:45:17 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f02dad-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jul 2024 04:18:24 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&visitor=c7fcc2f5-6e22-4817-8cf2-e330552c6791&session=2a6fce16-02ec-4a2e-8a3b-689c06257641&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2004%3A18%3A25%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2004%3A18%3A24%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%224004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Defy%20ransomware%20with%20Corelight%27s%20Open%20NDR%20Platform.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Open%20NDR%20and%20Close%20the%20Case%20-%20Ransomware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware&pageViewId=32cd3a24-f6c3-4440-88a3-07b56d3c854f&an_uid=0&webTagId=33c784e7-4393-41da-aeec-41573dd7de87&ipv6=2a01%3A4a0%3A2b%3A%3A12&v=1.1.22
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jul 2024 04:18:25 GMT
x-content-type-options
nosniff
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5e502810-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jul 2024 04:18:25 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e13725f521f4b7b8b185e2f10ffe13a5&svisitor=null&visitor=c7fcc2f5-6e22-4817-8cf2-e330552c6791&session=2a6fce16-02ec-4a2e-8a3b-689c06257641&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2004%3A18%3A26%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2004%3A18%3A25%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Defy%20ransomware%20with%20Corelight%27s%20Open%20NDR%20Platform.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Open%20NDR%20and%20Close%20the%20Case%20-%20Ransomware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcorelight.com%2Fcp%2Fopen-ndr%2Fransomware%3Futm_campaign%3DONDR%26utm_content%3DEmployee_Email%26utm_medium%3DSigstr%26utm_source%3DEmail_Signature%26utm_term%3DRansomware&pageViewId=32cd3a24-f6c3-4440-88a3-07b56d3c854f&an_uid=0&webTagId=33c784e7-4393-41da-aeec-41573dd7de87&ipv6=2a01%3A4a0%3A2b%3A%3A12&v=1.1.22
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jul 2024 04:18:26 GMT
x-content-type-options
nosniff
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"615ccf10-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jul 2024 04:18:26 GMT

Verdicts & Comments Add Verdict or Comment

105 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| dataLayer function| hj object| _hjSettings object| FontAwesomeKitConfig function| $ function| jQuery object| hjSiteSettings function| hjBootstrap object| hjLazyModules object| hjBootstrapCalled object| hubspot object| HubSpotForms object| hbspt object| hsFormsOnReady object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga string| _linkedin_data_partner_id function| twq function| _googWcmImpl string| _googWcmAk function| fbq function| _fbq function| getParam function| getExpiryRecord function| addGclid object| t object| s string| insentCompanyDomain string| insentProjectName string| insentProjectKey object| insent function| initializeAnimations function| removeSvgLines object| _hsq object| hsVars object| _hsp object| regeneratorRuntime object| twttr object| gaplugins object| gaGlobal object| gaData function| onYouTubeIframeAPIReady object| _6si function| lintrk boolean| _already_called_lintrk function| hsRecaptchaLoaded_cd380135_6a61_4d3d_b3bd_24158dc2553e object| influ2 object| hsCookieBanner boolean| _hspb_loaded boolean| _hspb_ran boolean| PIXELS_RAN object| enabledEventSettings object| _paq function| sanitizeKey boolean| _hstc_loaded object| __hsCollectedFormsDebug function| jspbGetTypeName function| _googWccDebug function| _googCallTrackingImpl function| _gaPhoneImpl function| hsRecaptchaLoaded_bb168158_c891_4620_857b_598fa15933bd object| hsCtasOnReady object| __PRIVATE__HubspotCtaClient object| hsCallsToActionsReady object| __hsWebInteractiveInstance object| hsConversationsOnReady object| HubSpotCallsToActions boolean| hubspot_web_interactives_running object| ZILogs object| ziws object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client boolean| google-font-injected string| google_wcc_status object| closure_lm_872701 boolean| _storagePopulated object| ORIBILI boolean| _hstc_ran string| __hsUserToken number| expireDateTime boolean| isInsentUserWindowActive number| checkCookiesIntervalId string| insentPageUrl number| insentUrlChangeIntervalId object| Metadata string| eventListenerName object| triggerForms object| insentFoundFormsBlackList object| ziFormFields string| insentUserId string| insentPageSessionId

32 Cookies

Domain/Path Name / Value
www.google.com/recaptcha Name: _GRECAPTCHA
Value: 09ALvppY-6mrTyLqkzGG7m3Wcj1iS-YPNvR-_d6t5eBFhjp378TuEtU79_Bl40HLQlGwN-N2FE_3Sb6YxZr4BQdVg
.corelight.com/ Name: __cf_bm
Value: 32.2PyZ7s4bNIonbLs5wuzQhdkUhVah9ge9cB_oxjA8-1721794700-1.0.1.1-VN0.Rw2f8EUyj3PpNSkdbX.mkmy0bcwbi4ayMuXyNOvfhZ3TKBvusB9N5M9pAITV6o4V_3.CJTEC68LnCuzaZQ
.corelight.com/ Name: __cfruid
Value: 70f9668a492e699716e17a2ee00d0aad4154ac2c-1721794700
.hsforms.net/ Name: __cf_bm
Value: N7i1p_xTgHXpcBnU4ZH4aWmrclXhUd2Bu5i7tEkTX8Q-1721794700-1.0.1.1-RQ_ZY60rdeP9WPhPHPVqD00ZqNRIpUrebsl5wVhTpMHotur5ZPGO0faSPv9blaXXVrqA3tA3txSfbYQPPK9gFA
.corelight.com/ Name: _gcl_au
Value: 1.1.1098879076.1721794701
.corelight.com/ Name: _hjSessionUser_875805
Value: eyJpZCI6Ijc2OGUwMDIwLTQ5YTEtNTNmZi04NWEzLTI5NGM0YTQ2MzlmMiIsImNyZWF0ZWQiOjE3MjE3OTQ3MDExODcsImV4aXN0aW5nIjp0cnVlfQ==
.corelight.com/ Name: _hjSession_875805
Value: eyJpZCI6IjQzZWQwYzdiLTFlMDEtNDk4NC05ZTNhLTRiYWRhYWYxNDI4ZSIsImMiOjE3MjE3OTQ3MDExODgsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.g2crowd.com/ Name: __cf_bm
Value: ifLzi3xdSo06nea8WBT4U8crM1hxCjcSbf_wXoa3QkM-1721794701-1.0.1.1-7DhHjn1AZfzRxAw.V_4biT.YhwFiSdozajAObkr_WcLbCn3J4UfsY.ti3JCDS1fle4rqw.Nq2kCia1DjqutLiA
.corelight.com/ Name: _gid
Value: GA1.2.238320064.1721794701
corelight.com/ Name: _ga-ss
Value: 1|UA-86222136-1|
.corelight.com/ Name: _gat_UA-86222136-1
Value: 1
.corelight.com/ Name: _ga
Value: GA1.1.707720110.1721794701
.ws.zoominfo.com/ Name: visitorId
Value: ab40e3abd156eab790da7ef3458a95b6a62c34da55ed6eaec412ef0af8580170
.zoominfo.com/ Name: __cf_bm
Value: xb5tSEhHDKbYiztXriH6vy2hlKvDIFmBYZKCiNaxRUM-1721794701-1.0.1.1-qC3mx.jbL9XOKt58ca84keaxhMo76Qsi3WOUFzS0YlD5p_1MLUFIL7RTJRT2D.e3iU9PO3oJsqiT1hgSUgzOFg
.zoominfo.com/ Name: _cfuvid
Value: S0aCQROu15tRhI1emCdtSEHGpKGB0..Rt0_tLqutUeQ-1721794701345-0.0.1.1-604800000
.hubspot.com/ Name: __cf_bm
Value: sjZ91PdBuQ45bgZzs7sO9rdY_68dnDB0yJtaOa1QT64-1721794701-1.0.1.1-dlrjBGuTEciVpu7zVv_.fP5IDN7TspjqGAhUlB9qPtUbNijvyMcqdAtgfBtO5c9bWJ9z8Lrd4CuH7tC8EYCMxg
.hubspot.com/ Name: _cfuvid
Value: LGmENB5Mcf4xzi2h2lnl3Yg8hrIM40Gnh7CtnFl8Tmw-1721794701365-0.0.1.1-604800000
.corelight.com/ Name: _fbp
Value: fb.1.1721794701381.996028328551954046
.t.co/ Name: muc_ads
Value: 69434002-6f90-4acd-8982-83c1ef959410
.twitter.com/ Name: personalization_id
Value: "v1_Stheb8YxPB+aInS9hbSlmQ=="
.hsforms.com/ Name: __cf_bm
Value: buCZlY04wDkARCgIqao98NpMwpS2fCAi5_WkClRx86E-1721794701-1.0.1.1-4BbN_3dcbl0wGhIloXP7hWf0SD9hroAarKgaGsC3fHwL4P6irrvClV7My2AViMiDtEEG39Aw_f2BRWhMkF5vSA
.hsforms.com/ Name: _cfuvid
Value: sHuD3lxMSfqDeL7pia2PvDxD4gm06xld_Jw0_afzN6g-1721794701458-0.0.1.1-604800000
corelight.com/ Name: _gd_visitor
Value: c7fcc2f5-6e22-4817-8cf2-e330552c6791
corelight.com/ Name: _gd_session
Value: 2a6fce16-02ec-4a2e-8a3b-689c06257641
.linkedin.com/ Name: bcookie
Value: "v=2&ff8f9deb-6d0f-438a-86f6-f3b1662d99b6"
.linkedin.com/ Name: li_gc
Value: MTswOzE3MjE3OTQ3MDE7MjswMjEZmCPlOBYkoqt9SmU9wlmfyAbeLzjyP5f1Ro64wvrOLA==
.linkedin.com/ Name: lidc
Value: "b=TGST07:s=T:r=T:a=T:p=T:g=2897:u=1:x=1:i=1721794701:t=1721881101:v=2:sig=AQHT44ngEdpWon2OeqR2NL-n3OAkbjH-"
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.influ2.com/ Name: R
Value: d98cb25e55e80b522d540f1
corelight.com/ Name: _an_uid
Value: 0
.corelight.com/ Name: _ga_MGJ29KWT26
Value: GS1.1.1721794701.1.0.1721794701.60.0.0
.corelight.com/ Name: insent-user-id
Value: NIutiNLiHVeE1txzQ1721794703246

1 Console Messages

Source Level URL
Text
rendering error URL: https://corelight.com/cp/open-ndr/ransomware?utm_campaign=ONDR&utm_content=Employee_Email&utm_medium=Sigstr&utm_source=Email_Signature&utm_term=Ransomware(Line 412)
Message:
Error: <svg> attribute viewBox: Expected number, "0 0 100% 2000px".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' *.corelight.com https://corelight.com https://www.corelight.com;; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Frame-Options sameorigin
X-Xss-Protection 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
analytics.twitter.com
app.hubspot.com
b.6sc.co
c.6sc.co
connect.facebook.net
corelight.com
corelight.widget.insent.ai
cta-service-cms2.hubspot.com
epsilon.6sense.com
fonts.googleapis.com
fonts.gstatic.com
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
hello.corelight.com
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsforms.net
js.hubspot.com
ka-f.fontawesome.com
kit.fontawesome.com
metadata-static-files.sfo2.cdn.digitaloceanspaces.com
perf-na1.hsforms.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
script.hotjar.com
secure.adnxs.com
signatures.corelight.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
static.hsappstatic.net
stats.g.doubleclick.net
t.co
t.influ2.com
track.hubspot.com
tracking.g2crowd.com
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.influ2.com
104.16.118.43
104.18.142.119
104.19.175.188
104.244.42.67
13.107.42.14
13.32.27.21
142.250.185.226
142.250.186.164
146.75.120.157
172.217.18.99
172.217.23.99
172.67.139.119
18.66.102.11
185.89.210.122
199.60.103.6
2.17.100.193
2001:4860:4802:32::36
2600:9000:225e:8400:f:7ae2:7780:93a1
2600:9000:225e:8e00:f:7ae2:7780:93a1
2606:4700:4400::6812:2844
2606:4700:4400::ac40:911d
2606:4700:4400::ac40:991b
2606:4700::6810:6bfe
2606:4700::6810:7574
2606:4700::6810:7674
2606:4700::6811:80ac
2606:4700::6811:ac5b
2606:4700::6811:afc9
2606:4700::6812:1fb0
2620:1ec:21::14
2a00:1450:4001:809::2003
2a00:1450:4001:810::200a
2a00:1450:4001:811::2003
2a00:1450:4001:829::2008
2a00:1450:4001:830::200e
2a00:1450:400c:c1d::9b
2a02:26f0:3500:10::210:a9a
2a02:26f0:ab00::214:8e70
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
34.107.254.219
34.117.110.211
34.214.84.46
54.147.27.151
76.223.9.105
93.184.221.165
018f194ee6561775260d0921fab8c7a6fd6840cdab3bd3c93b0e1e7fce2f0d9c
027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f
0ec782544506a0aea967ea044659c633e1ee735b79e5172cb263797cc5cefe3a
10261b710e399a8cee22c8ff4118167d91ac58254f5bf0291036d2219dd5cf25
1a483429fbb599e5abcea263ac94b360ea639c92e6fd8e45bff5b9e0d8ebe49a
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
228d8e3efcde37de9193685d1f5aba49a0c508b3b14b83af774e7aae6bd44b42
2446f4a36e1108a8f44d26a37d5170776347fe9ed2e18b41add05e1c3a541a67
2aa4cad08cfb1709571cef69bbc567f0ad1f7ed6493054a0e8c370b6820afea1
2bf337e11d027346c14faeb335885e662cd33b7a00084a2feb6ee6c7a75143e8
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
37fb161fbb58847709f83d523a5d418386d13532ea12bd687a9a02c610096931
39adf9c297391d2383d659956cb61dd298e4a85213d3ea4147875c99d897d869
39e62d96f2cff8ca6014af56c4144294da8b2151675e4c1b006a3d90f330d073
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4dba9e54570483a0624219ec53864f468c9cbdf4f9c1f23821e539de7cb0c9fc
60886b458fce84b9bc0910297caec2cf1b3938afeecdadd347e8c53c76686736
6505c4e892a55c1279deb8357fbc9882d36d34b90c488100e808883eb72d5f88
658003edfddcde4ab589d70705d31ff4c6b50ab08e11c401c0f83debc633428c
670f77f11cb4c747f5de1affa5b53687cf7a20d1eaf99b0ef5c9c60858aefa55
6766b10d24a648138629fd47ebe70d6e2d85ed126de6155a4b383dda11b01f8a
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c83d141e62216b5d071e70ca3a4d683ed137d20cfadebd57dd7a85aa672545a
6d80d4648016aa87c91a3c59c2391183c31cfaed208e108d496eefdcce2d4271
6d8f8fd6de0b42e3acc7b2f3005c599e9f54d21355c3d6850a5c13daca10d5ad
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8
7083baa139d874c2a8aed5b6e647368b802d6d96f600a85b21bfa8f06c296ae6
7cdcdeb4eff86ff9f1ec0cc160cda0f30b6812b0dd172d30bc753edc84a71a66
7e892b2c7f1547822bed16792439e413eb1e7cdd9752dba0c1a63d6d71229587
7f73c5111f478ae4c00297113127acff4fdc680bf66fc4ded18b47d4a54eb3b7
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6
803454011f3f3889f5b603039fe1dca6776b942c365e6ee8a6e83a9226296dde
8ddf4549cca65f1946ad92bf7492c2ae61778d76994e8f32709557277ec9b5d6
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
98580249fc81ce8105deed4efdda798f21fdb0d189629ea9c122b6c2606e0a17
98dfeb1d061e8788b320a130a84723813efed0b2518921f30b40cc8a09bf8ecf
9d13f801bf9192a94b752549b663fe6843b243321f487a14d9b93b6e880d2424
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
abc19198829cc8c7be8cf47283e580ada038f787b05ce5791a405ec507f82af8
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b987245cc5d802ec15d04b1797d14a16f002aca05348c13f79d31ecedecad8ac
bf297933154d102803f89d843a50fd7a40ddc7eca9ea6aab4df012c2a71ad84f
c0e96c0f51eb10934d2022f7d30dbeaf05f748f85d32dfe71711f2dbb21621d8
c1caf7396ae952c33d52b9eeee6417f38af0daadf70bacbe43a18f3b27a268e5
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c6a27bc2053f89e6daa28bb8a958ac16eda74260ee75aeb1f53f4a410e894325
c78fab07d4ee469def66170220968c4e790992e5adc971a34edc7eabc695e79f
c923b93317300e5d189ef3938d3956fbe8b1640268ff7cbb7e0afb48386f1430
ca5d4bc6e2935b762dc1fddf1251ab7c29b990663ec168970a3148eabf49ee90
d2714df7747a8114a96372d68a1246208e3049e2f3805121e404f04ab943c508
d27c1604358c865da27b025f7ae38590eee76052d9e66d10eccd43f543f76356
d933a98657089095397ca6126d62e3a07c39e70f82b36f8cea002c0ba5bf1e2c
dbfeb010a0c8acddc38dea97e228787f16ac5e30b4af96b764fa2252fe3827e4
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dea7d93054c054d6908de184845b8db289207bb4928bbdd07d0ad8d52ec0708f
e286ced76cb03e955ddcdea650e8fa4894998c20ee9ac04621d55bde9ad7db07
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5cf68aed98d7e7abbca2769439cb7d24177a77e815e069c3e7eed652bac6351
eaa003d85cb77f94fcae98396e583ce01d0c375b57235402c884ef8a792b951e
ee3184f88b136b6ad521ec8d57fcf138b0c78172ee82e5d8773998bebac6486d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef404a48ea95162f5b17ad0cf9e7753fcccd0b6bf212f038828e6c00ca5b7a37
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fba31c2cd9699431dba47604216525f9bcc0cb1d5980fbae9b19c8b86454d2fc
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a