URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Submission: On May 13 via api from CH

Summary

This website contacted 47 IPs in 8 countries across 36 domains to perform 115 HTTP transactions. The main IP is 52.222.157.95, located in Seattle, United States and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is blog.alertlogic.com.
TLS certificate: Issued by Amazon on April 3rd 2019. Valid for: a year.
This is the only time blog.alertlogic.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 10 52.222.157.95 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
3 2606:4700::68... 13335 (CLOUDFLAR...)
9 2.18.232.23 16625 (AKAMAI-AS)
1 151.101.192.114 54113 (FASTLY)
10 52.222.157.188 16509 (AMAZON-02)
1 147.75.83.23 54825 (PACKET)
1 2606:2800:134... 15133 (EDGECAST)
2 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
1 3 2a00:1450:400... 15169 (GOOGLE)
1 3 52.209.176.49 16509 (AMAZON-02)
6 104.16.92.80 13335 (CLOUDFLAR...)
3 93.184.220.178 15133 (EDGECAST)
2 172.82.228.19 15224 (OMNITURE)
1 151.101.120.134 54113 (FASTLY)
2 2a00:1450:400... 15169 (GOOGLE)
1 35.190.5.192 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 147.75.83.1 54825 (PACKET)
4 2606:4700::68... 13335 (CLOUDFLAR...)
2 151.101.192.134 54113 (FASTLY)
2 151.101.120.157 54113 (FASTLY)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 52.222.157.191 16509 (AMAZON-02)
1 1 2606:2800:234... 15133 (EDGECAST)
1 34.95.105.148 15169 (GOOGLE)
2 184.31.84.223 20940 (AKAMAI-ASN1)
2 2620:1ec:c11:... 8068 (MICROSOFT...)
1 216.58.207.66 15169 (GOOGLE)
1 2a03:2880:f01... 32934 (FACEBOOK)
2 104.244.42.69 13414 (TWITTER)
6 3.208.35.11 14618 (AMAZON-AES)
2 3 2a05:f500:11:... 14413 (LINKEDIN)
1 1 2a05:f500:10:... 14413 (LINKEDIN)
2 104.244.42.195 13414 (TWITTER)
1 2a00:1450:400... 15169 (GOOGLE)
1 147.75.205.49 54825 (PACKET)
1 2a03:2880:f11... 32934 (FACEBOOK)
1 192.28.151.250 53580 (MARKETO)
2 209.197.3.15 20446 (HIGHWINDS3)
8 52.1.226.55 14618 (AMAZON-AES)
1 93.184.220.42 15133 (EDGECAST)
1 151.101.120.64 54113 (FASTLY)
1 52.20.5.219 14618 (AMAZON-AES)
1 52.54.19.237 14618 (AMAZON-AES)
1 52.200.38.55 14618 (AMAZON-AES)
115 47
Apex Domain
Subdomains
Transfer
21 alertlogic.com
blog.alertlogic.com
www.alertlogic.com
resources.alertlogic.com
781 KB
10 lookbookhq.com
app.cdn.lookbookhq.com
jukebox.lookbookhq.com
191 KB
9 adobedtm.com
assets.adobedtm.com
56 KB
7 evergage.com
alertlogic.evergage.com
10 KB
6 marketo.com
app-ab01.marketo.com
67 KB
6 gstatic.com
fonts.gstatic.com
75 KB
4 linkedin.com
px.ads.linkedin.com
www.linkedin.com
3 KB
4 disquscdn.com
c.disquscdn.com
208 KB
4 disqus.com
alert-logic.disqus.com
disqus.com
links.services.disqus.com
25 KB
3 twitter.com
platform.twitter.com
analytics.twitter.com
1 KB
3 bizible.com
cdn.bizible.com
33 KB
3 demdex.net
dpm.demdex.net
2 KB
3 hotjar.com
static.hotjar.com
script.hotjar.com
vars.hotjar.com
90 KB
3 cloudflare.com
cdnjs.cloudflare.com
92 KB
3 googleapis.com
ajax.googleapis.com
fonts.googleapis.com
9 KB
2 bootstrapcdn.com
maxcdn.bootstrapcdn.com
76 KB
2 t.co
t.co
609 B
2 bing.com
bat.bing.com
7 KB
2 marketo.net
munchkin.marketo.net
5 KB
2 ads-twitter.com
static.ads-twitter.com
4 KB
2 google.de
www.google.de
218 B
2 google.com
www.google.com
309 B
2 doubleclick.net
stats.g.doubleclick.net
googleads.g.doubleclick.net
1 KB
2 b0e8.com
cdn.b0e8.com
a.b0e8.com
21 KB
2 youtube.com
www.youtube.com
923 B
2 omtrdc.net
alertlogic.sc.omtrdc.net
1 KB
2 google-analytics.com
www.google-analytics.com
17 KB
1 bizibly.com
cdn.bizibly.com
381 B
1 mktoresp.com
023-pwj-200.mktoresp.com
623 B
1 facebook.com
www.facebook.com
245 B
1 ytimg.com
s.ytimg.com
8 KB
1 facebook.net
connect.facebook.net
2 KB
1 googleadservices.com
www.googleadservices.com
9 KB
1 licdn.com
snap.licdn.com
5 KB
1 twimg.com
pbs.twimg.com
2 KB
1 evgnet.com
cdn.evgnet.com
121 KB
115 36
Domain Requested by
16 blog.alertlogic.com 1 redirects blog.alertlogic.com
9 jukebox.lookbookhq.com app.cdn.lookbookhq.com
blog.alertlogic.com
cdn.bizible.com
9 assets.adobedtm.com blog.alertlogic.com
assets.adobedtm.com
7 alertlogic.evergage.com cdn.evgnet.com
cdn.bizible.com
6 app-ab01.marketo.com assets.adobedtm.com
app-ab01.marketo.com
6 fonts.gstatic.com cdnjs.cloudflare.com
blog.alertlogic.com
4 c.disquscdn.com alert-logic.disqus.com
4 www.alertlogic.com blog.alertlogic.com
3 px.ads.linkedin.com 2 redirects blog.alertlogic.com
3 cdn.bizible.com assets.adobedtm.com
blog.alertlogic.com
cdn.bizible.com
3 dpm.demdex.net 1 redirects blog.alertlogic.com
3 cdnjs.cloudflare.com blog.alertlogic.com
2 maxcdn.bootstrapcdn.com app.cdn.lookbookhq.com
blog.alertlogic.com
2 analytics.twitter.com static.ads-twitter.com
2 t.co blog.alertlogic.com
2 bat.bing.com assets.adobedtm.com
blog.alertlogic.com
2 munchkin.marketo.net assets.adobedtm.com
munchkin.marketo.net
2 static.ads-twitter.com blog.alertlogic.com
2 disqus.com alert-logic.disqus.com
2 www.google.de blog.alertlogic.com
2 www.google.com 1 redirects blog.alertlogic.com
2 www.youtube.com blog.alertlogic.com
assets.adobedtm.com
2 alertlogic.sc.omtrdc.net assets.adobedtm.com
blog.alertlogic.com
2 www.google-analytics.com 1 redirects blog.alertlogic.com
2 fonts.googleapis.com blog.alertlogic.com
app.cdn.lookbookhq.com
1 resources.alertlogic.com app.cdn.lookbookhq.com
1 links.services.disqus.com cdn.bizible.com
1 cdn.bizibly.com blog.alertlogic.com
1 023-pwj-200.mktoresp.com munchkin.marketo.net
1 www.facebook.com blog.alertlogic.com
1 vars.hotjar.com static.hotjar.com
1 s.ytimg.com www.youtube.com
1 googleads.g.doubleclick.net www.googleadservices.com
1 www.linkedin.com 1 redirects
1 connect.facebook.net assets.adobedtm.com
1 www.googleadservices.com assets.adobedtm.com
1 a.b0e8.com blog.alertlogic.com
1 platform.twitter.com 1 redirects
1 app.cdn.lookbookhq.com blog.alertlogic.com
1 snap.licdn.com blog.alertlogic.com
1 script.hotjar.com static.hotjar.com
1 stats.g.doubleclick.net 1 redirects
1 cdn.b0e8.com blog.alertlogic.com
1 alert-logic.disqus.com blog.alertlogic.com
1 pbs.twimg.com blog.alertlogic.com
1 static.hotjar.com blog.alertlogic.com
1 cdn.evgnet.com blog.alertlogic.com
1 ajax.googleapis.com blog.alertlogic.com
115 48
Subject Issuer Validity Valid
www.alertlogic.com
Amazon
2019-04-03 -
2020-05-03
a year crt.sh
*.googleapis.com
Google Internet Authority G3
2019-04-16 -
2019-07-09
3 months crt.sh
ssl412106.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2019-03-02 -
2019-09-08
6 months crt.sh
assets.adobedtm.com
DigiCert SHA2 High Assurance Server CA
2019-03-04 -
2020-03-11
a year crt.sh
cdn.evergage.com
COMODO RSA Domain Validation Secure Server CA
2018-02-15 -
2020-02-15
2 years crt.sh
static.hotjar.com
Let's Encrypt Authority X3
2019-04-09 -
2019-07-08
3 months crt.sh
*.twimg.com
DigiCert SHA2 High Assurance Server CA
2018-11-19 -
2019-11-27
a year crt.sh
*.google.com
Google Internet Authority G3
2019-04-16 -
2019-07-09
3 months crt.sh
*.google-analytics.com
Google Internet Authority G3
2019-04-16 -
2019-07-09
3 months crt.sh
*.demdex.net
DigiCert SHA2 High Assurance Server CA
2018-01-09 -
2021-02-12
3 years crt.sh
app-ab01.marketo.com
CloudFlare Inc ECC CA-2
2019-02-22 -
2020-02-22
a year crt.sh
cdn.bizible.com
Go Daddy Secure Certificate Authority - G2
2019-03-14 -
2021-04-13
2 years crt.sh
*.sc.omtrdc.net
DigiCert SHA2 High Assurance Server CA
2019-04-23 -
2020-04-14
a year crt.sh
*.disqus.com
DigiCert SHA2 Secure Server CA
2018-03-28 -
2020-04-27
2 years crt.sh
*.bc0a.com
DigiCert SHA2 Secure Server CA
2018-12-19 -
2019-12-04
a year crt.sh
www.google.de
Google Internet Authority G3
2019-04-16 -
2019-07-09
3 months crt.sh
script.hotjar.com
Let's Encrypt Authority X3
2019-04-09 -
2019-07-08
3 months crt.sh
ssl565697.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2019-03-17 -
2019-09-23
6 months crt.sh
ads-twitter.com
DigiCert SHA2 High Assurance Server CA
2018-08-16 -
2019-08-21
a year crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA
2019-04-01 -
2021-05-07
2 years crt.sh
cdn.lookbookhq.com
Amazon
2019-01-03 -
2020-02-03
a year crt.sh
*.b0e8.com
DigiCert SHA2 Secure Server CA
2018-12-19 -
2020-01-03
a year crt.sh
*.marketo.net
DigiCert SHA2 Secure Server CA
2018-12-24 -
2020-03-24
a year crt.sh
www.bing.com
Microsoft IT TLS CA 5
2017-07-20 -
2019-07-10
2 years crt.sh
www.googleadservices.com
Google Internet Authority G3
2019-04-16 -
2019-07-09
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2019-04-22 -
2019-07-21
3 months crt.sh
t.co
DigiCert SHA2 High Assurance Server CA
2019-03-07 -
2020-03-07
a year crt.sh
evergage.com
COMODO RSA Domain Validation Secure Server CA
2017-11-14 -
2020-03-30
2 years crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA
2017-06-06 -
2019-06-11
2 years crt.sh
*.twitter.com
DigiCert SHA2 High Assurance Server CA
2019-01-28 -
2020-01-28
a year crt.sh
*.g.doubleclick.net
Google Internet Authority G3
2019-04-16 -
2019-07-09
3 months crt.sh
vars.hotjar.com
Let's Encrypt Authority X3
2019-04-09 -
2019-07-08
3 months crt.sh
*.mktoresp.com
GeoTrust RSA CA 2018
2018-02-05 -
2020-02-05
2 years crt.sh
www.google.com
Google Internet Authority G3
2019-04-16 -
2019-07-09
3 months crt.sh
*.bootstrapcdn.com
COMODO RSA Domain Validation Secure Server CA
2018-10-03 -
2019-10-12
a year crt.sh
*.lookbookhq.com
Amazon
2019-04-25 -
2020-05-25
a year crt.sh
s2.wac.edgecastcdn.net
DigiCert SHA2 Secure Server CA
2019-05-01 -
2020-11-18
2 years crt.sh
f.ssl.fastly.net
GlobalSign Organization Validation CA - SHA256 - G2
2018-08-30 -
2020-12-02
2 years crt.sh
resources.alertlogic.com
DigiCert SHA2 Secure Server CA
2019-01-30 -
2020-02-04
a year crt.sh

This page contains 7 frames:

Primary Page: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Frame ID: E9B1DD030606A03F4D07E975A24068E6
Requests: 110 HTTP requests in this frame

Frame: https://www.youtube.com/embed/8ANcX45zYUY
Frame ID: CFD4E092B6C46796122AAE890A142006
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=alert-logic&t_i=active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&t_u=https%3A%2F%2Fwww.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&t_d=Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware&t_t=Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware&s_o=default
Frame ID: 94C67BE40D33BC2A00A3A3C9E96AD8E6
Requests: 1 HTTP requests in this frame

Frame: https://app-ab01.marketo.com/index.php/form/XDFrame
Frame ID: 8541F0E6BE3176CDFD3B959634651A37
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-90f3a29ef7448451db5af955688970d7.html
Frame ID: 8EAE2C6EF8816629B2238715F3E8F560
Requests: 1 HTTP requests in this frame

Frame: https://jukebox.lookbookhq.com/cookie-iframe.html
Frame ID: B9301501CC5F139D8938DDE99C5E42B6
Requests: 1 HTTP requests in this frame

Frame: https://resources.alertlogic.com/cookie-iframe.html
Frame ID: 02E233EF136814236CD51E7CFF2AD8AA
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandc... HTTP 301
    http://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandc... HTTP 307
    https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandc... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Overall confidence: 100%
Detected patterns
  • env /^DISQUS/i

Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
  • env /^gaGlobal$/i

Overall confidence: 100%
Detected patterns
  • script /^\/\/static\.hotjar\.com\/c\/hotjar-/i

Overall confidence: 100%
Detected patterns
  • script /munchkin\.marketo\.net\/munchkin\.js/i
  • env /^Munchkin$/i

Overall confidence: 100%
Detected patterns
  • script /modernizr(?:-([\d.]*[\d]))?.*\.js/i
  • env /^Modernizr$/i

Overall confidence: 100%
Detected patterns
  • script /\/s[_-]code.*\.js/i
  • env /^s_(?:account|objectID|code|INST)$/i


Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Page Statistics

115
Requests

98 %
HTTPS

39 %
IPv6

36
Domains

48
Subdomains

47
IPs

8
Countries

1923 kB
Transfer

5126 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware HTTP 301
    http://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/ HTTP 307
    https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 26
  • https://dpm.demdex.net/id?d_visid_ver=1.8.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=2D2BFE14571E4A8E7F000101%40AdobeOrg&d_nsid=0&ts=1557755319828 HTTP 302
  • https://dpm.demdex.net/id/rd?d_visid_ver=1.8.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=2D2BFE14571E4A8E7F000101%40AdobeOrg&d_nsid=0&ts=1557755319828
Request Chain 43
  • https://www.google-analytics.com/r/collect?v=1&_v=j73&a=109447414&t=pageview&_s=1&dl=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&ul=en-us&de=UTF-8&dt=Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAEAB~&jid=339057884&gjid=1591775128&cid=45964737.1557755320&tid=UA-17359898-1&_gid=2129192191.1557755320&_r=1&cd1=%3C%3F%3D%24ip%3B%3F%3E&z=1199791793 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-17359898-1&cid=45964737.1557755320&jid=339057884&_gid=2129192191.1557755320&gjid=1591775128&_v=j73&z=1199791793 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-17359898-1&cid=45964737.1557755320&jid=339057884&_v=j73&z=1199791793 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-17359898-1&cid=45964737.1557755320&jid=339057884&_v=j73&z=1199791793&slf_rd=1&random=2022730435
Request Chain 55
  • https://platform.twitter.com/oct.js HTTP 301
  • https://static.ads-twitter.com/oct.js
Request Chain 79
  • https://px.ads.linkedin.com/collect/?time=1557755322366&pid=8957&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&fmt=js&s=1 HTTP 302
  • https://px.ads.linkedin.com/collect/?time=1557755322366&pid=8957&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&fmt=js&s=1&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1557755322366%26pid%3D8957%26url%3Dhttps%253A%252F%252Fblog.alertlogic.com%252Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%252F%26fmt%3Djs%26s%3D1%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect/?time=1557755322366&pid=8957&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&fmt=js&s=1&cookiesTest=true&liSync=true

115 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Redirect Chain
  • https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware
  • http://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
  • https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
97 KB
22 KB
Document
General
Full URL
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.95 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-95.fra53.r.cloudfront.net
Software
Apache /
Resource Hash
5e4539de7d3eabd693e7fcae0da2d3ae05dac60b0a3d78452f29e04d9fec951f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

Host
blog.alertlogic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Type
text/html; charset=UTF-8
Content-Length
21854
Connection
keep-alive
Cache-Control
public, max-age=900
Content-Encoding
gzip
Content-Security-Policy
frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Date
Mon, 13 May 2019 13:48:38 GMT
Server
Apache
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Frame-Options
allow-from https://resources.alertlogic.com https://www.alertlogic.com
Vary
Accept-Encoding,Accept-Encoding
X-Cache
Miss from cloudfront
Via
1.1 0c23bed0dc9f1c700b571cf55c540239.cloudfront.net (CloudFront)
X-Amz-Cf-Id
nNxZBvKss8to-Na-_BOBIDExxrZPB58UNi0_tm0esm9b01JMABaf7A==

Redirect headers

Location
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Non-Authoritative-Reason
HSTS
pheonix.css
blog.alertlogic.com/assets/css/
385 KB
77 KB
Stylesheet
General
Full URL
https://blog.alertlogic.com/assets/css/pheonix.css
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.95 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-95.fra53.r.cloudfront.net
Software
Apache /
Resource Hash
606fe67f66cae43dafd22616543240855633eb1e68050d64610b5958fb0747de
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Content-Encoding
gzip
Vary
Accept-Encoding,Accept-Encoding
Age
47
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Date
Mon, 13 May 2019 07:35:25 GMT
Connection
keep-alive
Last-Modified
Tue, 05 Feb 2019 15:46:38 GMT
Server
Apache
X-Frame-Options
allow-from https://resources.alertlogic.com https://www.alertlogic.com
ETag
"604f7-5812783c568a0"
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
text/css
Via
1.1 0c23bed0dc9f1c700b571cf55c540239.cloudfront.net (CloudFront)
Cache-Control
public, max-age=900
X-Amz-Cf-Id
KOOG7StUlRvdgPR5b89HF0bZHidGEJ9dX2dxu0TMkj-K6MlrcUjebA==
jquery-ui.min.css
ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/themes/smoothness/
29 KB
7 KB
Stylesheet
General
Full URL
https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/themes/smoothness/jquery-ui.min.css
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
8964f1fe20bd22829aa12283e7e59515e7fc658348810e00c55a4c6c1c368628
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 09 Mar 2019 04:04:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5651052
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
7320
x-xss-protection
1; mode=block
last-modified
Tue, 20 Dec 2016 18:17:03 GMT
server
sffe
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 08 Mar 2020 04:04:27 GMT
modernizr.min.js
cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/
11 KB
4 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:c797 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:39 GMT
content-encoding
br
cf-cache-status
HIT
status
200
strict-transport-security
max-age=15780000; includeSubDomains
timing-allow-origin
*
last-modified
Thu, 17 May 2018 09:24:28 GMT
server
cloudflare
etag
W/"5afd4a4c-2b4c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Sat, 02 May 2020 13:48:39 GMT
cache-control
public, max-age=30672000
cf-ray
4d65175aed1896c2-FRA
served-in-seconds
0.001
satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js
assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/
105 KB
34 KB
Script
General
Full URL
https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8221c3f49ef546af3e8c05533a8e5fd532e7c192a8355064fcc93c9b3ce1c4df

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:39 GMT
content-encoding
gzip
last-modified
Thu, 14 Mar 2019 21:49:51 GMT
server
Apache
etag
"2212c755ee5acb4eb2b73f06413306ed:1552600191"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*, *
content-length
34848
expires
Mon, 13 May 2019 14:48:39 GMT
evergage.min.js
cdn.evgnet.com/beacon/alertlogic/engage/scripts/
455 KB
121 KB
Script
General
Full URL
https://cdn.evgnet.com/beacon/alertlogic/engage/scripts/evergage.min.js
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.114 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
13a2ec182fe7cd3a00d98057115584fd356265e484b08a3a18cf76ebb2714f36

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
zlbAFfZbvC0hId4be.zN4X3GTjHPwyGX
content-encoding
gzip
age
27
x-cache
HIT, HIT
status
200
date
Mon, 13 May 2019 13:48:39 GMT
x-amz-replication-status
COMPLETED
content-length
123317
x-amz-request-id
FFE0C20FC92F9E1F
x-amz-id-2
qHSkB5koF+Ja0IP93mbAsXPAK/gQDY8RrZpnRMSPtJcNVDLm0yaPssDT6yYkrLGRvbffYb6AGXA=
x-served-by
cache-iad2131-IAD, cache-hhn1531-HHN
x-amz-meta-evergage-sum
a16c06270bb13ded07dba71a3101e9871ee6c57b
last-modified
Sun, 12 May 2019 22:46:57 GMT
server
AmazonS3
x-timer
S1557755320.583647,VS0,VE100
etag
"087f4485ae6b929341d5a5a7259397f2"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
via
1.1 varnish, 1.1 varnish
cache-control
max-age=120
accept-ranges
bytes
timing-allow-origin
*
x-amz-meta-evergage-beacon-ver
12
x-cache-hits
1, 1
AL_w_tag.png
www.alertlogic.com/assets/img/
6 KB
7 KB
Image
General
Full URL
https://www.alertlogic.com/assets/img/AL_w_tag.png
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.188 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-188.fra53.r.cloudfront.net
Software
/
Resource Hash
f3aa62e151c19d02630f97da628b703469b53a5d5a9e8fa46cb111bc86dbfeed
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://blog.alertlogic.com https://blog.alertlogic.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options allow-from https://resources.alertlogic.com https://blog.alertlogic.com

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://blog.alertlogic.com https://blog.alertlogic.com
Via
1.1 c0486ca54d4ad5a3da496bc2b5f49cd2.cloudfront.net (CloudFront)
Last-Modified
Thu May 9 21:36:43 UTC 2019
Server
ETag
"187f-5835817033480"
X-Frame-Options
allow-from https://resources.alertlogic.com https://blog.alertlogic.com
X-Cache
Hit from cloudfront
Content-Type
image/png
Cache-Control
public, max-age=900
Date
Sun, 12 May 2019 08:36:01 GMT
Connection
keep-alive
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Length
6271
Accept-Ranges
bytes
X-Amz-Cf-Id
l5XgrzXGNvK86THwXm0NmNWQjqRgBahavHBg6gvWdcojwL6QYlWCbQ==
logo-alertlogic-a-bgimg.png
www.alertlogic.com/assets/img/
4 KB
5 KB
Image
General
Full URL
https://www.alertlogic.com/assets/img/logo-alertlogic-a-bgimg.png
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.188 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-188.fra53.r.cloudfront.net
Software
/
Resource Hash
347e4c3fa50e6f98a2a10fff78a4c732f09f53c0eb0b08a9df3213494d4ca043
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://blog.alertlogic.com https://blog.alertlogic.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options allow-from https://resources.alertlogic.com https://blog.alertlogic.com

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://blog.alertlogic.com https://blog.alertlogic.com
Via
1.1 bae3e24625567f5728a5caa96d6b7669.cloudfront.net (CloudFront)
Last-Modified
Thu May 9 21:36:43 UTC 2019
Server
ETag
"11d8-58358177d4680"
X-Frame-Options
allow-from https://resources.alertlogic.com https://blog.alertlogic.com
X-Cache
Hit from cloudfront
Content-Type
image/png
Cache-Control
public, max-age=900
Date
Sun, 12 May 2019 08:36:01 GMT
Connection
keep-alive
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Length
4568
Accept-Ranges
bytes
X-Amz-Cf-Id
OdqWlAS1o20qcRfOueyvp5V5sqhAjD0Gbii3qDfbjLceJQf6IFsKig==
370x270_CWR_GridImage.jpg
www.alertlogic.com/assets/critcal-watch-report/img/
23 KB
24 KB
Image
General
Full URL
https://www.alertlogic.com/assets/critcal-watch-report/img/370x270_CWR_GridImage.jpg
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.188 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-188.fra53.r.cloudfront.net
Software
/
Resource Hash
9ef8292dbcde1495ae58d7a796d655b861c97cae627bffb1b8505d5984c7eff9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://blog.alertlogic.com https://blog.alertlogic.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options allow-from https://resources.alertlogic.com https://blog.alertlogic.com

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://blog.alertlogic.com https://blog.alertlogic.com
Via
1.1 bae3e24625567f5728a5caa96d6b7669.cloudfront.net (CloudFront)
Last-Modified
Thu May 9 21:36:43 UTC 2019
Server
ETag
"5d8e-583581fc63f40"
X-Frame-Options
allow-from https://resources.alertlogic.com https://blog.alertlogic.com
X-Cache
Hit from cloudfront
Content-Type
image/jpeg
Cache-Control
public, max-age=900
Date
Sun, 12 May 2019 08:36:02 GMT
Connection
keep-alive
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Length
23950
Accept-Ranges
bytes
X-Amz-Cf-Id
lF3Puh1HG83_4nvmS3i5snyiHd9ytYDxz180rWnQt_Iapqz1M1lgZQ==
370x270_SIEMless_Threat_Management_short.jpg
www.alertlogic.com/assets/homepage/img/
29 KB
30 KB
Image
General
Full URL
https://www.alertlogic.com/assets/homepage/img/370x270_SIEMless_Threat_Management_short.jpg
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.188 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-188.fra53.r.cloudfront.net
Software
/
Resource Hash
79e4ebe446beb792f757e503371ae1e73ffca487abe6b2d38b228836dd6bbdf7
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://blog.alertlogic.com https://blog.alertlogic.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options allow-from https://resources.alertlogic.com https://blog.alertlogic.com

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://blog.alertlogic.com https://blog.alertlogic.com
Via
1.1 c0486ca54d4ad5a3da496bc2b5f49cd2.cloudfront.net (CloudFront)
Last-Modified
Thu May 2 21:05:57 UTC 2019
Server
ETag
"73b7-583581ea45480"
X-Frame-Options
allow-from https://resources.alertlogic.com https://blog.alertlogic.com
X-Cache
Hit from cloudfront
Content-Type
image/jpeg
Cache-Control
public, max-age=900
Date
Mon, 13 May 2019 13:48:39 GMT
Connection
keep-alive
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Length
29623
Accept-Ranges
bytes
X-Amz-Cf-Id
Ocm2mtGVAYwlQHoiIuEAKRDrG1vtE0k--evdPhFGDXueX-mzGA3nBQ==
GC1.png
blog.alertlogic.com/assets/blogs/img/
29 KB
30 KB
Image
General
Full URL
https://blog.alertlogic.com/assets/blogs/img/GC1.png
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.95 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-95.fra53.r.cloudfront.net
Software
Apache /
Resource Hash
d68bb7b5d396436b422fb7656ef916b888386d70aae9d10118ed07bf37d760e1
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Via
1.1 0c23bed0dc9f1c700b571cf55c540239.cloudfront.net (CloudFront)
Last-Modified
Tue, 23 Apr 2019 21:39:23 GMT
Server
Apache
ETag
"7325-587396b180c28"
X-Frame-Options
allow-from https://resources.alertlogic.com https://www.alertlogic.com
X-Cache
RefreshHit from cloudfront
Content-Type
image/png
Cache-Control
public, max-age=900
Date
Mon, 13 May 2019 08:15:40 GMT
Connection
keep-alive
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Length
29477
Accept-Ranges
bytes
X-Amz-Cf-Id
OOytjtOBIgVPIq6svDxB0oLejSKnpN7J46-cnW3RTnRZRgiUXhw2IQ==
GC2.png
blog.alertlogic.com/assets/blogs/img/
91 KB
92 KB
Image
General
Full URL
https://blog.alertlogic.com/assets/blogs/img/GC2.png
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.95 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-95.fra53.r.cloudfront.net
Software
Apache /
Resource Hash
b916baec833d0b279940c3c9dc0197cc8c78f552ef8853c4e51dd16202bca116
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Via
1.1 0c23bed0dc9f1c700b571cf55c540239.cloudfront.net (CloudFront)
Last-Modified
Tue, 23 Apr 2019 21:39:23 GMT
Server
Apache
ETag
"16bc5-587396b157030"
X-Frame-Options
allow-from https://resources.alertlogic.com https://www.alertlogic.com
X-Cache
RefreshHit from cloudfront
Content-Type
image/png
Cache-Control
public, max-age=900
Date
Sun, 05 May 2019 08:11:47 GMT
Connection
keep-alive
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Length
93125
Accept-Ranges
bytes
X-Amz-Cf-Id
77GdbgvH7YtCp3H2u1r5cd2Fq15YnJvK5yzBrLilbdYGbtQdCqs4vA==
GC3.png
blog.alertlogic.com/assets/blogs/img/
20 KB
20 KB
Image
General
Full URL
https://blog.alertlogic.com/assets/blogs/img/GC3.png
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.95 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-95.fra53.r.cloudfront.net
Software
Apache /
Resource Hash
c7e528d4f055f2880561bd856c5d208b563b8a0bf5842b337fd4ca11cf06d7ec
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Via
1.1 2f43d3215923fbce97b22ee733b0401f.cloudfront.net (CloudFront)
Last-Modified
Tue, 23 Apr 2019 21:39:22 GMT
Server
Apache
ETag
"4e30-587396b11ab58"
X-Frame-Options
allow-from https://resources.alertlogic.com https://www.alertlogic.com
X-Cache
RefreshHit from cloudfront
Content-Type
image/png
Cache-Control
public, max-age=900
Date
Mon, 13 May 2019 08:15:41 GMT
Connection
keep-alive
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Length
20016
Accept-Ranges
bytes
X-Amz-Cf-Id
vJmiIjxx_JYTi4lM_pOEG5AUiByDPsH0YYOYE_SsPkASxJYq1TCdZg==
GC4.png
blog.alertlogic.com/assets/blogs/img/
128 KB
129 KB
Image
General
Full URL
https://blog.alertlogic.com/assets/blogs/img/GC4.png
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.95 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-95.fra53.r.cloudfront.net
Software
Apache /
Resource Hash
2e4fff8d63f0306c6a9aa0563df042f03446141668b2a81e49418b8a64c3c3f4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Via
1.1 0c23bed0dc9f1c700b571cf55c540239.cloudfront.net (CloudFront)
Last-Modified
Tue, 23 Apr 2019 21:39:22 GMT
Server
Apache
ETag
"2014e-587396b0f22e8"
X-Frame-Options
allow-from https://resources.alertlogic.com https://www.alertlogic.com
X-Cache
RefreshHit from cloudfront
Content-Type
image/png
Cache-Control
public, max-age=900
Date
Mon, 13 May 2019 08:15:41 GMT
Connection
keep-alive
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Length
131406
Accept-Ranges
bytes
X-Amz-Cf-Id
Le5bz2RIAGyHwjPvnm4tDdSb_XNHcgWqKKczHnqodKhbgyuPZIBeXQ==
GC5.png
blog.alertlogic.com/assets/blogs/img/
38 KB
38 KB
Image
General
Full URL
https://blog.alertlogic.com/assets/blogs/img/GC5.png
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.188 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-188.fra53.r.cloudfront.net
Software
Apache /
Resource Hash
8bc3251047c963d11d510dc2a97f6a7c6bb5934eec528e5bb786314da2bcb4c0
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Via
1.1 c0486ca54d4ad5a3da496bc2b5f49cd2.cloudfront.net (CloudFront)
Last-Modified
Tue, 23 Apr 2019 21:39:22 GMT
Server
Apache
ETag
"9621-587396b0b3700"
X-Frame-Options
allow-from https://resources.alertlogic.com https://www.alertlogic.com
X-Cache
RefreshHit from cloudfront
Content-Type
image/png
Cache-Control
public, max-age=900
Date
Sun, 05 May 2019 08:11:49 GMT
Connection
keep-alive
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Length
38433
Accept-Ranges
bytes
X-Amz-Cf-Id
LwKI0bGH-y2Yi3OkKiooT5zVDYpVOYY_OV6BHMxVf1d1tU98ZWzX1w==
GC6.png
blog.alertlogic.com/assets/blogs/img/
8 KB
8 KB
Image
General
Full URL
https://blog.alertlogic.com/assets/blogs/img/GC6.png
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.188 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-188.fra53.r.cloudfront.net
Software
Apache /
Resource Hash
5cd1b9ee05ab05b7ff10c8169dbdad672013e98c4524127fc0f33f5759d70596
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Via
1.1 c0486ca54d4ad5a3da496bc2b5f49cd2.cloudfront.net (CloudFront)
Last-Modified
Tue, 23 Apr 2019 21:39:22 GMT
Server
Apache
ETag
"1e77-587396b087010"
X-Frame-Options
allow-from https://resources.alertlogic.com https://www.alertlogic.com
X-Cache
RefreshHit from cloudfront
Content-Type
image/png
Cache-Control
public, max-age=900
Date
Sun, 05 May 2019 08:11:49 GMT
Connection
keep-alive
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Length
7799
Accept-Ranges
bytes
X-Amz-Cf-Id
2v0AWFhc4K2zopc0fM1xl_yYmQbzRj0wnYN_Ra9wqdmYBIQJ-baaJg==
GC7.png
blog.alertlogic.com/assets/blogs/img/
28 KB
28 KB
Image
General
Full URL
https://blog.alertlogic.com/assets/blogs/img/GC7.png
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.188 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-188.fra53.r.cloudfront.net
Software
Apache /
Resource Hash
83a25b6da863419e47e0cd1cc2ccdfbe977341e9df76b5e108a0d77d89172f4d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Via
1.1 3283735112d0a322451d32ef038129c9.cloudfront.net (CloudFront)
Last-Modified
Tue, 23 Apr 2019 21:39:22 GMT
Server
Apache
ETag
"6e6e-587396b062a08"
X-Frame-Options
allow-from https://resources.alertlogic.com https://www.alertlogic.com
X-Cache
RefreshHit from cloudfront
Content-Type
image/png
Cache-Control
public, max-age=900
Date
Mon, 13 May 2019 08:15:41 GMT
Connection
keep-alive
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Length
28270
Accept-Ranges
bytes
X-Amz-Cf-Id
GUu2Mjr480Q1rAlB1kMA-ESeMJqrTYk-_lcYJjHTzktpafGB5VNsgw==
hotjar-228809.js
static.hotjar.com/c/
8 KB
2 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-228809.js?sv=5
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.83.23 Parsippany, United States, ASN54825 (PACKET - Packet Host, Inc., US),
Reverse DNS
pkt-ams-k1-21
Software
openresty /
Resource Hash
5794e64eb4637c615f2c54c13fca8e1d87d5c42f42ab14fa4bfece33d96da000
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript
section-io-tag
hotjar
age
249
status
200
access-control-max-age
600
section-io-cache
Hit
content-length
2132
x-cache-hit
1
server
openresty
x-frame-options
SAMEORIGIN
etag
W/8be2c0e10794826f988c32ce6eb8860d
vary
Accept-Encoding
section-io-origin-status
304
access-control-allow-origin
*
cache-control
max-age=60
section-io-origin-time-seconds
0.075
accept-ranges
bytes
section-io-id
12a8da4a027697ddd7ad16f8e4cbb7f9
/
blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
0
22 KB
Other
General
Full URL
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.188 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-188.fra53.r.cloudfront.net
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

Purpose
prefetch
Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Content-Encoding
gzip
Vary
Accept-Encoding,Accept-Encoding
Server
Apache
Age
1
Date
Mon, 13 May 2019 13:48:38 GMT
X-Frame-Options
allow-from https://resources.alertlogic.com https://www.alertlogic.com
X-Cache
Hit from cloudfront
Content-Type
text/html; charset=UTF-8
Via
1.1 c40ee2288a7db28fefd61c3f2ec7ccd7.cloudfront.net (CloudFront)
Cache-Control
public, max-age=900
Connection
keep-alive
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Length
21854
X-Amz-Cf-Id
INLjEe-WZYhg1qMfM4hkHwcF9nLOvPAZTEqxuSAcw0pDDcPDDUheow==
A-de5l6H_normal.jpg
pbs.twimg.com/profile_images/836632592292036608/
2 KB
2 KB
Image
General
Full URL
https://pbs.twimg.com/profile_images/836632592292036608/A-de5l6H_normal.jpg
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40EA) /
Resource Hash
e367786278723e60fe5c4692b30f2435c45f305876b06888ba832c27aa145db1
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:40 GMT
x-content-type-options
nosniff
x-cache
HIT
status
200
content-length
1731
x-response-time
143
surrogate-key
profile_images profile_images/bucket/8 profile_images/836632592292036608
last-modified
Tue, 28 Feb 2017 17:40:08 GMT
server
ECS (fcn/40EA)
strict-transport-security
max-age=631138519
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
d2e150c0c48d12a5ce28c9f593cd0ee7
accept-ranges
bytes
logo-alertlogic-white.png
blog.alertlogic.com/assets/img/
3 KB
4 KB
Image
General
Full URL
https://blog.alertlogic.com/assets/img/logo-alertlogic-white.png
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.188 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-188.fra53.r.cloudfront.net
Software
Apache /
Resource Hash
d4631de95e8413346dedfde1266d66e35294fbd88f0b675d7637f007a71b01ae
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Via
1.1 c40ee2288a7db28fefd61c3f2ec7ccd7.cloudfront.net (CloudFront)
Age
44
X-Cache
Hit from cloudfront
Date
Mon, 13 May 2019 08:13:45 GMT
Connection
keep-alive
Content-Length
3215
Last-Modified
Tue, 29 Mar 2016 17:18:28 GMT
Server
Apache
ETag
"c8f-52f3337c3bfb9"
X-Frame-Options
allow-from https://resources.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
image/png
Cache-Control
public, max-age=900
Accept-Ranges
bytes
X-Amz-Cf-Id
ijGDopmOG-TsBmCa3fE21B8jPf_RrtH31jptjOw_YDYjRSKobguXWA==
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/
82 KB
28 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:c797 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:39 GMT
content-encoding
br
cf-cache-status
HIT
status
200
strict-transport-security
max-age=15780000; includeSubDomains
timing-allow-origin
*
last-modified
Thu, 17 May 2018 09:21:00 GMT
server
cloudflare
etag
W/"5afd497c-1499c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Sat, 02 May 2020 13:48:39 GMT
cache-control
public, max-age=30672000
cf-ray
4d65175bdecd96c2-FRA
served-in-seconds
0.027
jquery-ui.min.js
cdnjs.cloudflare.com/ajax/libs/jqueryui/1.11.4/
235 KB
60 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.11.4/jquery-ui.min.js
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:c797 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:39 GMT
content-encoding
br
cf-cache-status
HIT
status
200
strict-transport-security
max-age=15780000; includeSubDomains
timing-allow-origin
*
last-modified
Thu, 17 May 2018 09:21:00 GMT
server
cloudflare
etag
W/"5afd497c-3ab2b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Sat, 02 May 2020 13:48:39 GMT
cache-control
public, max-age=30672000
cf-ray
4d65175bded496c2-FRA
served-in-seconds
0.014
main_2018.js
blog.alertlogic.com/assets/js/
304 KB
69 KB
Script
General
Full URL
https://blog.alertlogic.com/assets/js/main_2018.js
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.95 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-95.fra53.r.cloudfront.net
Software
Apache /
Resource Hash
e97e1647b609849b4d781a2783a73e0d4fde0a1347856167657be0f613db70db
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Content-Encoding
gzip
Age
44
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Last-Modified
Wed, 14 Nov 2018 18:26:29 GMT
Server
Apache
X-Frame-Options
allow-from https://resources.alertlogic.com https://www.alertlogic.com
Date
Mon, 13 May 2019 07:35:25 GMT
Vary
Accept-Encoding,Accept-Encoding
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/javascript
Via
1.1 0c23bed0dc9f1c700b571cf55c540239.cloudfront.net (CloudFront)
Cache-Control
public, max-age=900
X-Amz-Cf-Id
CRQQBWoPlUMFd2OknC-iyVX9Sqytx-1sskOqD56DgwUnSGdbtV7oOA==
css
fonts.googleapis.com/
39 KB
2 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Oswald:400,300,700|Lato:100,300,400,700|Source+Sans+Pro:200,200i,300,300i,400,400i,600,600i,700,700i,900,900i
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
093e8ad6879175a558add8c94d0074d1b87d10e29f90ad58f45ec8fb26140832
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Mon, 13 May 2019 13:48:39 GMT
server
ESF
access-control-allow-origin
*
date
Mon, 13 May 2019 13:48:39 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
0
expires
Mon, 13 May 2019 13:48:39 GMT
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7lujVj9w.woff2
fonts.gstatic.com/s/sourcesanspro/v12/
13 KB
13 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v12/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7lujVj9w.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
ecf76895be1cf9e8b3edb254030e9c9c1d8f3c2efc1f9dc7e04ceff29eccae9c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Oswald:400,300,700|Lato:100,300,400,700|Source+Sans+Pro:200,200i,300,300i,400,400i,600,600i,700,700i,900,900i
Origin
https://blog.alertlogic.com

Response headers

date
Mon, 25 Mar 2019 20:20:14 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Mar 2019 20:11:07 GMT
server
sffe
age
4210105
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
13324
x-xss-protection
1; mode=block
expires
Tue, 24 Mar 2020 20:20:14 GMT
analytics.js
www.google-analytics.com/
43 KB
17 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 16 Jan 2019 20:01:45 GMT
server
Golfe2
age
969
date
Mon, 13 May 2019 13:32:31 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
17543
expires
Mon, 13 May 2019 15:32:31 GMT
rd
dpm.demdex.net/id/
Redirect Chain
  • https://dpm.demdex.net/id?d_visid_ver=1.8.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=2D2BFE14571E4A8E7F000101%40AdobeOrg&d_nsid=0&ts=1557755319828
  • https://dpm.demdex.net/id/rd?d_visid_ver=1.8.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=2D2BFE14571E4A8E7F000101%40AdobeOrg&d_nsid=0&ts=1557755319828
0
-1 B
XHR
General
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=1.8.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=2D2BFE14571E4A8E7F000101%40AdobeOrg&d_nsid=0&ts=1557755319828
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.209.176.49 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-209-176-49.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Location
https://dpm.demdex.net/id/rd?d_visid_ver=1.8.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=2D2BFE14571E4A8E7F000101%40AdobeOrg&d_nsid=0&ts=1557755319828
X-TID
resrynJxQws=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://blog.alertlogic.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Access-Control-Allow-Origin
https://blog.alertlogic.com
X-TID
resrynJxQws=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://dpm.demdex.net/id/rd?d_visid_ver=1.8.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=2D2BFE14571E4A8E7F000101%40AdobeOrg&d_nsid=0&ts=1557755319828
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
forms2.min.js
app-ab01.marketo.com/js/forms2/js/
169 KB
57 KB
Script
General
Full URL
https://app-ab01.marketo.com/js/forms2/js/forms2.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.92.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
26a9c8770bb5e7769425cb053b2be9c8ddfaebcd8cf2b5ae860620a94ff14690
Security Headers
Name Value
Strict-Transport-Security max-age=63113904
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Mon, 13 May 2019 13:48:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Wed, 17 Apr 2019 22:21:37 GMT
server
cloudflare
etag
"4e0a56-2a28a-586c14f12de40"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public, max-age=14400
strict-transport-security
max-age=63113904
cf-ray
4d65175e2adebf78-AMS
expires
Mon, 13 May 2019 17:48:40 GMT
bizible.js
cdn.bizible.com/scripts/
83 KB
32 KB
Script
General
Full URL
https://cdn.bizible.com/scripts/bizible.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40B4) / ASP.NET
Resource Hash
da7ebd42b410dec8e844022c3445e6367f49b0d68654e4012c05e5cdec6fff4e

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:40 GMT
content-encoding
gzip
last-modified
Sat, 11 May 2019 18:30:48 GMT
server
ECS (fcn/40B4)
x-powered-by
ASP.NET
etag
"17dd4da7278d51:0"
vary
Accept-Encoding
x-cache
HIT
content-type
application/x-javascript
status
200
accept-ranges
bytes
content-length
32318
rd
dpm.demdex.net/id/
219 B
974 B
XHR
General
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=1.8.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=2D2BFE14571E4A8E7F000101%40AdobeOrg&d_nsid=0&ts=1557755319828
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.209.176.49 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-209-176-49.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7af685358f2e8dc212e1b81de49ca10d3a43320e541786ab5a1f01538a4c31a2

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin
https://blog.alertlogic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-v028-005bc8de3.edge-irl1.demdex.com 5.52.1.20190424113352 4ms
Pragma
no-cache
X-TID
/zRI5ydNSgk=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://blog.alertlogic.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
219
Expires
Thu, 01 Jan 1970 00:00:00 GMT
id
alertlogic.sc.omtrdc.net/
3 B
484 B
XHR
General
Full URL
https://alertlogic.sc.omtrdc.net/id?d_visid_ver=1.8.0&d_fieldgroup=A&mcorgid=2D2BFE14571E4A8E7F000101%40AdobeOrg&mid=05387058788622762560680624713887368264&ts=1557755320127
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.82.228.19 , United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
*.sc.omtrdc.net
Software
Omniture DC/2.0.0 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin
https://blog.alertlogic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Date
Mon, 13 May 2019 13:48:40 GMT
X-Content-Type-Options
nosniff
Server
Omniture DC/2.0.0
xserver
www110
Vary
Origin
X-C
ms-6.6.0
P3P
CP="This is not a P3P policy"
Access-Control-Allow-Origin
https://blog.alertlogic.com
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/x-javascript
Content-Length
3
X-XSS-Protection
1; mode=block
6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu3cOWxw.woff2
fonts.gstatic.com/s/sourcesanspro/v12/
13 KB
13 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v12/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu3cOWxw.woff2
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
487f2e9da2ff0740755a5ef01dc15a2888b89537795895203a831b13b199d8bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Oswald:400,300,700|Lato:100,300,400,700|Source+Sans+Pro:200,200i,300,300i,400,400i,600,600i,700,700i,900,900i
Origin
https://blog.alertlogic.com

Response headers

date
Mon, 25 Mar 2019 20:20:14 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Mar 2019 20:11:49 GMT
server
sffe
age
4210106
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
12976
x-xss-protection
1; mode=block
expires
Tue, 24 Mar 2020 20:20:14 GMT
fa-light-300.woff2
blog.alertlogic.com/assets/webfonts/
65 KB
66 KB
Font
General
Full URL
https://blog.alertlogic.com/assets/webfonts/fa-light-300.woff2
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.95 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-95.fra53.r.cloudfront.net
Software
Apache /
Resource Hash
08c5812dd025af3149b80ecb972803b280476bebb5e9f02416e6f007a04de8b4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://blog.alertlogic.com/assets/css/pheonix.css
Origin
https://blog.alertlogic.com

Response headers

Content-Security-Policy
frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Via
1.1 0c23bed0dc9f1c700b571cf55c540239.cloudfront.net (CloudFront)
Connection
keep-alive
Last-Modified
Mon, 04 Jun 2018 16:42:51 GMT
Server
Apache
Age
44
ETag
"10540-56dd39fe4d922"
X-Frame-Options
allow-from https://resources.alertlogic.com https://www.alertlogic.com
X-Cache
Hit from cloudfront
Cache-Control
public, max-age=900
Date
Mon, 13 May 2019 08:13:45 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Accept-Ranges
bytes
Content-Length
66880
X-Amz-Cf-Id
NPHqMD4Hp8ZM8QpQJnIWTwWK2Mia5l365p6Oa6ttZQMiT4CoXe5qmA==
S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v15/
14 KB
14 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lato/v15/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Oswald:400,300,700|Lato:100,300,400,700|Source+Sans+Pro:200,200i,300,300i,400,400i,600,600i,700,700i,900,900i
Origin
https://blog.alertlogic.com

Response headers

date
Mon, 25 Mar 2019 20:19:39 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Mar 2019 20:12:18 GMT
server
sffe
age
4210141
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
14176
x-xss-protection
1; mode=block
expires
Tue, 24 Mar 2020 20:19:39 GMT
fa-solid-900.woff2
blog.alertlogic.com/assets/webfonts/
52 KB
53 KB
Font
General
Full URL
https://blog.alertlogic.com/assets/webfonts/fa-solid-900.woff2
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.95 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-95.fra53.r.cloudfront.net
Software
Apache /
Resource Hash
556213d68f2f3386a34135c07ea432d252682ac7deecc5eb9c9c23a194e83415
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://blog.alertlogic.com/assets/css/pheonix.css
Origin
https://blog.alertlogic.com

Response headers

Content-Security-Policy
frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Via
1.1 0c23bed0dc9f1c700b571cf55c540239.cloudfront.net (CloudFront)
Connection
keep-alive
Last-Modified
Mon, 04 Jun 2018 16:42:48 GMT
Server
Apache
Age
44
ETag
"d158-56dd39fb1a3e9"
X-Frame-Options
allow-from https://resources.alertlogic.com https://www.alertlogic.com
X-Cache
Hit from cloudfront
Cache-Control
public, max-age=900
Date
Mon, 13 May 2019 08:13:45 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Accept-Ranges
bytes
Content-Length
53592
X-Amz-Cf-Id
YFNRvKoZBoSWTCD1g5Yp90ybadyZEtSNHwUkb2OzxV1mpDKRUygRfw==
6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDJB9cme.woff2
fonts.gstatic.com/s/sourcesanspro/v12/
12 KB
12 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v12/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDJB9cme.woff2
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
7cc2c8a7bd96173ee2a862c122630ab8d45ad0676ad2ad60fc55307763782230
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Oswald:400,300,700|Lato:100,300,400,700|Source+Sans+Pro:200,200i,300,300i,400,400i,600,600i,700,700i,900,900i
Origin
https://blog.alertlogic.com

Response headers

date
Mon, 25 Mar 2019 20:20:14 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Mar 2019 20:12:23 GMT
server
sffe
age
4210106
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
12656
x-xss-protection
1; mode=block
expires
Tue, 24 Mar 2020 20:20:14 GMT
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v15/
14 KB
14 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lato/v15/S6uyw4BMUTPHjx4wXiWtFCc.woff2
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Oswald:400,300,700|Lato:100,300,400,700|Source+Sans+Pro:200,200i,300,300i,400,400i,600,600i,700,700i,900,900i
Origin
https://blog.alertlogic.com

Response headers

date
Mon, 25 Mar 2019 20:19:39 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Mar 2019 20:13:00 GMT
server
sffe
age
4210141
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
14044
x-xss-protection
1; mode=block
expires
Tue, 24 Mar 2020 20:19:39 GMT
embed.js
alert-logic.disqus.com/
64 KB
22 KB
Script
General
Full URL
https://alert-logic.disqus.com/embed.js
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.120.134 Paris, France, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
openresty /
Resource Hash
1c44d68dd84c16286df3470563d6aad51a4566d1ca84e1ad5d626d2065ffd004
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 13 May 2019 13:48:40 GMT
Content-Encoding
gzip
Server
openresty
Age
0
Vary
Accept-Encoding
Strict-Transport-Security
max-age=300; includeSubdomains
Content-Type
application/javascript; charset=utf-8
Cache-Control
private, max-age=60
X-Service
router
Connection
keep-alive
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
21599
getForm
app-ab01.marketo.com/index.php/form/
5 KB
2 KB
Script
General
Full URL
https://app-ab01.marketo.com/index.php/form/getForm?munchkinId=239-ZBX-439&form=2076&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&callback=jQuery112400975260695515443_1557755320146&_=1557755320147
Requested by
Host: app-ab01.marketo.com
URL: https://app-ab01.marketo.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.92.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6b8599bc83dec5a12502c5816717ab13d9ee21b875de116637dab7e0e53e0044
Security Headers
Name Value
Strict-Transport-Security max-age=63113904
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63113904
content-type
application/javascript; charset=utf-8
status
200
cf-ray
4d65175fcccfbf78-AMS
8ANcX45zYUY
www.youtube.com/embed/ Frame CFD4
0
0
Document
General
Full URL
https://www.youtube.com/embed/8ANcX45zYUY
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
YouTube Frontend Proxy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.youtube.com
:scheme
https
:path
/embed/8ANcX45zYUY
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Response headers

status
200
content-type
text/html; charset=utf-8
x-content-type-options
nosniff
cache-control
no-cache
expires
Tue, 27 Apr 1971 19:44:06 EST
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
strict-transport-security
max-age=31536000
content-encoding
br
date
Mon, 13 May 2019 13:48:40 GMT
server
YouTube Frontend Proxy
x-xss-protection
0
set-cookie
VISITOR_INFO1_LIVE=qfoovZkzyQE; path=/; domain=.youtube.com; expires=Sat, 09-Nov-2019 13:48:40 GMT; httponly YSC=fEcH_WfHbAI; path=/; domain=.youtube.com; httponly GPS=1; path=/; domain=.youtube.com; expires=Mon, 13-May-2019 14:18:40 GMT VISITOR_INFO1_LIVE=qfoovZkzyQE; path=/; domain=.youtube.com; expires=Sat, 09-Nov-2019 13:48:40 GMT; httponly PREF=f1=50000000; path=/; domain=.youtube.com; expires=Sun, 12-Jan-2020 01:41:40 GMT
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
fa-brands-400.woff2
blog.alertlogic.com/assets/webfonts/
53 KB
54 KB
Font
General
Full URL
https://blog.alertlogic.com/assets/webfonts/fa-brands-400.woff2
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.188 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-188.fra53.r.cloudfront.net
Software
Apache /
Resource Hash
9a840cbc1851e412ca570bde62526c4cbecde684da1c79e9ef8debd83ab15869
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options allow-from https://resources.alertlogic.com https://www.alertlogic.com

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://blog.alertlogic.com/assets/css/pheonix.css
Origin
https://blog.alertlogic.com

Response headers

Content-Security-Policy
frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Via
1.1 c40ee2288a7db28fefd61c3f2ec7ccd7.cloudfront.net (CloudFront)
Connection
keep-alive
Last-Modified
Mon, 04 Jun 2018 16:42:53 GMT
Server
Apache
Age
44
ETag
"d4d0-56dd39ffe6bee"
X-Frame-Options
allow-from https://resources.alertlogic.com https://www.alertlogic.com
X-Cache
Hit from cloudfront
Cache-Control
public, max-age=900
Date
Mon, 13 May 2019 08:13:45 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Accept-Ranges
bytes
Content-Length
54480
X-Amz-Cf-Id
FkQF9NKcT6iQHtxWXjycO7Rw-TuXS7YyCSBskfynM6HbvpnCDZ0ctg==
TK3iWkUHHAIjg752GT8Gl-1PKw.woff2
fonts.gstatic.com/s/oswald/v17/
9 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/oswald/v17/TK3iWkUHHAIjg752GT8Gl-1PKw.woff2
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
c7bdbbdc5796065794e3ffcfdd995fd7a43c618e3a56707e133f72f5ca57cd1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Oswald:400,300,700|Lato:100,300,400,700|Source+Sans+Pro:200,200i,300,300i,400,400i,600,600i,700,700i,900,900i
Origin
https://blog.alertlogic.com

Response headers

date
Wed, 27 Mar 2019 21:02:54 GMT
x-content-type-options
nosniff
last-modified
Wed, 27 Mar 2019 20:57:24 GMT
server
sffe
age
4034746
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
9380
x-xss-protection
1; mode=block
expires
Thu, 26 Mar 2020 21:02:54 GMT
conv_v3.js
cdn.b0e8.com/
65 KB
21 KB
Script
General
Full URL
https://cdn.b0e8.com/conv_v3.js
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.190.5.192 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
192.5.190.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
1cdc48e451e5acc23a10a350583be260114164838184afe59bb497fcf4c1df5a

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:21:47 GMT
content-encoding
gzip
age
1613
status
200
x-guploader-uploadid
AEnB2Uoyw499rHYi7-whJ__94oOM8h29ePoNXSb9VAgDo8R3C9Si6SpOUpDiwMRi6OIWrM8r32eX2WXLDUGmzE0Dqu0PLgk00A
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
20750
last-modified
Wed, 24 Apr 2019 01:58:58 GMT
server
UploadServer
etag
"88f171057eda66a17a2e12572bedac56"
vary
Accept-Encoding
x-goog-hash
crc32c=DbOzfA==, md5=iPFxBX7aZqF6LhJXK+2sVg==
content-language
en
access-control-allow-origin
*
x-goog-generation
1556071138720083
access-control-expose-headers
Content-Type
cache-control
public, max-age=3600
x-goog-stored-content-length
20750
accept-ranges
bytes
content-type
application/javascript
expires
Mon, 13 May 2019 14:21:47 GMT
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j73&a=109447414&t=pageview&_s=1&dl=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandc...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-17359898-1&cid=45964737.1557755320&jid=339057884&_gid=2129192191.1557755320&gjid=1591775128&_v=j73&z=1199791793
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-17359898-1&cid=45964737.1557755320&jid=339057884&_v=j73&z=1199791793
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-17359898-1&cid=45964737.1557755320&jid=339057884&_v=j73&z=1199791793&slf_rd=1&random=2022730435
42 B
109 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-17359898-1&cid=45964737.1557755320&jid=339057884&_v=j73&z=1199791793&slf_rd=1&random=2022730435
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 13 May 2019 13:48:40 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 13 May 2019 13:48:40 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-17359898-1&cid=45964737.1557755320&jid=339057884&_v=j73&z=1199791793&slf_rd=1&random=2022730435
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
cache-control
no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
getForm
app-ab01.marketo.com/index.php/form/
23 KB
5 KB
Script
General
Full URL
https://app-ab01.marketo.com/index.php/form/getForm?munchkinId=239-ZBX-439&form=5912&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&callback=jQuery112400975260695515443_1557755320148&_=1557755320149
Requested by
Host: app-ab01.marketo.com
URL: https://app-ab01.marketo.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.92.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f516eadee40e7fa3bdda16aedc2c81317707f7f3e9b2c0da2d5dbffa37134dde
Security Headers
Name Value
Strict-Transport-Security max-age=63113904
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63113904
content-type
application/javascript; charset=utf-8
status
200
cf-ray
4d651760ddedbf78-AMS
modules.b96cdca1089acb51b296.js
script.hotjar.com/
421 KB
88 KB
Script
General
Full URL
https://script.hotjar.com/modules.b96cdca1089acb51b296.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-228809.js?sv=5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.83.1 Parsippany, United States, ASN54825 (PACKET - Packet Host, Inc., US),
Reverse DNS
pkt-ams-k1-23
Software
/
Resource Hash
784d0575ef04658ca6fcdbb16911de996de10c0aa137ec8511996bd8f0c6389c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 13 May 2019 13:02:30 GMT
access-control-allow-origin
*
etag
W/"c50e5cf7fba63929f43c21e5751060ee"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=31536000
section-io-origin-time-seconds
0.048
section-io-origin-status
200
accept-ranges
bytes
section-io-id
8d407dab9e2dd3db98b3bcd6c06e55a6
content-length
89203
forms2.css
app-ab01.marketo.com/js/forms2/css/
13 KB
3 KB
Stylesheet
General
Full URL
https://app-ab01.marketo.com/js/forms2/css/forms2.css
Requested by
Host: app-ab01.marketo.com
URL: https://app-ab01.marketo.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.92.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
397d07fbfb19b6ac538d7b8bcdf5ebf7be881c9f9ad3982278d9d4f3a02c160b
Security Headers
Name Value
Strict-Transport-Security max-age=63113904
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
status
200
strict-transport-security
max-age=63113904
content-length
2610
last-modified
Wed, 17 Apr 2019 22:21:37 GMT
server
cloudflare
etag
"4e0a96-33f8-586c14f12de40"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
4d651763b965bf78-AMS
expires
Mon, 13 May 2019 17:48:40 GMT
forms2-theme-plain.css
app-ab01.marketo.com/js/forms2/css/
828 B
333 B
Stylesheet
General
Full URL
https://app-ab01.marketo.com/js/forms2/css/forms2-theme-plain.css
Requested by
Host: app-ab01.marketo.com
URL: https://app-ab01.marketo.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.92.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa
Security Headers
Name Value
Strict-Transport-Security max-age=63113904
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
status
200
strict-transport-security
max-age=63113904
content-length
246
last-modified
Wed, 17 Apr 2019 22:21:37 GMT
server
cloudflare
etag
"60d52-33c-586c14f12de40"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
4d651763b966bf78-AMS
expires
Mon, 13 May 2019 17:48:40 GMT
lounge.694ea7181ea49f1ce306dfc00c532f53.css
c.disquscdn.com/next/embed/styles/
104 KB
19 KB
Stylesheet
General
Full URL
https://c.disquscdn.com/next/embed/styles/lounge.694ea7181ea49f1ce306dfc00c532f53.css
Requested by
Host: alert-logic.disqus.com
URL: https://alert-logic.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4ea6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b73336a70c8e2b73cd8e349c54db26910f6f1c51be47806790252b72587ebf24
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
cf-ray
4d6517646fb7bf0a-FRA
status
200
vary
Accept-Encoding
content-length
19687
x-xss-protection
1; mode=block
last-modified
Tue, 09 Apr 2019 22:19:57 GMT
server
cloudflare
etag
"5cad1a8d-4ce7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300; includeSubdomains
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 08 Apr 2020 22:26:48 GMT
common.bundle.2b6bb3725200b8d992a8cb9c288952d3.js
c.disquscdn.com/next/embed/
243 KB
81 KB
Script
General
Full URL
https://c.disquscdn.com/next/embed/common.bundle.2b6bb3725200b8d992a8cb9c288952d3.js
Requested by
Host: alert-logic.disqus.com
URL: https://alert-logic.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4ea6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e73035342ef69a696cf2e1ddda0c23b03e39d415307cfed23c75e8899e38f4be
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
cf-ray
4d6517646fb9bf0a-FRA
status
200
vary
Accept-Encoding
content-length
82964
x-xss-protection
1; mode=block
last-modified
Fri, 12 Apr 2019 18:37:48 GMT
server
cloudflare
etag
"5cb0dafc-14414"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300; includeSubdomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 11 Apr 2020 19:58:23 GMT
lounge.bundle.e04d6946f2fad54035486025e9a4979a.js
c.disquscdn.com/next/embed/
392 KB
101 KB
Script
General
Full URL
https://c.disquscdn.com/next/embed/lounge.bundle.e04d6946f2fad54035486025e9a4979a.js
Requested by
Host: alert-logic.disqus.com
URL: https://alert-logic.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4ea6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
bcc326a932512b85b357a85eff7a4d53ba307b8f98dda12d03e5f093d35f1fc3
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
cf-ray
4d6517647fbcbf0a-FRA
status
200
vary
Accept-Encoding
content-length
103289
x-xss-protection
1; mode=block
last-modified
Fri, 19 Apr 2019 23:05:14 GMT
server
cloudflare
etag
"5cba542a-19379"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300; includeSubdomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 21 Apr 2020 21:54:29 GMT
config.js
disqus.com/next/
5 KB
3 KB
Script
General
Full URL
https://disqus.com/next/config.js
Requested by
Host: alert-logic.disqus.com
URL: https://alert-logic.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
44e763c06fc465b461a26b4aea5306f0d6bac8d1e5c1f512e951bf101e935ef8
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 13 May 2019 13:48:41 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
33
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection
keep-alive
Content-Length
2158
X-XSS-Protection
1; mode=block
Server
nginx
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Strict-Transport-Security
max-age=300; includeSubdomains
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Timing-Allow-Origin
*
uwt.js
static.ads-twitter.com/
5 KB
2 KB
Script
General
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.120.157 Paris, France, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:41 GMT
content-encoding
gzip
age
78055
x-cache
HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200
content-length
1954
x-served-by
cache-cdg20783-CDG
last-modified
Tue, 23 Jan 2018 19:05:33 GMT
x-timer
S1557755321.244548,VS0,VE0
etag
"b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary
Accept-Encoding,Host
content-type
application/javascript; charset=utf-8
via
1.1 varnish
cache-control
no-cache
accept-ranges
bytes
insight.min.js
snap.licdn.com/li.lms-analytics/
15 KB
5 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:296::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 13 May 2019 13:48:41 GMT
Content-Encoding
gzip
Last-Modified
Mon, 03 Dec 2018 23:03:30 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=53706
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4571
jukebox.js
app.cdn.lookbookhq.com/production/jukebox/current/
761 KB
188 KB
Script
General
Full URL
https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.157.191 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-157-191.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d7d9d11f05f1629d699d61f50665fea7a3ba83b6ce14bbd47f6c839c581bc2c7

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
null
content-encoding
gzip
last-modified
Wed, 01 May 2019 00:52:51 GMT
server
AmazonS3
age
34432
date
Mon, 13 May 2019 05:19:20 GMT
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
status
200
x-amz-cf-id
Dbdlv95aL7_thXIaqISWATO3-u0VWcZZXZdxOGSGx4lkqhKQ1Z8wAw==
via
1.1 65715c6e447bfc4ebcfb81f088c7e3f3.cloudfront.net (CloudFront)
oct.js
static.ads-twitter.com/
Redirect Chain
  • https://platform.twitter.com/oct.js
  • https://static.ads-twitter.com/oct.js
5 KB
2 KB
Script
General
Full URL
https://static.ads-twitter.com/oct.js
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.120.157 Paris, France, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:41 GMT
content-encoding
gzip
age
80686
x-cache
HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200
content-length
1954
x-served-by
cache-cdg20783-CDG
last-modified
Tue, 23 Jan 2018 19:05:33 GMT
x-timer
S1557755321.399456,VS0,VE0
etag
"b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary
Accept-Encoding,Host
content-type
application/javascript; charset=utf-8
via
1.1 varnish
cache-control
no-cache
accept-ranges
bytes

Redirect headers

Access-Control-Allow-Origin
*
Date
Mon, 13 May 2019 13:48:41 GMT
Server
ECS (fcn/40FC)
Content-Length
0
Location
https://static.ads-twitter.com/oct.js
Access-Control-Allow-Methods
GET
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
satellite-574dbcd564746d6b9000b831.js
assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/
1 KB
690 B
Script
General
Full URL
https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/satellite-574dbcd564746d6b9000b831.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a71627b229a3d8bc6683b642f9a935697c58fc2814737f28dcc7ad9e1850fa42

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:41 GMT
content-encoding
gzip
last-modified
Thu, 14 Mar 2019 21:49:51 GMT
server
Apache
etag
"6557647bb78af336887c92e3e1440ec3:1552600191"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*, *
content-length
439
expires
Mon, 13 May 2019 14:48:41 GMT
satellite-5755b4f864746d251700cf7d.js
assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/
545 B
587 B
Script
General
Full URL
https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/satellite-5755b4f864746d251700cf7d.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
22f35f1e580566391809fff946156e10901faac6df9584e8a1427f8d3e6dcc33

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:41 GMT
content-encoding
gzip
last-modified
Thu, 14 Mar 2019 21:49:51 GMT
server
Apache
etag
"d29b96d7bd0c0bed29f85bbf8ded0120:1552600191"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*, *
content-length
336
expires
Mon, 13 May 2019 14:48:41 GMT
satellite-5755b4f864746d251700cf81.js
assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/
1 KB
618 B
Script
General
Full URL
https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/satellite-5755b4f864746d251700cf81.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
14f3b6819ef43c89752e13e38011994f18bf74ef99c92679243bbc30e3b1ed7e

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:41 GMT
content-encoding
gzip
last-modified
Thu, 14 Mar 2019 21:49:51 GMT
server
Apache
etag
"769e63bb320ed7c1a240875e91454d7e:1552600191"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*, *, *
content-length
349
expires
Mon, 13 May 2019 14:48:41 GMT
satellite-5786765d64746d0b190000bf.js
assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/
426 B
552 B
Script
General
Full URL
https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/satellite-5786765d64746d0b190000bf.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0f67efb1a352a2239f06b373e951655b99a8ea6530929247218bcee5f1358cf9

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:41 GMT
content-encoding
gzip
last-modified
Thu, 14 Mar 2019 21:49:51 GMT
server
Apache
etag
"7000a775fdb53c89cb61fc42fecbb4bb:1552600191"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*, *
content-length
302
expires
Mon, 13 May 2019 14:48:41 GMT
satellite-5757183d64746d6333002e60.js
assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/
310 B
449 B
Script
General
Full URL
https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/satellite-5757183d64746d6333002e60.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c93f3f4d498ca8a69597ebd2d6e07b5f3be531f924c1ee4abe39a0ca6d8bc071

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:41 GMT
content-encoding
gzip
last-modified
Thu, 14 Mar 2019 21:49:51 GMT
server
Apache
etag
"5bb5e362378a6dfb1db8af10a2f3bb1b:1552600191"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*, *
content-length
198
expires
Mon, 13 May 2019 14:48:41 GMT
satellite-57e594e364746d36190149e3.js
assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/
10 KB
3 KB
Script
General
Full URL
https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/satellite-57e594e364746d36190149e3.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6ac7b199f71de2f4ffad267887891a63377843226829fb1a02485668434284af

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:41 GMT
content-encoding
gzip
last-modified
Thu, 14 Mar 2019 21:49:51 GMT
server
Apache
etag
"4fba0b45dad31cae33b2ef23c83dfeea:1552600191"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*, *, *
content-length
2635
expires
Mon, 13 May 2019 14:48:41 GMT
satellite-5a3c0d6f64746d7c6f00e127.js
assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/
731 B
669 B
Script
General
Full URL
https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/satellite-5a3c0d6f64746d7c6f00e127.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8c99a2efb42f096f7628d2a67dc7bde4ba3ecd96f1f21a15b7e293135d06ecf8

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:41 GMT
content-encoding
gzip
last-modified
Thu, 14 Mar 2019 21:49:51 GMT
server
Apache
etag
"57a6b75fed4083758f42d2aaa9ad8a42:1552600191"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*, *, *
content-length
401
expires
Mon, 13 May 2019 14:48:41 GMT
s-code-contents-6ca4ae86ae1c90dcc634066533467ce4cb891326.js
assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/
40 KB
15 KB
Script
General
Full URL
https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/s-code-contents-6ca4ae86ae1c90dcc634066533467ce4cb891326.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e1b14fab01159f43f337ddbf24563382b9099558189106cef967084f9e94ff37

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:41 GMT
content-encoding
gzip
last-modified
Thu, 14 Mar 2019 21:49:51 GMT
server
Apache
etag
"a7afa196cb173cd3bc360ab1cc217e16:1552600191"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*, *
content-length
15470
expires
Mon, 13 May 2019 14:48:41 GMT
brightedge3.php
a.b0e8.com/
35 B
153 B
Image
General
Full URL
https://a.b0e8.com/brightedge3.php?id=f00000000145487&p_id=2N8R8PNNLLNNR2NRR4NL26N6RAAAAAAAAH&bf=04771c541b3ff8e8ff5601c99c2fbae3&url=https%3A//blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/&ref=&bn=1&bv=3.40&title=Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware&metadesc=Alert%20Logic%20security%20researchers%20share%20details%20of%20active%20exploit%20of%20Confluence%20vulnerability%20being%20used%20to%20spread%20Gandcrab%20ransomware.&metakeywords=&s_id=2N8R8PNNLLNNRN6N2A6L26N6RAAAAAAAAH
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.95.105.148 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
148.105.95.34.bc.googleusercontent.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:41 GMT
via
1.1 google
server
Apache/2.2.15 (CentOS)
content-type
image/gif
status
200
accept-ranges
bytes
alt-svc
clear
content-length
35
/
disqus.com/embed/comments/ Frame 94C6
0
0
Document
General
Full URL
https://disqus.com/embed/comments/?base=default&f=alert-logic&t_i=active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&t_u=https%3A%2F%2Fwww.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&t_d=Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware&t_t=Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware&s_o=default
Requested by
Host: alert-logic.disqus.com
URL: https://alert-logic.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://www.google.com/recaptcha/ https://disqus.com
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
disqus.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Response headers

Server
nginx
Content-Security-Policy
script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://www.google.com/recaptcha/ https://disqus.com
Link
<https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control
stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin
*
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Type
text/html; charset=utf-8
Last-Modified
Mon, 06 May 2019 20:25:49 GMT
ETag
W/"lounge:view:7376521622.910cf9891beaae71439b4917e8b70fcc.2"
Content-Encoding
gzip
Content-Length
3219
Date
Mon, 13 May 2019 13:48:42 GMT
Age
0
Connection
keep-alive
Vary
Accept-Encoding
Strict-Transport-Security
max-age=300; includeSubdomains
truncated
/
179 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
34c2659fd8cefa81566bb68fd35fb0e6a2e91d76d0bdc35dbe3ec9f7bd57c833

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Type
image/svg+xml
munchkin.js
munchkin.marketo.net/
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/satellite-5755b4f864746d251700cf81.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.31.84.223 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a184-31-84-223.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
66f7eaa7a45f696c332cd450771f4be48e110f6afbe1fe7b39c7a95518aeef76

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 13 May 2019 13:48:41 GMT
Content-Encoding
gzip
Last-Modified
Fri, 05 Apr 2019 02:53:44 GMT
Server
Apache
ETag
"54520320df20b526337717d6d28181fc:1554432824"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
752
bat.js
bat.bing.com/
22 KB
7 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/satellite-5786765d64746d0b190000bf.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
06768ff08a78f24b60973b047561141c4413864fa2d3ac9292fb0b217a81f917

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:41 GMT
content-encoding
gzip
last-modified
Fri, 08 Mar 2019 01:08:18 GMT
x-msedge-ref
Ref A: 514FA9B3965A46B6BD93E018F312CA08 Ref B: VIEEDGE0716 Ref C: 2019-05-13T13:48:41Z
access-control-allow-origin
*
etag
"0ed1a6a4bd5d41:0"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
7002
conversion_async.js
www.googleadservices.com/pagead/
23 KB
9 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
cafe /
Resource Hash
2c2b83b5a9f188b6f91fdb4db32a68cae12d7c15d62263ebd3e345429dab2ec5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length
8874
x-xss-protection
0
server
cafe
etag
3302323910089655626
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 13 May 2019 13:48:41 GMT
iframe_api
www.youtube.com/
859 B
923 B
Script
General
Full URL
https://www.youtube.com/iframe_api
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/satelliteLib-970ca04256ccf294d4790a04807d4a7ba75d01fd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
YouTube Frontend Proxy /
Resource Hash
12c0bc0ed4f34ad6251de0db7eb2db8f52cb37191482f98c1e9ac8f78dcfbdac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:41 GMT
x-content-type-options
nosniff
server
YouTube Frontend Proxy
content-type
application/javascript
status
200
cache-control
no-cache
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
859
x-xss-protection
0
expires
Tue, 27 Apr 1971 19:44:06 EST
s66254537554886
alertlogic.sc.omtrdc.net/b/ss/alogglobalprod/1/JS-1.7.0-D7QN/
43 B
592 B
Image
General
Full URL
https://alertlogic.sc.omtrdc.net/b/ss/alogglobalprod/1/JS-1.7.0-D7QN/s66254537554886?AQB=1&ndh=1&pf=1&t=13%2F4%2F2019%2013%3A48%3A42%201%200&D=D%3D&mid=05387058788622762560680624713887368264&aamlh=6&ce=UTF-8&pageName=blog%3Aactive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware&g=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&ch=blog%3Aactive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&v1=blog.alertlogic.com&c2=page%3Eview%3Eblog%3Aactive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware&v5=blog%3Aactive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware&v6=blog%3Aactive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware&v9=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&v16=desktop&v17=First%20Visit&v18=05387058788622762560680624713887368264&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.82.228.19 , United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
*.sc.omtrdc.net
Software
Omniture DC/2.0.0 /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 13 May 2019 13:48:42 GMT
X-Content-Type-Options
nosniff
X-C
ms-6.6.0
P3P
CP="This is not a P3P policy"
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
Pragma
no-cache
Last-Modified
Tue, 14 May 2019 13:48:42 GMT
Server
Omniture DC/2.0.0
xserver
www172
ETag
"3345254081667072000-4831519167092231048"
Vary
*
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Expires
Sun, 12 May 2019 13:48:42 GMT
fbds.js
connect.facebook.net/en_US/
4 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbds.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/3df907290fe2f7f77da1165ca1ee90c6b6614263/scripts/satellite-5755b4f864746d251700cf7d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
23c83e995754894b0f0477a6ece28341e1339eabac7dcce28b5162e758fa7f21
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
BSUU0RmGzH7InXWHRbG1WQ==
status
200
date
Mon, 13 May 2019 13:48:42 GMT
vary
Accept-Encoding
content-length
2118
x-fb-debug
SmvNL0sUsoLIWVIoqzLqrSEot3N6b9Y4WD0kKdaQayOqYxNYZ6tBYyBN+bDpkmlJRVCWl+1msniR8uikJ03gAQ==
x-fb-content-md5
064d3cc695befd5417adcc04a9c5c73d
etag
"2df71b80dcbd0e8a96c3e24b66afefed"
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin
*
expires
Mon, 13 May 2019 14:06:01 GMT
adsct
t.co/i/
43 B
485 B
Image
General
Full URL
https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nw5n7&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software
tsa_f /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
strict-transport-security
max-age=0
content-length
65
x-xss-protection
1; mode=block; report=https://twitter.com/i/xss_report
x-response-time
111
pragma
no-cache
last-modified
Mon, 13 May 2019 13:48:42 GMT
server
tsa_f
x-frame-options
SAMEORIGIN
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
4d15eba5ca57fcea760d391a1bca9be2
x-transaction
00cdd8a200eca2e5
expires
Tue, 31 Mar 1981 05:00:00 GMT
XDFrame
app-ab01.marketo.com/index.php/form/ Frame 8541
0
0
Document
General
Full URL
https://app-ab01.marketo.com/index.php/form/XDFrame
Requested by
Host: app-ab01.marketo.com
URL: https://app-ab01.marketo.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.92.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63113904
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
app-ab01.marketo.com
:scheme
https
:path
/index.php/form/XDFrame
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
accept-encoding
gzip, deflate, br
cookie
__cfduid=dd890019e1852ed5c695b5f35a732c13f1557755320
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Response headers

status
200
date
Mon, 13 May 2019 13:48:42 GMT
content-type
text/html; charset=utf-8
content-length
636
strict-transport-security
max-age=63113904
x-content-type-options
nosniff
vary
Accept-Encoding
content-encoding
gzip
set-cookie
BIGipServerab01web-nginx-app_https=!V/w6CKGIrTeLVtpybf/nLIVwOTHiDsWVFgULNeHz0smaauVQcPWmua6ztQEZyyr+h/z3/Nsytx+8Loc=;Path=/;Version=1;Secure;Httponly
accept-ranges
bytes
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
4d65176d2c18bf78-AMS
adsct
t.co/i/
43 B
124 B
Image
General
Full URL
https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nuosp&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software
tsa_f /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
strict-transport-security
max-age=0
content-length
65
x-xss-protection
1; mode=block; report=https://twitter.com/i/xss_report
x-response-time
113
pragma
no-cache
last-modified
Mon, 13 May 2019 13:48:42 GMT
server
tsa_f
x-frame-options
SAMEORIGIN
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
4d15eba5ca57fcea760d391a1bca9be2
x-transaction
0093ca0b00878fb0
expires
Tue, 31 Mar 1981 05:00:00 GMT
pr
alertlogic.evergage.com/
0
197 B
XHR
General
Full URL
https://alertlogic.evergage.com/pr?_r=433732
Requested by
Host: cdn.evgnet.com
URL: https://cdn.evgnet.com/beacon/alertlogic/engage/scripts/evergage.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.208.35.11 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-3-208-35-11.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin
https://blog.alertlogic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://blog.alertlogic.com
Date
Mon, 13 May 2019 13:48:42 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Timing-Allow-Origin
*
twreceiver
alertlogic.evergage.com/
12 KB
2 KB
XHR
General
Full URL
https://alertlogic.evergage.com/twreceiver?_r=936312
Requested by
Host: cdn.evgnet.com
URL: https://cdn.evgnet.com/beacon/alertlogic/engage/scripts/evergage.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.208.35.11 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-3-208-35-11.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
ad37683586e894a6ca168c01b8b60a11dd38409f5dfca297256533a0fecf88b9

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin
https://blog.alertlogic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date
Mon, 13 May 2019 13:48:42 GMT
Content-Encoding
gzip
Server
Apache-Coyote/1.1
Vary
Accept-Encoding
Content-Type
application/json;charset=UTF-8
Access-Control-Allow-Origin
https://blog.alertlogic.com
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
2251
ipv
cdn.bizible.com/m/
43 B
345 B
Image
General
Full URL
https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=44acd3ec545e437fe4f0e7b3d2351fe5&_biz_s=8c7969&_biz_l=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&_biz_t=1557755320620&_biz_i=%0A%09%09%20%20%20%20Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware%0A%09%09&_biz_n=0&rnd=34309&cdn_o=a&_biz_z=1557755322306
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/41A2) / ASP.NET
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 13 May 2019 13:48:42 GMT
x-aspnetmvc-version
4.0
last-modified
Sun, 12 May 2019 01:31:47 GMT
server
ECS (fcn/41A2)
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status
200
cache-control
no-cache, no-store
accept-ranges
bytes
content-type
Image/GIF
content-length
43
expires
-1
/
px.ads.linkedin.com/collect/
Redirect Chain
  • https://px.ads.linkedin.com/collect/?time=1557755322366&pid=8957&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2...
  • https://px.ads.linkedin.com/collect/?time=1557755322366&pid=8957&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1557755322366%26pid%3D8957%26url%3Dhttps%253A%252F%252Fblog.alertlogic.com%252Factive-exploitati...
  • https://px.ads.linkedin.com/collect/?time=1557755322366&pid=8957&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2...
0
112 B
Script
General
Full URL
https://px.ads.linkedin.com/collect/?time=1557755322366&pid=8957&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&fmt=js&s=1&cookiesTest=true&liSync=true
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:43 GMT
content-encoding
gzip
server
Play
vary
Accept-Encoding
x-li-fabric
prod-lor1
status
200
x-li-proto
http/2
x-li-pop
prod-tln1
content-type
application/javascript
content-length
20
x-li-uuid
65nRfTZCnhVgAm1+yyoAAA==

Redirect headers

date
Mon, 13 May 2019 13:48:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
302
x-li-pop
prod-efr5
content-length
20
x-li-uuid
BYAf4zRCnhXAk4zqJysAAA==
pragma
no-cache
server
Play
x-frame-options
sameorigin
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
vary
Accept-Encoding
strict-transport-security
max-age=2592000
x-li-fabric
prod-lor1
location
https://px.ads.linkedin.com/collect/?time=1557755322366&pid=8957&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&fmt=js&s=1&cookiesTest=true&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
content-security-policy
default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
adsct
analytics.twitter.com/i/
31 B
222 B
Script
General
Full URL
https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nw5n7&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F
Requested by
Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.195 , United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software
tsa_f /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
content-length
57
x-xss-protection
1; mode=block; report=https://twitter.com/i/xss_report
x-response-time
121
pragma
no-cache
last-modified
Mon, 13 May 2019 13:48:42 GMT
server
tsa_f
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
content-type
application/javascript;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
00ea6f5cacfa28453b93786c36955e10
x-transaction
0047759e00f9419e
expires
Tue, 31 Mar 1981 05:00:00 GMT
adsct
analytics.twitter.com/i/
31 B
673 B
Script
General
Full URL
https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nuosp&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F
Requested by
Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.195 , United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software
tsa_f /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
content-length
57
x-xss-protection
1; mode=block; report=https://twitter.com/i/xss_report
x-response-time
120
pragma
no-cache
last-modified
Mon, 13 May 2019 13:48:42 GMT
server
tsa_f
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
content-type
application/javascript;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
00ea6f5cacfa28453b93786c36955e10
x-transaction
001ab87300ad62b2
expires
Tue, 31 Mar 1981 05:00:00 GMT
munchkin.js
munchkin.marketo.net/155/
9 KB
4 KB
Script
General
Full URL
https://munchkin.marketo.net/155/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.31.84.223 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a184-31-84-223.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 13 May 2019 13:48:42 GMT
Content-Encoding
gzip
Last-Modified
Fri, 30 Nov 2018 03:18:20 GMT
Server
Apache
ETag
"c67dad42946949112916578f78706df8:1543547900"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
3923
Expires
Wed, 21 Aug 2019 13:48:42 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1017341980/
2 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1017341980/?random=1557755322389&cv=9&fst=1557755322389&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&tiba=Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
74b4666b9a295c6381eb45d8603b4b542d72c28dac1d128fd5dc4a22f4e0087d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 13 May 2019 13:48:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
text/javascript; charset=UTF-8
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
content-length
1025
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
www-widgetapi.js
s.ytimg.com/yts/jsbin/www-widgetapi-vflTZdOF2/
21 KB
8 KB
Script
General
Full URL
https://s.ytimg.com/yts/jsbin/www-widgetapi-vflTZdOF2/www-widgetapi.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/iframe_api
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
7c3eca218afc1869a365fac68fac54b1dd93d0531cc2abe49860d6e3db8983c6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 10 May 2019 10:59:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
269365
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
8035
x-xss-protection
0
last-modified
Wed, 08 May 2019 19:02:59 GMT
server
sffe
vary
Accept-Encoding, Origin
content-type
text/javascript
cache-control
public, max-age=691200
accept-ranges
bytes
timing-allow-origin
https://www.youtube.com
expires
Sat, 18 May 2019 10:59:17 GMT
0
bat.bing.com/action/
0
136 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=5284253&Ver=2&mid=872f85a7-9b93-86f7-1528-e1616b9bbb16&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware&p=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&r=&lt=5098&evt=pageLoad&msclkid=N&rn=234802
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
204
pragma
no-cache
date
Mon, 13 May 2019 13:48:41 GMT
cache-control
no-cache, must-revalidate
x-msedge-ref
Ref A: D7E76EB752374E7F99283887E1834BF7 Ref B: VIEEDGE0716 Ref C: 2019-05-13T13:48:42Z
access-control-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
box-90f3a29ef7448451db5af955688970d7.html
vars.hotjar.com/ Frame 8EAE
0
0
Document
General
Full URL
https://vars.hotjar.com/box-90f3a29ef7448451db5af955688970d7.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-228809.js?sv=5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.205.49 Chicago, United States, ASN54825 (PACKET - Packet Host, Inc., US),
Reverse DNS
pkt-ams-k1-26
Software
/
Resource Hash

Request headers

:method
GET
:authority
vars.hotjar.com
:scheme
https
:path
/box-90f3a29ef7448451db5af955688970d7.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Response headers

status
200
date
Mon, 13 May 2019 13:48:42 GMT
content-type
text/html
content-length
967
cache-control
max-age=31536000
last-modified
Tue, 30 Apr 2019 14:57:42 GMT
section-io-origin-status
200
section-io-origin-time-seconds
0.049
etag
W/"90f3a29ef7448451db5af955688970d7"
content-encoding
gzip
vary
Accept-Encoding
accept-ranges
bytes
section-io-id
94fcb223fdf0b75f992ec7e6f2377c6c
/
www.facebook.com/tr/
44 B
245 B
Image
General
Full URL
https://www.facebook.com/tr/?id=722360314547694&ev=PixelInitialized&dl=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&rl=&if=false&ts=1557755322591
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:42 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
content-length
44
expires
Mon, 13 May 2019 13:48:42 GMT
BizibleAcct.js
cdn.bizible.com/
375 B
600 B
Script
General
Full URL
https://cdn.bizible.com/BizibleAcct.js?_biz_u=44acd3ec545e437fe4f0e7b3d2351fe5&_biz_h=-1906410348&cdn_o=a&jsVer=4.18.12.07
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
400415a82322b1ea52106607b140a19d215536a0008550aa881a2cb976897bf7

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:41 GMT
content-encoding
gzip
x-aspnetmvc-version
4.0
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
etag
458C3D51
vary
Accept-Encoding
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status
200
cache-control
private, must-revalidate, max-age=21600
content-type
text/javascript; charset=utf-8
content-length
314
visitWebPage
023-pwj-200.mktoresp.com/webevents/
43 B
623 B
XHR
General
Full URL
https://023-pwj-200.mktoresp.com/webevents/visitWebPage?_mchNc=1557755322657&_mchCn=&_mchId=023-PWJ-200&_mchTk=_mch-alertlogic.com-1557755322656-64766&_mchHo=blog.alertlogic.com&_mchPo=&_mchRu=%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&_mchPc=https%3A&_mchVr=155&_mchHa=&_mchRe=&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/155/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.28.151.250 , United States, ASN53580 (MARKETO - MARKETO, Inc., US),
Reverse DNS
monitor-test-ab25.mktoresp.com
Software
Apache /
Resource Hash
cbbd42bb1d88693e6805bd9d676840424af5ecf3e13d874fd06e6b57d53d8d40
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin
https://blog.alertlogic.com

Response headers

Pragma
no-cache
Date
Mon, 13 May 2019 13:48:43 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 13 May 2019 08:48:43 -0500
Server
Apache
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
Keep-Alive
Content-Type
image/gif
Keep-Alive
timeout=5, max=100
Content-Length
43
Expires
-1
/
www.google.com/pagead/1p-user-list/1017341980/
42 B
118 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/1017341980/?random=1557755322389&cv=9&fst=1557752400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&tiba=Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware&async=1&fmt=3&cdct=2&is_vtc=1&random=3957946554&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 13 May 2019 13:48:42 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/1017341980/
42 B
109 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/1017341980/?random=1557755322389&cv=9&fst=1557752400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&tiba=Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware&async=1&fmt=3&cdct=2&is_vtc=1&random=3957946554&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 13 May 2019 13:48:42 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
045f32ca-e0c2-4d02-a4aa-6095e9eabc1f
https://blog.alertlogic.com/
2 KB
0
Stylesheet
General
Full URL
blob:https://blog.alertlogic.com/045f32ca-e0c2-4d02-a4aa-6095e9eabc1f
Requested by
Host: app.cdn.lookbookhq.com
URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7e6b64eaf0276ec4ba7ae04f80b5b825f89034a55e1196b200b1edcb06bda958

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Length
1794
Content-Type
text/css
50d558d0-ec6e-4db0-8c33-3b2d18a0728d
https://blog.alertlogic.com/
4 KB
0
Stylesheet
General
Full URL
blob:https://blog.alertlogic.com/50d558d0-ec6e-4db0-8c33-3b2d18a0728d
Requested by
Host: app.cdn.lookbookhq.com
URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5da6cab971320f684d11532a4dce04c6d30d7b473343fe0c1ae9e6eda1a5c2fc

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Length
3618
Content-Type
text/css
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/
28 KB
7 KB
Stylesheet
General
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css
Requested by
Host: app.cdn.lookbookhq.com
URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip0x00f.map2.ssl.hwcdn.net
Software
/
Resource Hash
b5d7707ea8fc00aae40bf500ac7498d7f32f6b1bbff7b4fde976a40345eb5f9d

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:43 GMT
content-encoding
gzip
last-modified
Wed, 12 Dec 2018 18:35:20 GMT
access-control-allow-origin
*
etag
"1544639720"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css; charset=utf-8
status
200
cache-control
public, max-age=31536000
x-hello-human
Say hello back! @getBootstrapCDN on Twitter
accept-ranges
bytes
timing-allow-origin
*
content-length
6591
css
fonts.googleapis.com/
4 KB
684 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,700
Requested by
Host: app.cdn.lookbookhq.com
URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
78b37ed8e1576145bcf491de5d2c9db26ed81845fdbb48537f9248912dd92a24
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Mon, 13 May 2019 13:48:42 GMT
server
ESF
access-control-allow-origin
*
date
Mon, 13 May 2019 13:48:42 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
0
expires
Mon, 13 May 2019 13:48:42 GMT
website_experience
jukebox.lookbookhq.com/api/public/v1/
0
296 B
XHR
General
Full URL
https://jukebox.lookbookhq.com/api/public/v1/website_experience?clientId=LB-36FF9D6D-10460&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F
Requested by
Host: app.cdn.lookbookhq.com
URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.226.55 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-1-226-55.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method
GET
Origin
https://blog.alertlogic.com
Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

date
Mon, 13 May 2019 13:48:43 GMT
content-encoding
gzip
access-control-allow-origin
https://blog.alertlogic.com
access-control-max-age
1728000
access-control-allow-methods
GET, PUT, POST, PATCH, OPTIONS
content-type
text/plain
status
200
access-control-expose-headers
access-control-allow-credentials
true
access-control-allow-headers
content-type
twreceiver
alertlogic.evergage.com/
9 KB
2 KB
XHR
General
Full URL
https://alertlogic.evergage.com/twreceiver?_r=549556
Requested by
Host: cdn.evgnet.com
URL: https://cdn.evgnet.com/beacon/alertlogic/engage/scripts/evergage.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.208.35.11 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-3-208-35-11.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
b35552a07d04989bd825bb4cd3c85467bbce4bfe3a1c924b872a928325fffdd3

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin
https://blog.alertlogic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date
Mon, 13 May 2019 13:48:42 GMT
Content-Encoding
gzip
Server
Apache-Coyote/1.1
Vary
Accept-Encoding
Content-Type
application/json;charset=UTF-8
Access-Control-Allow-Origin
https://blog.alertlogic.com
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
2066
twreceiver
alertlogic.evergage.com/
9 KB
2 KB
XHR
General
Full URL
https://alertlogic.evergage.com/twreceiver?_r=650855
Requested by
Host: cdn.evgnet.com
URL: https://cdn.evgnet.com/beacon/alertlogic/engage/scripts/evergage.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.208.35.11 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-3-208-35-11.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
299ce7f7a305fbaebecf249f085dfc8488d386efeb9a21320579a525537f6b5b

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin
https://blog.alertlogic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date
Mon, 13 May 2019 13:48:43 GMT
Content-Encoding
gzip
Server
Apache-Coyote/1.1
Vary
Accept-Encoding
Content-Type
application/json;charset=UTF-8
Access-Control-Allow-Origin
https://blog.alertlogic.com
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
2067
twreceiver
alertlogic.evergage.com/
9 KB
2 KB
XHR
General
Full URL
https://alertlogic.evergage.com/twreceiver?_r=077636
Requested by
Host: cdn.evgnet.com
URL: https://cdn.evgnet.com/beacon/alertlogic/engage/scripts/evergage.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.208.35.11 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-3-208-35-11.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
33eecbcbc3d45c6fae5f6adb6b41a31e676314964c5328283e1f37863056ffeb

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin
https://blog.alertlogic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date
Mon, 13 May 2019 13:48:42 GMT
Content-Encoding
gzip
Server
Apache-Coyote/1.1
Vary
Accept-Encoding
Content-Type
application/json;charset=UTF-8
Access-Control-Allow-Origin
https://blog.alertlogic.com
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
2067
u
cdn.bizibly.com/
43 B
381 B
Image
General
Full URL
https://cdn.bizibly.com/u?_biz_u=44acd3ec545e437fe4f0e7b3d2351fe5&_biz_s=8c7969&_biz_l=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&_biz_t=1557755323267&_biz_i=%0A%09%09%20%20%20%20Active%20Exploitation%20of%20Confluence%20Vulnerability%20CVE-2019-3396%20Dropping%20Gandcrab%20Ransomware%0A%09%09&rnd=597528&cdn_o=a&_biz_z=1557755323267
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.220.42 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/40E5) / ASP.NET
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 13 May 2019 13:48:43 GMT
x-aspnetmvc-version
4.0
last-modified
Sat, 11 May 2019 08:17:22 GMT
server
ECS (fcn/40E5)
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status
200
cache-control
no-cache, no-store
accept-ranges
bytes
content-type
Image/GIF
content-length
43
expires
-1
fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.6.1/fonts/
69 KB
69 KB
Font
General
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/fonts/fontawesome-webfont.woff2?v=4.6.1
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip0x00f.map2.ssl.hwcdn.net
Software
/
Resource Hash
d3ebb498192527b985939ae62cc4e5eb5c108efc1896184126b45d866868e73d

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css
Origin
https://blog.alertlogic.com

Response headers

date
Mon, 13 May 2019 13:48:43 GMT
content-encoding
gzip
last-modified
Wed, 12 Dec 2018 18:36:18 GMT
access-control-allow-origin
*
etag
"1544639778"
vary
Accept-Encoding
x-cache
HIT
content-type
font/woff2
status
200
cache-control
public, max-age=31536000
x-hello-human
Say hello back! @getBootstrapCDN on Twitter
accept-ranges
bytes
timing-allow-origin
*
content-length
70769
website_experience
jukebox.lookbookhq.com/api/public/v1/
816 B
944 B
XHR
General
Full URL
https://jukebox.lookbookhq.com/api/public/v1/website_experience?clientId=LB-36FF9D6D-10460&url=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F
Requested by
Host: blog.alertlogic.com
URL: https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.226.55 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-1-226-55.compute-1.amazonaws.com
Software
/
Resource Hash
ddf5defcdc201d8b0e28668d2db5b9f0196867d17e11ad9ab839ac818b71945e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json
Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin
https://blog.alertlogic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/json

Response headers

x-runtime
0.017527
date
Mon, 13 May 2019 13:48:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
etag
W/"ddf5defcdc201d8b0e28668d2db5b9f0"
access-control-max-age
1728000
access-control-allow-methods
GET, PUT, POST, PATCH, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://blog.alertlogic.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
vary
Origin
x-request-id
9b3418f8-790a-4961-8305-a9f8e866564a
msreceiver
alertlogic.evergage.com/
0
197 B
XHR
General
Full URL
https://alertlogic.evergage.com/msreceiver?_r=993859
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.208.35.11 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-3-208-35-11.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin
https://blog.alertlogic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://blog.alertlogic.com
Date
Mon, 13 May 2019 13:48:42 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Timing-Allow-Origin
*
alfie.f51946af45e0b561c60f768335c9eb79.js
c.disquscdn.com/next/embed/
19 KB
7 KB
Script
General
Full URL
https://c.disquscdn.com/next/embed/alfie.f51946af45e0b561c60f768335c9eb79.js
Requested by
Host: alert-logic.disqus.com
URL: https://alert-logic.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4ea6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
eda8f00e9255746e7620848227aca122053845c9b4a90f1b3e26b4cd99af9e25
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 13 May 2019 13:48:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
cf-ray
4d6517746bebbf0a-FRA
status
200
vary
Accept-Encoding
content-length
6605
x-xss-protection
1; mode=block
last-modified
Wed, 03 Oct 2018 22:50:54 GMT
server
cloudflare
cache-control
max-age=31536000, public, immutable, no-transform
etag
"5bb547ce-19cd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300; includeSubdomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
fastly-debug-digest
baac760ca1e6f62ea6380d62d4f07b5dfbb97755c19df0448623d4ede950e2e4
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 04 Oct 2019 00:14:16 GMT
ping
links.services.disqus.com/api/
224 B
853 B
XHR
General
Full URL
https://links.services.disqus.com/api/ping?format=jsonp&key=cfdfcf52dffd0a702a61bad27507376d&loc=https%3A%2F%2Fblog.alertlogic.com%2Factive-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware%2F&subId=5241753&v=1&jsonp=vglnk_jsonp_15577553236090
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.120.64 Paris, France, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
11b50cb1ac9c470655746dfdbe8ab0d9955ef3dfef37a98200cf9b952be35def

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin
https://blog.alertlogic.com

Response headers

Pragma
no-cache
Date
Mon, 13 May 2019 13:48:43 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
https://blog.alertlogic.com
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
224
Expires
Thu, 01 Jan 1970 00:00:00 GMT
cookie-iframe.html
jukebox.lookbookhq.com/ Frame B930
0
0
Document
General
Full URL
https://jukebox.lookbookhq.com/cookie-iframe.html
Requested by
Host: app.cdn.lookbookhq.com
URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.20.5.219 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-20-5-219.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

:method
GET
:authority
jukebox.lookbookhq.com
:scheme
https
:path
/cookie-iframe.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Response headers

status
200
date
Mon, 13 May 2019 13:48:43 GMT
content-type
text/html
last-modified
Wed, 20 Mar 2019 21:19:25 GMT
content-encoding
gzip
pr
alertlogic.evergage.com/
0
197 B
XHR
General
Full URL
https://alertlogic.evergage.com/pr?_r=647887
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.54.19.237 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-54-19-237.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin
https://blog.alertlogic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://blog.alertlogic.com
Date
Mon, 13 May 2019 13:48:44 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Timing-Allow-Origin
*
custom_domains
jukebox.lookbookhq.com/api/public/v1/
0
296 B
XHR
General
Full URL
https://jukebox.lookbookhq.com/api/public/v1/custom_domains?clientId=LB-36FF9D6D-10460
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.226.55 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-1-226-55.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method
GET
Origin
https://blog.alertlogic.com
Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

date
Mon, 13 May 2019 13:48:44 GMT
content-encoding
gzip
access-control-allow-origin
https://blog.alertlogic.com
access-control-max-age
1728000
access-control-allow-methods
GET, PUT, POST, PATCH, OPTIONS
content-type
text/plain
status
200
access-control-expose-headers
access-control-allow-credentials
true
access-control-allow-headers
content-type
custom_domains
jukebox.lookbookhq.com/api/public/v1/
90 B
563 B
XHR
General
Full URL
https://jukebox.lookbookhq.com/api/public/v1/custom_domains?clientId=LB-36FF9D6D-10460
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.226.55 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-1-226-55.compute-1.amazonaws.com
Software
/
Resource Hash
a62165ab840ff92a94c6430f32f60236e15ced4aac714033930043b190fc609c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json
Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin
https://blog.alertlogic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/json

Response headers

x-runtime
0.008380
date
Mon, 13 May 2019 13:48:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
etag
W/"a62165ab840ff92a94c6430f32f60236"
access-control-max-age
1728000
access-control-allow-methods
GET, PUT, POST, PATCH, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://blog.alertlogic.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
vary
Origin
x-request-id
f42f62cc-deae-49c6-9785-73e0461720c4
cookie-iframe.html
resources.alertlogic.com/ Frame 02E2
2 KB
959 B
Document
General
Full URL
https://resources.alertlogic.com/cookie-iframe.html
Requested by
Host: app.cdn.lookbookhq.com
URL: https://app.cdn.lookbookhq.com/production/jukebox/current/jukebox.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.200.38.55 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-200-38-55.compute-1.amazonaws.com
Software
/
Resource Hash
09939c2042098c0fc0247a1645a961cc66461b5b30dc3776eaf390a3671be41d

Request headers

:method
GET
:authority
resources.alertlogic.com
:scheme
https
:path
/cookie-iframe.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/

Response headers

status
200
date
Mon, 13 May 2019 13:48:44 GMT
content-type
text/html
last-modified
Wed, 20 Mar 2019 21:19:25 GMT
content-encoding
gzip
page_views
jukebox.lookbookhq.com/api/public/v1/
0
296 B
XHR
General
Full URL
https://jukebox.lookbookhq.com/api/public/v1/page_views
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.226.55 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-1-226-55.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method
POST
Origin
https://blog.alertlogic.com
Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

date
Mon, 13 May 2019 13:48:44 GMT
content-encoding
gzip
access-control-allow-origin
https://blog.alertlogic.com
access-control-max-age
1728000
access-control-allow-methods
GET, PUT, POST, PATCH, OPTIONS
content-type
text/plain
status
200
access-control-expose-headers
access-control-allow-credentials
true
access-control-allow-headers
content-type
page_views
jukebox.lookbookhq.com/api/public/v1/
153 B
626 B
XHR
General
Full URL
https://jukebox.lookbookhq.com/api/public/v1/page_views
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.226.55 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-1-226-55.compute-1.amazonaws.com
Software
/
Resource Hash
0f2c4ece9e3b1ac453da745137a875403888012ad929a386df5ee1e3b1318ad3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json
Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin
https://blog.alertlogic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/json

Response headers

x-runtime
0.043225
date
Mon, 13 May 2019 13:48:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
etag
W/"0f2c4ece9e3b1ac453da745137a87540"
access-control-max-age
1728000
access-control-allow-methods
GET, PUT, POST, PATCH, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://blog.alertlogic.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
vary
Origin
x-request-id
604a507b-cd61-4fd9-a0c9-3baa4f7d62e4
create_event
jukebox.lookbookhq.com/api/public/v1/page_views/
0
296 B
XHR
General
Full URL
https://jukebox.lookbookhq.com/api/public/v1/page_views/create_event
Requested by
Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.226.55 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-1-226-55.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method
POST
Origin
https://blog.alertlogic.com
Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

date
Mon, 13 May 2019 13:48:45 GMT
content-encoding
gzip
access-control-allow-origin
https://blog.alertlogic.com
access-control-max-age
1728000
access-control-allow-methods
GET, PUT, POST, PATCH, OPTIONS
content-type
text/plain
status
200
access-control-expose-headers
access-control-allow-credentials
true
access-control-allow-headers
content-type
create_event
jukebox.lookbookhq.com/api/public/v1/page_views/
0
365 B
XHR
General
Full URL
https://jukebox.lookbookhq.com/api/public/v1/page_views/create_event
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.226.55 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-1-226-55.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json
Referer
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Origin
https://blog.alertlogic.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/json

Response headers

x-runtime
0.012944
date
Mon, 13 May 2019 13:48:45 GMT
x-content-type-options
nosniff
status
204
access-control-max-age
1728000
access-control-allow-methods
GET, PUT, POST, PATCH, OPTIONS
access-control-allow-origin
https://blog.alertlogic.com
access-control-expose-headers
cache-control
no-cache
access-control-allow-credentials
true
vary
Origin
x-request-id
9588301b-1275-4889-b593-0dd2b30b4695

Verdicts & Comments Add Verdict or Comment

155 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| hj object| _hjSettings object| html5 object| Modernizr string| GoogleAnalyticsObject function| ga function| Visitor object| _satellite object| s_c_il number| s_c_in object| MktoForms2 object| evergageLog function| ajq object| _aaq object| _aaqi object| Evergage function| evergageBeforeSiteConfigExecution object| evergageSiteConfig string| evergageSiteWideStyles number| evergageBeaconParseTimeStart object| evergageJSON function| $ function| jQuery object| jQuery18009589401252547234 object| Apptegic object| ApptegicTwoWay number| evergageBeaconParseTimeEnd function| disqus_config function| jsElementReady object| BEJSSDKObserver object| BELinkBlockGenerator function| positionLinkBlock object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| Bizible object| BizTrackingA object| BizA function| initializeFPJSLibrary function| detectIE object| _bright3 function| beLinkBlockCallback boolean| ie_version undefined| style undefined| select object| scriptTag string| org_id object| betrack object| showLogs string| domain object| domainPath object| timeout string| sessionTmeout boolean| bf_e_org object| bf_e_org_list number| bf_i object| bf object| goal object| goalvalue number| maximum_custom_variables number| maximum_custom_metrics object| customdimension_value object| custommetric_value number| maximum_conversions object| conversion_count_value object| conversion_value_value boolean| disableTrack object| deferCallback object| useCustomLinkBlockStyles object| showLinkBlock object| JSON3 number| c_begin function| Fingerprint2 object| DISQUS object| mySwiper object| basicSlider object| contentSlider undefined| tag undefined| player undefined| firstScriptTag undefined| video number| v undefined| onYouTubeIframeAPIReady undefined| onPlayerStateChange undefined| cleanTime function| EvEmitter function| imagesLoaded function| jQueryBridget function| getSize function| matchesSelector object| fizzyUIUtils function| Outlayer function| Isotope function| Masonry object| Foundation function| Swiper number| $repeaters function| twq string| _linkedin_data_partner_id function| lbhq string| cookie_str number| s_expire string| cookie_set_string number| c_end object| jQuery112400975260695515443 object| twttr object| uetq object| _da function| AppMeasurement_Module_ActivityMap function| AppMeasurement_Module_Media function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq string| f0 object| s_i_alogglobalprod object| _fbq function| _bizo_local_logger function| _bizo_fire_partners boolean| _bizo_main_already_called function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO object| YT object| YTConfig function| onYTReady function| UET object| MunchkinTracker object| yt function| ytDomDomGetNextId object| ytEventsEventsListeners object| ytEventsEventsCounter function| setImmediate function| clearImmediate object| scCGSHMRCache boolean| jukeboxInitialized object| _vis_opt_queue object| LC_API boolean| ready string| vglnk_self function| vl_cB function| vl_disable undefined| vglnk_jsonp_15577553236090 object| vglnk

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' http://resources.alertlogic.com https://resources.alertlogic.com http://www.alertlogic.com https://www.alertlogic.com
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options allow-from https://resources.alertlogic.com https://www.alertlogic.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

023-pwj-200.mktoresp.com
a.b0e8.com
ajax.googleapis.com
alert-logic.disqus.com
alertlogic.evergage.com
alertlogic.sc.omtrdc.net
analytics.twitter.com
app-ab01.marketo.com
app.cdn.lookbookhq.com
assets.adobedtm.com
bat.bing.com
blog.alertlogic.com
c.disquscdn.com
cdn.b0e8.com
cdn.bizible.com
cdn.bizibly.com
cdn.evgnet.com
cdnjs.cloudflare.com
connect.facebook.net
disqus.com
dpm.demdex.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
jukebox.lookbookhq.com
links.services.disqus.com
maxcdn.bootstrapcdn.com
munchkin.marketo.net
pbs.twimg.com
platform.twitter.com
px.ads.linkedin.com
resources.alertlogic.com
s.ytimg.com
script.hotjar.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
vars.hotjar.com
www.alertlogic.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.linkedin.com
www.youtube.com
104.16.92.80
104.244.42.195
104.244.42.69
147.75.205.49
147.75.83.1
147.75.83.23
151.101.120.134
151.101.120.157
151.101.120.64
151.101.192.114
151.101.192.134
172.82.228.19
184.31.84.223
192.28.151.250
2.18.232.23
209.197.3.15
216.58.207.66
2606:2800:134:1a0d:1429:742:782:b6
2606:2800:234:59:254c:406:2366:268c
2606:4700::6810:4ea6
2606:4700::6813:c797
2620:1ec:c11::200
2a00:1450:4001:808::200e
2a00:1450:4001:809::2003
2a00:1450:4001:815::200a
2a00:1450:4001:817::200a
2a00:1450:4001:818::2002
2a00:1450:4001:81c::200e
2a00:1450:4001:81d::2004
2a00:1450:4001:81e::2003
2a00:1450:400c:c08::9a
2a02:26f0:6c00:296::25ea
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
2a05:f500:10:101::b93f:9101
2a05:f500:11:101::b93f:9005
3.208.35.11
34.95.105.148
35.190.5.192
52.1.226.55
52.20.5.219
52.200.38.55
52.209.176.49
52.222.157.188
52.222.157.191
52.222.157.95
52.54.19.237
93.184.220.178
93.184.220.42
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
06768ff08a78f24b60973b047561141c4413864fa2d3ac9292fb0b217a81f917
08c5812dd025af3149b80ecb972803b280476bebb5e9f02416e6f007a04de8b4
093e8ad6879175a558add8c94d0074d1b87d10e29f90ad58f45ec8fb26140832
09939c2042098c0fc0247a1645a961cc66461b5b30dc3776eaf390a3671be41d
0f2c4ece9e3b1ac453da745137a875403888012ad929a386df5ee1e3b1318ad3
0f67efb1a352a2239f06b373e951655b99a8ea6530929247218bcee5f1358cf9
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11b50cb1ac9c470655746dfdbe8ab0d9955ef3dfef37a98200cf9b952be35def
12c0bc0ed4f34ad6251de0db7eb2db8f52cb37191482f98c1e9ac8f78dcfbdac
13a2ec182fe7cd3a00d98057115584fd356265e484b08a3a18cf76ebb2714f36
14f3b6819ef43c89752e13e38011994f18bf74ef99c92679243bbc30e3b1ed7e
1c44d68dd84c16286df3470563d6aad51a4566d1ca84e1ad5d626d2065ffd004
1cdc48e451e5acc23a10a350583be260114164838184afe59bb497fcf4c1df5a
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
22f35f1e580566391809fff946156e10901faac6df9584e8a1427f8d3e6dcc33
23c83e995754894b0f0477a6ece28341e1339eabac7dcce28b5162e758fa7f21
26a9c8770bb5e7769425cb053b2be9c8ddfaebcd8cf2b5ae860620a94ff14690
299ce7f7a305fbaebecf249f085dfc8488d386efeb9a21320579a525537f6b5b
2c2b83b5a9f188b6f91fdb4db32a68cae12d7c15d62263ebd3e345429dab2ec5
2e4fff8d63f0306c6a9aa0563df042f03446141668b2a81e49418b8a64c3c3f4
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
33eecbcbc3d45c6fae5f6adb6b41a31e676314964c5328283e1f37863056ffeb
347e4c3fa50e6f98a2a10fff78a4c732f09f53c0eb0b08a9df3213494d4ca043
34c2659fd8cefa81566bb68fd35fb0e6a2e91d76d0bdc35dbe3ec9f7bd57c833
397d07fbfb19b6ac538d7b8bcdf5ebf7be881c9f9ad3982278d9d4f3a02c160b
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
400415a82322b1ea52106607b140a19d215536a0008550aa881a2cb976897bf7
44e763c06fc465b461a26b4aea5306f0d6bac8d1e5c1f512e951bf101e935ef8
487f2e9da2ff0740755a5ef01dc15a2888b89537795895203a831b13b199d8bb
556213d68f2f3386a34135c07ea432d252682ac7deecc5eb9c9c23a194e83415
5794e64eb4637c615f2c54c13fca8e1d87d5c42f42ab14fa4bfece33d96da000
57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa
5cd1b9ee05ab05b7ff10c8169dbdad672013e98c4524127fc0f33f5759d70596
5da6cab971320f684d11532a4dce04c6d30d7b473343fe0c1ae9e6eda1a5c2fc
5e4539de7d3eabd693e7fcae0da2d3ae05dac60b0a3d78452f29e04d9fec951f
606fe67f66cae43dafd22616543240855633eb1e68050d64610b5958fb0747de
66f7eaa7a45f696c332cd450771f4be48e110f6afbe1fe7b39c7a95518aeef76
6ac7b199f71de2f4ffad267887891a63377843226829fb1a02485668434284af
6b8599bc83dec5a12502c5816717ab13d9ee21b875de116637dab7e0e53e0044
74b4666b9a295c6381eb45d8603b4b542d72c28dac1d128fd5dc4a22f4e0087d
784d0575ef04658ca6fcdbb16911de996de10c0aa137ec8511996bd8f0c6389c
78b37ed8e1576145bcf491de5d2c9db26ed81845fdbb48537f9248912dd92a24
79e4ebe446beb792f757e503371ae1e73ffca487abe6b2d38b228836dd6bbdf7
7af685358f2e8dc212e1b81de49ca10d3a43320e541786ab5a1f01538a4c31a2
7c3eca218afc1869a365fac68fac54b1dd93d0531cc2abe49860d6e3db8983c6
7cc2c8a7bd96173ee2a862c122630ab8d45ad0676ad2ad60fc55307763782230
7e6b64eaf0276ec4ba7ae04f80b5b825f89034a55e1196b200b1edcb06bda958
8221c3f49ef546af3e8c05533a8e5fd532e7c192a8355064fcc93c9b3ce1c4df
83a25b6da863419e47e0cd1cc2ccdfbe977341e9df76b5e108a0d77d89172f4d
8964f1fe20bd22829aa12283e7e59515e7fc658348810e00c55a4c6c1c368628
8bc3251047c963d11d510dc2a97f6a7c6bb5934eec528e5bb786314da2bcb4c0
8c99a2efb42f096f7628d2a67dc7bde4ba3ecd96f1f21a15b7e293135d06ecf8
9a840cbc1851e412ca570bde62526c4cbecde684da1c79e9ef8debd83ab15869
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
9ef8292dbcde1495ae58d7a796d655b861c97cae627bffb1b8505d5984c7eff9
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a62165ab840ff92a94c6430f32f60236e15ced4aac714033930043b190fc609c
a71627b229a3d8bc6683b642f9a935697c58fc2814737f28dcc7ad9e1850fa42
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad37683586e894a6ca168c01b8b60a11dd38409f5dfca297256533a0fecf88b9
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b35552a07d04989bd825bb4cd3c85467bbce4bfe3a1c924b872a928325fffdd3
b5d7707ea8fc00aae40bf500ac7498d7f32f6b1bbff7b4fde976a40345eb5f9d
b73336a70c8e2b73cd8e349c54db26910f6f1c51be47806790252b72587ebf24
b916baec833d0b279940c3c9dc0197cc8c78f552ef8853c4e51dd16202bca116
bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b
bcc326a932512b85b357a85eff7a4d53ba307b8f98dda12d03e5f093d35f1fc3
c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c
c7bdbbdc5796065794e3ffcfdd995fd7a43c618e3a56707e133f72f5ca57cd1b
c7e528d4f055f2880561bd856c5d208b563b8a0bf5842b337fd4ca11cf06d7ec
c93f3f4d498ca8a69597ebd2d6e07b5f3be531f924c1ee4abe39a0ca6d8bc071
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cbbd42bb1d88693e6805bd9d676840424af5ecf3e13d874fd06e6b57d53d8d40
d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe
d3ebb498192527b985939ae62cc4e5eb5c108efc1896184126b45d866868e73d
d4631de95e8413346dedfde1266d66e35294fbd88f0b675d7637f007a71b01ae
d68bb7b5d396436b422fb7656ef916b888386d70aae9d10118ed07bf37d760e1
d7d9d11f05f1629d699d61f50665fea7a3ba83b6ce14bbd47f6c839c581bc2c7
da7ebd42b410dec8e844022c3445e6367f49b0d68654e4012c05e5cdec6fff4e
ddf5defcdc201d8b0e28668d2db5b9f0196867d17e11ad9ab839ac818b71945e
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e1b14fab01159f43f337ddbf24563382b9099558189106cef967084f9e94ff37
e367786278723e60fe5c4692b30f2435c45f305876b06888ba832c27aa145db1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e73035342ef69a696cf2e1ddda0c23b03e39d415307cfed23c75e8899e38f4be
e97e1647b609849b4d781a2783a73e0d4fde0a1347856167657be0f613db70db
ecf76895be1cf9e8b3edb254030e9c9c1d8f3c2efc1f9dc7e04ceff29eccae9c
eda8f00e9255746e7620848227aca122053845c9b4a90f1b3e26b4cd99af9e25
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775
f3aa62e151c19d02630f97da628b703469b53a5d5a9e8fa46cb111bc86dbfeed
f516eadee40e7fa3bdda16aedc2c81317707f7f3e9b2c0da2d5dbffa37134dde