www.kroll.com Open in urlscan Pro
2606:4700:4400::ac40:9077 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis
Submission: On November 13 via manual (November 13th 2023, 8:34:00 am UTC) from ES — Scanned from ES

Summary HTTP 68 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 27 IPs in 3 countries across 23 domains to perform 68 HTTP transactions. The main IP is 2606:4700:4400::ac40:9077, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.kroll.com. The Cisco Umbrella rank of the primary domain is 494860.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 4th 2023. Valid for: a year.

This is the only time www.kroll.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
13	2606:4700:440... 2606:4700:4400::ac40:9077	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a02:26f0:710... 2a02:26f0:7100::1720:ef23	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 4	2606:4700::68... 2606:4700::6810:7aaf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a04:4e42::729 2a04:4e42::729	54113 (FASTLY) (FASTLY)
11	2606:4700::68... 2606:4700::6812:82ec	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:e6:... 2606:4700:e6::ac40:c926	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:780... 2a02:26f0:780::210:a469	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:81c::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
1	2600:9000:215... 2600:9000:2156:7a00:1e:d7b:ca80:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:440... 2606:4700:4400::ac40:9b77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.237.62.212 104.237.62.212	18450 (WEBNX) (WEBNX)
1	2606:4700:20:... 2606:4700:20::ac43:44a1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a02:26f0:710... 2a02:26f0:7100::213:c60b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	2001:4860:480... 2001:4860:4802:36::178	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:2c5d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:2b89	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c0c::9d	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
4 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:81c::2004	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
68	27

13 2606:4700:4400::ac40:9077 (United States)

ASN13335 (CLOUDFLARENET, US)

www.kroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:26f0:7100::1720:ef23 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:7aaf (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42::729 (United States)

ASN54113 (FASTLY, US)

vjs.zencdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700::6812:82ec (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:e6::ac40:c926 (United States)

ASN13335 (CLOUDFLARENET, US)

api.fouanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:780::210:a469 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:7a00:1e:d7b:ca80:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.searchstax.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.237.62.212 (El Segundo, United States)

ASN18450 (WEBNX, US)
PTR: api.ipify.org

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:44a1 (United States)

ASN13335 (CLOUDFLARENET, US)

api.b2c.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:7100::213:c60b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:36::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:2c5d (United States)

ASN13335 (CLOUDFLARENET, US)

fa.aidemsrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2b89 (United States)

ASN13335 (CLOUDFLARENET, US)

learn.kroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0c::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.es	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	kroll.com www.kroll.com — Cisco Umbrella Rank: 494860 learn.kroll.com — Cisco Umbrella Rank: 901830	450 KB
11	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 342	176 KB
7	typekit.net use.typekit.net — Cisco Umbrella Rank: 506 p.typekit.net — Cisco Umbrella Rank: 621	110 KB
6	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 377 www.linkedin.com — Cisco Umbrella Rank: 629 px4.ads.linkedin.com — Cisco Umbrella Rank: 6003	5 KB
4	unpkg.com 2 redirects unpkg.com — Cisco Umbrella Rank: 903	8 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	21 KB
3	fouanalytics.com api.fouanalytics.com — Cisco Umbrella Rank: 14757	7 KB
2	google.es www.google.es — Cisco Umbrella Rank: 23948	517 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 78	397 B
2	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3040 www.google.com — Cisco Umbrella Rank: 2	654 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 174	85 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 778	19 KB
2	bing.com bat.bing.com — Cisco Umbrella Rank: 366	13 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	207 KB
2	youtube.com www.youtube.com — Cisco Umbrella Rank: 68	69 KB
2	zencdn.net vjs.zencdn.net — Cisco Umbrella Rank: 5091	166 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 223	31 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 110	186 B
1	aidemsrv.com fa.aidemsrv.com — Cisco Umbrella Rank: 83249	745 B
1	b2c.com api.b2c.com — Cisco Umbrella Rank: 13535	516 B
1	ipify.org api.ipify.org — Cisco Umbrella Rank: 3028	223 B
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 590	313 B
1	searchstax.com static.searchstax.com — Cisco Umbrella Rank: 30065	3 KB
68	23

	Domain	Requested by
13	www.kroll.com	www.kroll.com cdnjs.cloudflare.com
11	cdn.cookielaw.org	www.kroll.com cdn.cookielaw.org
6	use.typekit.net	www.kroll.com use.typekit.net
4	px.ads.linkedin.com	3 redirects snap.licdn.com
4	unpkg.com	2 redirects www.kroll.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	api.fouanalytics.com	www.kroll.com api.fouanalytics.com
2	www.google.es	www.kroll.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	connect.facebook.net	www.kroll.com connect.facebook.net
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	bat.bing.com	www.googletagmanager.com bat.bing.com
2	www.googletagmanager.com	www.kroll.com www.googletagmanager.com
2	www.youtube.com	cdnjs.cloudflare.com www.youtube.com
2	vjs.zencdn.net	www.kroll.com
2	cdnjs.cloudflare.com	www.kroll.com
1	www.facebook.com	www.kroll.com
1	www.google.com	www.kroll.com
1	px4.ads.linkedin.com	www.kroll.com
1	www.linkedin.com	1 redirects
1	region1.analytics.google.com	www.googletagmanager.com
1	learn.kroll.com	www.kroll.com
1	fa.aidemsrv.com	www.kroll.com
1	api.b2c.com	api.fouanalytics.com
1	api.ipify.org	cdnjs.cloudflare.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	static.searchstax.com	www.kroll.com
1	p.typekit.net	use.typekit.net
68	28

This site contains links to these domains. Also see Links.

Domain
careers.kroll.com
attack.mitre.org
malpedia.caad.fkie.fraunhofer.de
www.linkedin.com
twitter.com
www.facebook.com
www.instagram.com
www.youtube.com
www.onetrust.com

Subject Issuer	Validity	Valid
kroll.com Cloudflare Inc ECC CA-3	`2023-10-04` - `2024-10-03`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
use.typekit.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-21` - `2024-10-21`	a year	crt.sh
vjs.zencdn.net GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-06-03` - `2024-07-04`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
fouanalytics.com E1	`2023-11-07` - `2024-02-05`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
searchstax.com Sectigo RSA Organization Validation Secure Server CA	`2022-10-26` - `2023-11-26`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
*.ipify.org Sectigo RSA Domain Validation Secure Server CA	`2023-02-07` - `2024-02-18`	a year	crt.sh
b2c.com Cloudflare Inc ECC CA-3	`2023-09-09` - `2024-09-08`	a year	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 01	`2023-10-24` - `2024-04-21`	6 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-08-22` - `2023-11-20`	3 months	crt.sh
*.aidemsrv.com Sectigo ECC Domain Validation Secure Server CA	`2023-09-19` - `2024-10-18`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.google.es GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2023-11-03` - `2024-05-03`	6 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis
Frame ID: DBDA4D221BF16357C4DD57BD27B11EA0
Requests: 68 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Black Basta – Technical Analysis | KrollArrow LeftArrow RightCalendar (Dark)CloseSend MessageDownload vCardGoogle PodcastAmazon MusicApple PodcastSpotifyStitcheriHeartRadioRSS FeedFacebookWeChatFilterLinkedinDuff And Phelps, A Kroll BussinessDuff And Phelps, A Kroll BussinessKrollMy accountKrollKrollKrollPhonePlayPrintSub-servicesTickTwitterPlay AudioYoutubePagemill Partners, A Kroll BussinessPagemill Partners, A Kroll BussinessPrime Clerk, A Kroll BussinessPrime Clerk, A Kroll BussinessKroll Business ServicesKroll Business ServicesKroll lensInstagramOur CapabilitiesPhoneContactKrollKrollKrollKrollContactPhoneSearchSearchGlobalGlobalKrollLinkedInTwitterFacebookInstagramYouTubeGlobalGlobalGlobalBack ButtonFilter Button

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

68
Requests

96 %
HTTPS

93 %
IPv6

23
Domains

28
Subdomains

27
IPs

3
Countries

1370 kB
Transfer

5066 kB
Size

26
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://careers.kroll.com/
Title: CAREERS

Search URL Search Domain Scan URL

URL: https://careers.kroll.com/culture
Title: Why Kroll?

Search URL Search Domain Scan URL

URL: https://careers.kroll.com/testimonials
Title: Testimonials

Search URL Search Domain Scan URL

URL: https://careers.kroll.com/campus
Title: Students

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/software/S0650/
Title: Qakbot

Search URL Search Domain Scan URL

URL: https://malpedia.caad.fkie.fraunhofer.de/details/win.systembc
Title: SystemBC

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/software/S0002/
Title: Mimikatz

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/software/S0154/
Title: CobaltStrike

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/software/S1040/
Title: Rclone

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/kroll/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/KrollWire
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/wearekroll
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.instagram.com/wearekroll
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/kroll
Title: YouTube

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://unpkg.com/swiper/swiper-bundle.min.css HTTP 302
https://unpkg.com/swiper@11.0.4/swiper-bundle.min.css

Request Chain 39

https://unpkg.com/web-vitals/dist/web-vitals.iife.js HTTP 302
https://unpkg.com/web-vitals@3.5.0/dist/web-vitals.iife.js

Request Chain 61

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=654419&time=1699864436031&url=https%3A%2F%2Fwww.kroll.com%2Fen%2Finsights%2Fpublications%2Fcyber%2Fblack-basta-technical-analysis HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=654419&time=1699864436031&url=https%3A%2F%2Fwww.kroll.com%2Fen%2Finsights%2Fpublications%2Fcyber%2Fblack-basta-technical-analysis&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D654419%26time%3D1699864436031%26url%3Dhttps%253A%252F%252Fwww.kroll.com%252Fen%252Finsights%252Fpublications%252Fcyber%252Fblack-basta-technical-analysis%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=654419&time=1699864436031&url=https%3A%2F%2Fwww.kroll.com%2Fen%2Finsights%2Fpublications%2Fcyber%2Fblack-basta-technical-analysis&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=654419&time=1699864436031&url=https%3A%2F%2Fwww.kroll.com%2Fen%2Finsights%2Fpublications%2Fcyber%2Fblack-basta-technical-analysis&cookiesTest=true&liSync=true&e_ipv6=AQJO8NwEeM33hQAAAYvH0ODlv7HeMtQHccr6XkgxM1vIe5m8-OBvzjcilfchTJ8psBFLcw

68 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request black-basta-technical-analysis Show response
www.kroll.com/en/insights/publications/cyber/ 507 KB
82 KB 807ms
708ms Document
text/html 2606:4700:4400::ac40:9077
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9077 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e92c5fcf177fb7d35d4a4561faa9d6763dad9df06c3dbb14c8a74454bcd717f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://duffandphelps.360learning.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: es-ES,es;q=0.9

Response headers

CF-Cache-Status: DYNAMIC
CF-Ray: 8255ac281d2a2f81-MAD
Cache-Control: no-cache, no-store,public
Connection: keep-alive
Content-Encoding: br
Content-Security-Policy: frame-ancestors 'self' https://duffandphelps.360learning.com
Content-Type: text/html; charset=utf-8
Date: Mon, 13 Nov 2023 08:33:54 GMT
Expires: -1
Permissions-Policy: accelerometer=(self), camera=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), payment=(self), usb=(self)
Pragma: no-cache
Referrer-Policy: strict-origin
Request-Context: appId=cid-v1:f515b5ec-281f-4c24-812a-8e2c3ab458b3
Server: cloudflare
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/ 87 KB
28 KB 121ms
54ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.kroll.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 08:33:54 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1132724
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27958
last-modified: Mon, 04 May 2020 23:01:39 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb09ed3-15d84"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sVtyDbWKrwPBncBd4MVci8i02fAzJJlSFrkQYqaER%2B6I0yVIo5x7dTN6dnPyJF%2BQVBAa9ALOLsn2bU4RSPKkro0kz8dLdwrMMuFFr9lyqlMHgLlpzKGQJ3e%2BXxRtE3b7NpCgfJj7WkmuNkPMZyWPU37v"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8255ac2cfe555cf9-MAD
expires: Sat, 02 Nov 2024 08:33:54 GMT

GET
H/1.1 200
OK main.css
www.kroll.com/assets/css/ 524 KB
83 KB 193ms
128ms Stylesheet
text/css 2606:4700:4400::ac40:9077
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kroll.com/assets/css/main.css?210920231201

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9077 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc750c08daf05ff9ca63e8b0faab0c1646be5bc706fd52eb23e256e0be53799f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://duffandphelps.360learning.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Mon, 13 Nov 2023 08:33:54 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Content-Encoding: br
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: frame-ancestors 'self' https://duffandphelps.360learning.com
Age: 438505
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:f515b5ec-281f-4c24-812a-8e2c3ab458b3
Referrer-Policy: strict-origin
Last-Modified: Fri, 22 Sep 2023 09:05:24 GMT
Server: cloudflare
ETag: W/"022d7eb33edd91:0"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: public,max-age=31536000,public
Permissions-Policy: accelerometer=(self), camera=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), payment=(self), usb=(self)
CF-Ray: 8255ac2cf9688681-MAD

GET
H2 200 pmd7cky.css
use.typekit.net/ 7 KB
1 KB 212ms
66ms Stylesheet
text/css 2a02:26f0:7100::1720:ef23
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/pmd7cky.css

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::1720:ef23 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

dc7e603e4934e82bfb83acf5e448dbbe8e91326cfaaeab3b47e11ff2f0078d76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Mon, 13 Nov 2023 08:33:54 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 968

GET
H/1.1 200
OK main-new.js Show response
www.kroll.com/assets/js/ 461 KB
117 KB 244ms
177ms Script
application/x-javascript 2606:4700:4400::ac40:9077
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kroll.com/assets/js/main-new.js?070920230524

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9077 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

267075198f02b0e104cb67bbcf6350fa6d594550818debb49a2fc0809a4c33e0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://duffandphelps.360learning.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Mon, 13 Nov 2023 08:33:55 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Content-Encoding: br
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: frame-ancestors 'self' https://duffandphelps.360learning.com
Age: 957400
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:f515b5ec-281f-4c24-812a-8e2c3ab458b3
Referrer-Policy: strict-origin
Last-Modified: Fri, 22 Sep 2023 09:05:26 GMT
Server: cloudflare
ETag: W/"04f8ed33edd91:0"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Cache-Control: public,max-age=31536000,public
Permissions-Policy: accelerometer=(self), camera=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), payment=(self), usb=(self)
CF-Ray: 8255ac2fcce43153-MAD

GET
H2

200

swiper-bundle.min.css
unpkg.com/swiper@11.0.4/
Redirect Chain

https://unpkg.com/swiper/swiper-bundle.min.css
https://unpkg.com/swiper@11.0.4/swiper-bundle.min.css

18 KB
5 KB

41ms
41ms

Stylesheet
text/css

2606:4700::6810:7aaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/swiper@11.0.4/swiper-bundle.min.css

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

Server

2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e9971b2d9d8bd45440bccb8441b519b98bce4dcc29c01db94d966d909f433ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 08:33:54 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 340474
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HESRB6N347XRC2G6ZQCSFNRQ-mad
server: cloudflare
etag: W/"4803-ejYLNdCn/3o/2Q8aUA2mWEI1StE"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8255ac2d48202fa3-MAD

Redirect headers

date: Mon, 13 Nov 2023 08:33:54 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
fly-request-id: 01HF3WJ0TZQXT787SG5PPW0GN3-mad
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 513
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /swiper@11.0.4/swiper-bundle.min.css
cache-control: public, s-maxage=600, max-age=60
cf-ray: 8255ac2d0fc02fa3-MAD

GET
H2 200 video-js.css
vjs.zencdn.net/8.0.4/ 44 KB
11 KB 106ms
31ms Stylesheet
text/css 2a04:4e42::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vjs.zencdn.net/8.0.4/video-js.css
Requested by: Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 61cc855be8d8c7a1f983036ee68a1bd120ae48064ebd4bf2f0ee4dd575e000ee

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-served-by: cache-mad2200106-MAD
date: Mon, 13 Nov 2023 08:33:54 GMT
content-encoding: gzip
last-modified: Thu, 02 Feb 2023 16:06:44 GMT
etag: "dc59cba2ee80e8a1a06a5ddb567278ed"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
timing-allow-origin: *
content-length: 10820
x-cache-hits: 7

GET
H2 200 video.min.js Show response
vjs.zencdn.net/8.0.4/ 540 KB
156 KB 109ms
35ms Script
text/javascript 2a04:4e42::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://vjs.zencdn.net/8.0.4/video.min.js
Requested by: Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ebe8dc4b16c090303bd55b9b24c185e8bfee559ce9e21a2a0f7b1f3068287749

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-served-by: cache-mad2200106-MAD
date: Mon, 13 Nov 2023 08:33:54 GMT
content-encoding: gzip
last-modified: Thu, 02 Feb 2023 16:06:44 GMT
etag: "5234312d388f7774a7f7aef2918f8d80"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
access-control-allow-origin: *
timing-allow-origin: *
content-length: 159143
x-cache-hits: 1

GET
H2 200 Youtube.min.js Show response
cdnjs.cloudflare.com/ajax/libs/videojs-youtube/3.0.0/ 13 KB
3 KB 123ms
57ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/videojs-youtube/3.0.0/Youtube.min.js

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f92c103734d0e349e776ee5fc47c61fb21cb735fec2b7344af0cb61cdc418118

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.kroll.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 08:33:54 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1038451
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 3240
last-modified: Fri, 17 Mar 2023 23:30:55 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6414f82f-ca8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LmIV08Pv93u1rq3afD3A5wlaWu%2FiMQsP355RjjzMIqGhoZyqndLFhokUu5BCNQEQ5GTISW6WZhD2p7cdmI8PQi2gjwmvyBMqr5bYP9G5m79GENN8wDSCvdRZEQQh3y14iHj3CQQCLzOUxJCqRrwDRDIx"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8255ac2cfe585cf9-MAD
expires: Sat, 02 Nov 2024 08:33:54 GMT

GET
H2 200 OtAutoBlock.js Show response
cdn.cookielaw.org/consent/db8fa0ce-73a5-4e3f-9b55-60b230386b60/ 44 KB
7 KB 128ms
54ms Script
application/x-javascript 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/db8fa0ce-73a5-4e3f-9b55-60b230386b60/OtAutoBlock.js

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5eb9cd3dc4b6a969f45cf83d05c3bc3b4d896fdfc1e2a8873084ac62482bca60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 13 Nov 2023 08:33:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 48229
content-md5: gUGccjE0UcWxZUhn51gBMw==
content-length: 6575
x-ms-lease-status: unlocked
last-modified: Thu, 19 Oct 2023 14:02:40 GMT
server: cloudflare
etag: 0x8DBD0AC0EC89619
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 394ba62c-301e-0046-3b94-020d04000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8255ac2d1a523154-MAD
expires: Tue, 14 Nov 2023 08:33:54 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 117ms
42ms Script
application/javascript 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b1fc966c38b12c845f9fd8bdb76027106b776783fd44eeed917663942b5fd16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 13 Nov 2023 08:33:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: R1P6TtSHAQZyvOSI/KawHw==
age: 41120
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6821
x-ms-lease-status: unlocked
last-modified: Thu, 09 Nov 2023 14:41:49 GMT
server: cloudflare
etag: 0x8DBE13201873ECE
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 615f4d5d-701e-0057-437a-1397b0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8255ac2d1a4d3154-MAD

GET
H2 200 init-2064lnzuhipo9z2sh857.js Show response
api.fouanalytics.com/api/ 407 B
791 B 278ms
201ms Script
text/javascript 2606:4700:e6::ac40:c926
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.fouanalytics.com/api/init-2064lnzuhipo9z2sh857.js
Requested by: Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c926 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 069d6b23604e81133c9d18fdd0b5e7a058ba373ccd8dbbc469cd879fb842e90a

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Nov 2023 08:33:55 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gIoYb8BuZwU3rbR5hchMgV4BnEQwPd%2Bsa1WpGsvZJmO8lWJsVZBxrYWfqgB2bbcR0C8OHnuVsDZObg%2FbtLEFO6MCQOQ%2FNbm6TG5NdbE%2F71sg5BBC6%2Bce%2F%2FTywuokd8TTnzd069grcGfGcWZe%2FcXML7camw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
cf-ray: 8255ac2fdd04216c-MAD
alt-svc: h3=":443"; ma=86400
expires: 0

GET
H/1.1 200
OK laurie-iacono.png
www.kroll.com/-/media/kroll-images/headshots/ 3 KB
4 KB 147ms
127ms Image
image/webp 2606:4700:4400::ac40:9077
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.kroll.com/-/media/kroll-images/headshots/laurie-iacono.png?extension=webp&h=160&w=140&la=en&hash=1F2D6F6134403CD197910EA78470299F

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9077 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b36d65d88f8cc5df880d031c6cd169dd7380dd4575c0458258d33cb8f9e929fc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://duffandphelps.360learning.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Mon, 13 Nov 2023 08:33:54 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: frame-ancestors 'self' https://duffandphelps.360learning.com
Age: 33406
Content-Disposition: inline; filename="laurie-iacono.webp"
Connection: keep-alive
Content-Length: 3376
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:f515b5ec-281f-4c24-812a-8e2c3ab458b3
Referrer-Policy: strict-origin
Last-Modified: Tue, 09 Aug 2022 08:30:50 GMT
Server: cloudflare
ETag: 88771477ae57415e9b8f7dda1121428a
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: image/webp
Cache-Control: public, max-age=604800,public
Permissions-Policy: accelerometer=(self), camera=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), payment=(self), usb=(self)
Accept-Ranges: bytes
CF-Ray: 8255ac2dfad08681-MAD

GET
H/1.1 200
OK keith-wojcieszek.png
www.kroll.com/-/media/kroll-images/headshots/ 2 KB
3 KB 678ms
612ms Image
image/webp 2606:4700:4400::ac40:9077
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.kroll.com/-/media/kroll-images/headshots/keith-wojcieszek.png?extension=webp&h=160&w=140&la=en&hash=0568506401342294A6AC578F2A4A3A2C

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9077 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e52d545c37b23d072065b241819d89d1d7d90e37e3803bbd1f0d7167db8e1e1e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://duffandphelps.360learning.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Mon, 13 Nov 2023 08:33:55 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: frame-ancestors 'self' https://duffandphelps.360learning.com
Content-Disposition: inline; filename="keith-wojcieszek.webp"
Connection: keep-alive
Content-Length: 2298
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:f515b5ec-281f-4c24-812a-8e2c3ab458b3
Referrer-Policy: strict-origin
Last-Modified: Tue, 09 Aug 2022 08:34:03 GMT
Server: cloudflare
ETag: bbe26a88121a4589a1c5425c56770b15
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: image/webp
Cache-Control: public, max-age=604800,public
Permissions-Policy: accelerometer=(self), camera=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), payment=(self), usb=(self)
Accept-Ranges: bytes
CF-Ray: 8255ac2e3e8766ad-MAD

GET
H/1.1 200
OK george-glass.png
www.kroll.com/-/media/kroll-images/headshots/ 2 KB
3 KB 590ms
590ms Image
image/webp 2606:4700:4400::ac40:9077
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.kroll.com/-/media/kroll-images/headshots/george-glass.png?extension=webp&h=160&w=140&la=en&hash=899D56948EC27F08E2B344477C2A5589

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9077 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb21402f02a2230dbac7a070676aea242b1b21bcad7750aba7fe5b00036e4dff

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://duffandphelps.360learning.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Mon, 13 Nov 2023 08:33:55 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: frame-ancestors 'self' https://duffandphelps.360learning.com
Content-Disposition: inline; filename="george-glass.webp"
Connection: keep-alive
Content-Length: 2210
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:f515b5ec-281f-4c24-812a-8e2c3ab458b3
Referrer-Policy: strict-origin
Last-Modified: Tue, 25 Jul 2023 12:12:47 GMT
Server: cloudflare
ETag: f4df8c8387a240d1a6990da1142d066f
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: image/webp
Cache-Control: public, max-age=604800,public
Permissions-Policy: accelerometer=(self), camera=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), payment=(self), usb=(self)
Accept-Ranges: bytes
CF-Ray: 8255ac2ecc0a8681-MAD

GET
H/1.1 200
OK black-basta-technical-analysis-infographic.svg
www.kroll.com/-/media/kroll-images/insights/ 392 KB
50 KB 850ms
849ms Image
image/svg+xml 2606:4700:4400::ac40:9077
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.kroll.com/-/media/kroll-images/insights/black-basta-technical-analysis-infographic.svg?h=95%25&w=95%25&extension=webp&hash=450E51DA924E0E6C8ED6080408752E3D

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9077 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b67d8a7196d2c8e7690ce92ecab019fc5a3b196b967e2e4d381ac444eabc49eb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://duffandphelps.360learning.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Mon, 13 Nov 2023 08:33:55 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
Content-Encoding: br
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: frame-ancestors 'self' https://duffandphelps.360learning.com
Transfer-Encoding: chunked
Content-Disposition: inline; filename="black-basta-technical-analysis-infographic.svg"
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:f515b5ec-281f-4c24-812a-8e2c3ab458b3
Referrer-Policy: strict-origin
Last-Modified: Mon, 23 Jan 2023 12:19:24 GMT
Server: cloudflare
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: public, max-age=604800,public
Permissions-Policy: accelerometer=(self), camera=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), payment=(self), usb=(self)
CF-Ray: 8255ac2f68112f81-MAD

GET
H/1.1 200
OK black-basta-technical-analysis-figure-13.svg
www.kroll.com/-/media/kroll-images/insights/ 70 KB
50 KB 742ms
741ms Image
image/svg+xml 2606:4700:4400::ac40:9077
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.kroll.com/-/media/kroll-images/insights/black-basta-technical-analysis-figure-13.svg?h=70%25&w=70%25&extension=webp&hash=CEF59C6557B8CC124382BC17468661FF

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9077 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e916490bb9ed4ac38f81a5e98a5adbf156164db79e231aae6f03151f3fa2c8be

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://duffandphelps.360learning.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Mon, 13 Nov 2023 08:33:55 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
Content-Encoding: br
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: frame-ancestors 'self' https://duffandphelps.360learning.com
Transfer-Encoding: chunked
Content-Disposition: inline; filename="black-basta-technical-analysis-figure-13.svg"
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:f515b5ec-281f-4c24-812a-8e2c3ab458b3
Referrer-Policy: strict-origin
Last-Modified: Fri, 20 Jan 2023 14:54:52 GMT
Server: cloudflare
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: public, max-age=604800,public
Permissions-Policy: accelerometer=(self), camera=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), payment=(self), usb=(self)
CF-Ray: 8255ac2f6c481bb9-MAD

GET
H/1.1 200
OK black-basta-technical-analysis-figure-14.svg
www.kroll.com/-/media/kroll-images/insights/ 71 KB
51 KB 751ms
750ms Image
image/svg+xml 2606:4700:4400::ac40:9077
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.kroll.com/-/media/kroll-images/insights/black-basta-technical-analysis-figure-14.svg?h=70%25&w=70%25&extension=webp&hash=712F817ACE298922E224E919A38806D2

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9077 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fffd4db45c723bcea19c18cfc7217169cacaf03b09c63743b7d924d53fd4987e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://duffandphelps.360learning.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Mon, 13 Nov 2023 08:33:55 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
Content-Encoding: br
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: frame-ancestors 'self' https://duffandphelps.360learning.com
Transfer-Encoding: chunked
Content-Disposition: inline; filename="black-basta-technical-analysis-figure-14.svg"
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:f515b5ec-281f-4c24-812a-8e2c3ab458b3
Referrer-Policy: strict-origin
Last-Modified: Fri, 20 Jan 2023 14:56:36 GMT
Server: cloudflare
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: public, max-age=604800,public
Permissions-Policy: accelerometer=(self), camera=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), payment=(self), usb=(self)
CF-Ray: 8255ac300a05665f-MAD

GET
H2 200 p.css
p.typekit.net/ 5 B
173 B 220ms
64ms Stylesheet
text/css 2a02:26f0:780::210:a469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=pmd7cky&ht=tk&f=28901.40484.40485.40486.40487.40488.40490.40492.40494&a=91935826&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/pmd7cky.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:780::210:a469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://use.typekit.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 08:33:55 GMT
last-modified: Fri, 23 Jun 2023 17:09:47 GMT
server: nginx
etag: "6495d1db-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H/1.1 200
OK email-decode.min.js Show response
www.kroll.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 106ms
39ms Script
application/javascript 2606:4700:4400::ac40:9077
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kroll.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9077 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Mon, 13 Nov 2023 08:33:55 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Wed, 08 Nov 2023 16:16:02 GMT
Server: cloudflare
Content-Encoding: gzip
ETag: W/"654bb442-4d7"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
X-Frame-Options: DENY
Cache-Control: max-age=172800, public
Connection: keep-alive
CF-RAY: 8255ac2fc98c665f-MAD
Expires: Wed, 15 Nov 2023 08:33:55 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ 993 B
2 KB 208ms
77ms Script
text/javascript 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/videojs-youtube/3.0.0/Youtube.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5819e09af544ac958e7f95887e5a777a4eaa4d1636a3c71681fc015489c1b289

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 08:33:55 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script';report-uri /cspreport
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=es for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: text/javascript; charset=utf-8
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Mon, 13 Nov 2023 08:33:55 GMT

GET
H2 200 db8fa0ce-73a5-4e3f-9b55-60b230386b60.json Show response
cdn.cookielaw.org/consent/db8fa0ce-73a5-4e3f-9b55-60b230386b60/ 5 KB
2 KB 130ms
67ms XHR
application/x-javascript 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/db8fa0ce-73a5-4e3f-9b55-60b230386b60/db8fa0ce-73a5-4e3f-9b55-60b230386b60.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5e18a0fbe7092633b642bcdc066e4095fdf7f5f641eee191691a058fcd06f22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 13 Nov 2023 08:33:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 47141
content-md5: ZC3yP8+9rT7tJAvQwONyxA==
content-length: 1627
x-ms-lease-status: unlocked
last-modified: Thu, 19 Oct 2023 14:02:40 GMT
server: cloudflare
etag: 0x8DBD0AC0EFCBDD3
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 6b0bcdcb-301e-00a2-6c94-02039a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8255ac2fca952f92-MAD
expires: Tue, 14 Nov 2023 08:33:55 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 504 KB
116 KB 283ms
134ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PWHXW75

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5fdecc5eca903404b76767a3eb697b18bc207ebb45ee37050f51f8678f420d97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 08:33:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 118825
x-xss-protection: 0
last-modified: Mon, 13 Nov 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 13 Nov 2023 08:33:55 GMT

GET
H2 200 studio-analytics.js Show response
static.searchstax.com/studio-js/v3/js/ 9 KB
3 KB 273ms
57ms Script
application/javascript 2600:9000:2156:7a00:1e:d7b:ca80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.searchstax.com/studio-js/v3/js/studio-analytics.js
Requested by: Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:7a00:1e:d7b:ca80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e273f97d09c191727b7b31e33582f5ae140b698f4f782aac6d6453535e4cb0dd

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 03:45:44 GMT
content-encoding: gzip
via: 1.1 b83a899c16a2f53127e152fe5fc783a4.cloudfront.net (CloudFront)
last-modified: Thu, 26 Oct 2023 14:11:09 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
age: 17693
x-amz-server-side-encryption: AES256
etag: W/"591b5f5c717e29909cb75830414e0828"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: T3LN9qB5ASNtrp6coTqbqDzG0YmD7xRfYhZZIV_Jl2Lx12ZXFeZDUA==

GET
H2 200 l
use.typekit.net/af/ff2f63/00000000000000007735b8ff/30/ 22 KB
23 KB 204ms
65ms Font
application/font-woff2 2a02:26f0:7100::1720:ef23
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/ff2f63/00000000000000007735b8ff/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/pmd7cky.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::1720:ef23 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 308a9c476c3561fadda0e17654698bd328ee9f4cd743f6a714a784e217ec0b7b

Request headers

Referer: https://use.typekit.net/pmd7cky.css
Origin: https://www.kroll.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 08:33:55 GMT
server: nginx
etag: "575f27d0430e8d1712e555d32fac51d3e2d0419a"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 22944

GET
H2 200 l
use.typekit.net/af/cc6127/00000000000000007735b904/30/ 22 KB
22 KB 276ms
137ms Font
application/font-woff2 2a02:26f0:7100::1720:ef23
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/cc6127/00000000000000007735b904/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n8&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/pmd7cky.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::1720:ef23 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 8b3d63582f102c09b0569a1c48c09cbfdd5379138c2284db554f52a4a005a46f

Request headers

Referer: https://use.typekit.net/pmd7cky.css
Origin: https://www.kroll.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 08:33:55 GMT
server: nginx
etag: "a75b36b43118707b7b5c1ffadc4989706090b88e"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 22608

GET
H2 200 l
use.typekit.net/af/0fa94e/00000000000000007735a098/30/ 20 KB
20 KB 269ms
130ms Font
application/font-woff2 2a02:26f0:7100::1720:ef23
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/0fa94e/00000000000000007735a098/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/pmd7cky.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::1720:ef23 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 4d612da165bfae98c86fde27c80b48ee65eabc425f8d2c916f6dca0e09fe02b3

Request headers

Referer: https://use.typekit.net/pmd7cky.css
Origin: https://www.kroll.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 08:33:55 GMT
server: nginx
etag: "e6cdd128d302fc151cf53e279ed70d832b77d2aa"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 20024

GET
H2 200 l
use.typekit.net/af/42930b/00000000000000007735b8f6/30/ 22 KB
22 KB 211ms
73ms Font
application/font-woff2 2a02:26f0:7100::1720:ef23
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/42930b/00000000000000007735b8f6/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/pmd7cky.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::1720:ef23 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: d15c48611b9c47c0e2f62ccde572a3925911ee9bbbbd47a2f686d294594d07fb

Request headers

Referer: https://use.typekit.net/pmd7cky.css
Origin: https://www.kroll.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 08:33:55 GMT
server: nginx
etag: "eded4f04a82d452a8cbdbd77cbfeb2827dc8164b"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 22596

GET
H2 200 l
use.typekit.net/af/7ac87a/00000000000000007735b8f0/30/ 22 KB
22 KB 191ms
81ms Font
application/font-woff2 2a02:26f0:7100::1720:ef23
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/7ac87a/00000000000000007735b8f0/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/pmd7cky.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::1720:ef23 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: ef4dfeb8629df21ab8939a77ed8c83a0cd69142b66e3bf2d94f1c1284092c40d

Request headers

Referer: https://use.typekit.net/pmd7cky.css
Origin: https://www.kroll.com
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 08:33:55 GMT
server: nginx
etag: "0e49eef4170a0f869d093451710f6ed87674d9c1"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 22388

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 67 B
313 B 126ms
51ms XHR
application/json 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ccfd8491a4f2101549ea6031091edc3616340f714216323f1f604f674749239

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.kroll.com/
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 08:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 8255ac30bcf62184-MAD
access-control-allow-headers: Content-Type

GET
H2 200 www-widgetapi.js Show response
www.youtube.com/s/player/5bdfe6d5/www-widgetapi.vflset/ 215 KB
67 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/5bdfe6d5/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9038b214671cc27ffba2fc60ffdcd0850e355af61fc303049f5b2a42397111da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 06:41:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6723
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68298
x-xss-protection: 0
last-modified: Wed, 08 Nov 2023 02:48:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 12 Nov 2024 06:41:52 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202310.1.0/ 426 KB
103 KB 41ms
41ms Script
application/javascript 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202310.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

feeb83e3a11fb74465e062a5081f1f6f573ef66197f218a3a86447fefe3166f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 13 Nov 2023 08:33:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 1/fYiRcAkidM+2Rc1fEXtg==
age: 19953
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 104832
x-ms-lease-status: unlocked
last-modified: Thu, 26 Oct 2023 03:35:14 GMT
server: cloudflare
etag: 0x8DBD5D490C850BD
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: e7356784-101e-0051-37a0-0ba40f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8255ac3128653154-MAD

GET
H/1.1 200
OK globalsearch Show response
www.kroll.com/api/duff/search/ 1 KB
1 KB 513ms
512ms Fetch
application/json 2606:4700:4400::ac40:9077
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kroll.com/api/duff/search/globalsearch?websiteName=kroll&language=en

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/assets/js/main-new.js?070920230524

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9077 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

64a2d7289458f9142d8ce41ed91bd6fff9d96156132fe1ffd140757844aa16f5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://duffandphelps.360learning.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Mon, 13 Nov 2023 08:33:55 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Content-Encoding: br
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: frame-ancestors 'self' https://duffandphelps.360learning.com
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:f515b5ec-281f-4c24-812a-8e2c3ab458b3
Pragma: no-cache
Referrer-Policy: strict-origin
Server: cloudflare
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Cache-Control: no-cache, no-store,public
Permissions-Policy: accelerometer=(self), camera=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), payment=(self), usb=(self)
CF-Ray: 8255ac315fa83153-MAD
Expires: -1

GET
H/1.1 200
OK globalsearch Show response
www.kroll.com/api/duff/search/ 1 KB
1 KB 673ms
560ms Fetch
application/json 2606:4700:4400::ac40:9077
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kroll.com/api/duff/search/globalsearch?websiteName=kroll&language=en

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/assets/js/main-new.js?070920230524

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9077 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

64a2d7289458f9142d8ce41ed91bd6fff9d96156132fe1ffd140757844aa16f5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://duffandphelps.360learning.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Mon, 13 Nov 2023 08:33:56 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Content-Encoding: br
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: frame-ancestors 'self' https://duffandphelps.360learning.com
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:f515b5ec-281f-4c24-812a-8e2c3ab458b3
Pragma: no-cache
Referrer-Policy: strict-origin
Server: cloudflare
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Cache-Control: no-cache, no-store,public
Permissions-Policy: accelerometer=(self), camera=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), payment=(self), usb=(self)
CF-Ray: 8255ac321d9866ad-MAD
Expires: -1

GET
H/1.1 200
OK / Show response
api.ipify.org/ 23 B
223 B 581ms
190ms XHR
application/json 104.237.62.212
WEBNX

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.237.62.212 El Segundo, United States, ASN18450 (WEBNX, US),
Reverse DNS: api.ipify.org
Software: nginx/1.25.2 /
Resource Hash: b5a9f964f659fe78a4329e4066326a737e740c476d23d05d6d7e10ee9ac24d14

Request headers

Accept: */*
Referer: https://www.kroll.com/
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 13 Nov 2023 08:33:55 GMT
Server: nginx/1.25.2
Connection: keep-alive
Content-Length: 23
Vary: Origin
Content-Type: application/json

GET
H2 200 pp.js Show response
api.fouanalytics.com/s/ 15 KB
6 KB 40ms
39ms Script
text/javascript 2606:4700:e6::ac40:c926
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.fouanalytics.com/s/pp.js
Requested by: Host: api.fouanalytics.com
URL: https://api.fouanalytics.com/api/init-2064lnzuhipo9z2sh857.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c926 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9d1aa0febc6ecc7c89d33e056750bcf288264dd8b853078544b3b16b9a12b6e6

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 08:33:55 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 19689
etag: W/"65492dc5-3d35"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EZzYbB5TP8IQKfofticefAIQGoR2PjkWhS6WF%2FaOmbI3dg7A4Bq83qZ4Je3lA3b0VyIJDhYkIzL%2B10k2ILvzLkyu3Z55dDy8wPrCUOqc8SoNw04xU11SvdNsyC2h6ZLLsurTFspa7gZY6FEV8dpRpcNhGw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=86400
cf-ray: 8255ac31a855216c-MAD
alt-svc: h3=":443"; ma=86400

GET
H2 200 aidem.js Show response
api.b2c.com/s/ 67 B
516 B 130ms
41ms Script
text/plain 2606:4700:20::ac43:44a1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.b2c.com/s/aidem.js
Requested by: Host: api.fouanalytics.com
URL: https://api.fouanalytics.com/api/init-2064lnzuhipo9z2sh857.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:44a1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9bbe095448faa3e88683fef0bf1bcc6085c960fe68d927806885d91651c0c8b7

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 08:33:55 GMT
cf-cache-status: HIT
last-modified: Sun, 12 Nov 2023 20:09:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 44646
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p1MwGzcNfCoxtq1j%2FzbH950bB2MbMGdP7Pim5Zc6aQymS7mdPUSZdPyv1m3nE177IwVZFemT%2BSpvfw%2FtNB%2B0AAGPfWsvyHcnjYyt9Mp%2BlNVhOxXA4anc0XOnczY9ofs4R98mEtynvWX9"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=86400
accept-ranges: bytes
cf-ray: 8255ac323daa60cf-MAD
content-length: 67

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/db8fa0ce-73a5-4e3f-9b55-60b230386b60/d87195ba-5a5c-4435-a0e1-498daa2d26df/ 111 KB
22 KB 68ms
68ms Fetch
application/x-javascript 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/db8fa0ce-73a5-4e3f-9b55-60b230386b60/d87195ba-5a5c-4435-a0e1-498daa2d26df/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202310.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

064fdf6fc52eb08000461bedb5a5210e3dbe1cc3c95ce9bac278a71912dee949

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 13 Nov 2023 08:33:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 65754
content-md5: p7JTLCefC1ZdX7/Y4nR1IQ==
content-length: 22196
x-ms-lease-status: unlocked
last-modified: Thu, 19 Oct 2023 14:02:49 GMT
server: cloudflare
etag: 0x8DBD0AC1479BAD4
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 1fcfa6ce-501e-0050-2995-02fbd3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8255ac31cdda2f92-MAD
expires: Tue, 14 Nov 2023 08:33:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 272 KB
90 KB 84ms
83ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-S0E5692XKD&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PWHXW75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4a3ab4e36c9ed29b95ce36e4f7662205684e4d941db7f75c6bf80cb9831c161f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 08:33:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92216
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 13 Nov 2023 08:33:55 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 202ms
84ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PWHXW75

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Mon, 13 Nov 2023 08:33:55 GMT
last-modified: Fri, 10 Nov 2023 20:09:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 399BA0AF26B945969AC087D83A96FE83 Ref B: MAD30EDGE0414 Ref C: 2023-11-13T08:33:55Z
etag: "80abcdf1114da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13175

GET
H2

200

web-vitals.iife.js Show response
unpkg.com/web-vitals@3.5.0/dist/
Redirect Chain

https://unpkg.com/web-vitals/dist/web-vitals.iife.js
https://unpkg.com/web-vitals@3.5.0/dist/web-vitals.iife.js

7 KB
3 KB

45ms
45ms

Script
application/javascript

2606:4700::6810:7aaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/web-vitals@3.5.0/dist/web-vitals.iife.js

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

Server

2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7688a97a3cf3ee4a4f04f8b3596ca5c89d63f4e57280907e688dcdd8dd52b49f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 08:33:55 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 1041089
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HE4W65X4X9DGXMKWVR2JH4EE-mad
server: cloudflare
etag: W/"1c0d-zW8RvTlYH7YAF4tIT+4z8RfNaCg"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8255ac335a672fa3-MAD

Redirect headers

date: Mon, 13 Nov 2023 08:33:55 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
fly-request-id: 01HF3WYMYA6K05P23HH8Z83X56-mad
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 99
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /web-vitals@3.5.0/dist/web-vitals.iife.js
cache-control: public, s-maxage=600, max-age=60
cf-ray: 8255ac32f9af2fa3-MAD

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 12 KB
4 KB 211ms
63ms Script
application/javascript 2a02:26f0:7100::213:c60b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PWHXW75

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::213:c60b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c6d603c605c9e07062ffeba7c47a81e19c4f8c05604c6474371f4ad8b654c758

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 08:33:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 08 Nov 2023 07:18:39 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=38599
accept-ranges: bytes
content-length: 3840

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
54 KB 179ms
56ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 13 Nov 2023 08:33:55 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: oGDSgejlMcN+0vzSxtrxPDMa9GeXUP/Z7fiNac+F4StsZRgvpbA4aJ84duIgkvdFa2BJTgZlfCtqqFOeuE+vYQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 122ms
32ms Script
text/javascript 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PWHXW75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 13 Nov 2023 07:20:26 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 4409
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 13 Nov 2023 09:20:26 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202310.1.0/assets/ 13 KB
3 KB 55ms
53ms Fetch
application/json 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202310.1.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202310.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 13 Nov 2023 08:33:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: gA7tJXNyGFicHKODkM9Iaw==
age: 65754
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3017
x-ms-lease-status: unlocked
last-modified: Thu, 26 Oct 2023 03:35:07 GMT
server: cloudflare
etag: 0x8DBD5D48CFC97D7
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 455aaec5-f01e-0082-3b14-08783d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8255ac334fff2f92-MAD

GET
H2 200 otPcTab.json Show response
cdn.cookielaw.org/scripttemplates/202310.1.0/assets/v2/ 63 KB
14 KB 45ms
44ms Fetch
application/json 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202310.1.0/assets/v2/otPcTab.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202310.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8f71867a6991d5a1ba2b9cd33000e8d8691f6ba8864516946b62087de93aa85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 13 Nov 2023 08:33:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Mt5VYaL9Mm+9OznjR6m8jw==
age: 65753
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 13595
x-ms-lease-status: unlocked
last-modified: Thu, 26 Oct 2023 03:35:10 GMT
server: cloudflare
etag: 0x8DBD5D48E860A3F
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 61945a05-701e-009c-12be-0b94e5000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8255ac3348012f92-MAD

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202310.1.0/assets/ 21 KB
4 KB 45ms
45ms Fetch
text/css 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202310.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202310.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 13 Nov 2023 08:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: c7xAZ9MSGAobGaTYg/Qtag==
age: 80536
x-ms-lease-status: unlocked
last-modified: Thu, 26 Oct 2023 03:35:19 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 67920cae-001e-0062-6a15-08fba4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8255ac3348042f92-MAD

GET
H2 200 redirect.gif
fa.aidemsrv.com/api/ 44 B
745 B 318ms
233ms Image
image/gif 2606:4700::6811:2c5d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://fa.aidemsrv.com/api/redirect.gif?6FwdevTTyXKon8cM
Requested by: Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:2c5d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 039a8bb6d736466063dde3c2a80d71d54456a7875cb1654263058bc69c1c042d

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Nov 2023 08:33:56 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0cDI1Q%2BOQ3yI50jsf2FHHm6Ck0tRsNa1qS7ENHYNFU9MOwUvpih5rmbmEwVLQBWBj9EAg58TjSeJ0usBYtRF%2BH05yKkpsfpssEjXrDLObPYGde6FgUAmWOr0WGV4O%2FtGnCoYRBGENxGjQC3XIA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
cf-ray: 8255ac33dc1f1bbf-MAD
alt-svc: h3=":443"; ma=86400
expires: 0

GET
H/1.1 200
OK ot_close
learn.kroll.com/-/media/kroll-images/aboutus/images/ 854 B
1 KB 128ms
49ms Image
image/svg+xml 2606:4700:4400::6812:2b89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://learn.kroll.com/-/media/kroll-images/aboutus/images/ot_close

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2b89 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88158137f0bd3e348d6d208070e5b0176fb2e06f53847dbf849ae86632444dd0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://duffandphelps.360learning.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Mon, 13 Nov 2023 08:33:55 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://duffandphelps.360learning.com
CF-Cache-Status: HIT
X-Permitted-Cross-Domain-Policies: none
Age: 331796
Transfer-Encoding: chunked
Content-Encoding: br
Content-Disposition: inline; filename="ot_close.svg"
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:f515b5ec-281f-4c24-812a-8e2c3ab458b3
Referrer-Policy: strict-origin
Last-Modified: Thu, 19 Oct 2023 12:43:03 GMT
Server: cloudflare
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: public, max-age=511315,public
Permissions-Policy: accelerometer=(self), camera=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), payment=(self), usb=(self)
CF-RAY: 8255ac3459ad8684-MAD

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
490 B 42ms
41ms Fetch
image/svg+xml 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202310.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 13 Nov 2023 08:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 80536
x-ms-lease-status: unlocked
last-modified: Thu, 09 Nov 2023 14:41:55 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 785914b6-001e-0096-48a9-133052000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8255ac33e8db2f92-MAD

GET
H2 200 Kroll.png
cdn.cookielaw.org/logos/0453826c-66bd-4b22-8370-04eafb384ea3/db8fa0ce-73a5-4e3f-9b55-60b230386b60/cfc094b9-8d06-43f4-ba32-1d34cd6a668d/ 12 KB
12 KB 60ms
59ms Image
image/png 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/0453826c-66bd-4b22-8370-04eafb384ea3/db8fa0ce-73a5-4e3f-9b55-60b230386b60/cfc094b9-8d06-43f4-ba32-1d34cd6a668d/Kroll.png

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74bfd6cab6c8204b1b9a82df0724714101b96af65bc74df3ed192c10471e3323

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 13 Nov 2023 08:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: /pX6N7rNfVMyKKEcFftBrQ==
age: 48229
content-length: 12029
x-ms-lease-status: unlocked
last-modified: Mon, 24 Jan 2022 12:37:00 GMT
server: cloudflare
etag: 0x8D9DF36377B5B26
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: e9d17057-a01e-0036-60a2-0bb4f3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8255ac33fcd93154-MAD

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 49ms
49ms Image
image/svg+xml 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 13 Nov 2023 08:33:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 10792
x-ms-lease-status: unlocked
last-modified: Thu, 09 Nov 2023 14:41:56 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 6e028cbf-401e-0001-7189-13665f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8255ac33fcdd3154-MAD

POST
H3 200 x
api.fouanalytics.com/api/ 0
455 B 206ms
206ms Ping
text/plain 2606:4700:e6::ac40:c926
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.fouanalytics.com/api/x
Requested by: Host: api.fouanalytics.com
URL: https://api.fouanalytics.com/s/pp.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e6::ac40:c926 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.kroll.com/
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 13 Nov 2023 08:33:56 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
access-control-allow-methods: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RrlCUE6yUfAfIw%2B%2BhA6689qEoLSTXqbOWIHETpKWs%2BIO90govCDImKWXhyAfnu2YetWwUMPkKyLQtBRDnpYp6qarYqnlWM2il9kIzwaeXUh3jjEj%2BjJiv%2BHaEWTtHKjbkSjRpjJ%2F6R46NIFWxp2zR11RsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 8255ac340e7e5e4d-MAD
alt-svc: h3=":443"; ma=86400
priority: u=4,i

POST
H2 204 collect
region1.analytics.google.com/g/ 0
245 B 142ms
55ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-S0E5692XKD&gtm=45je3b81v882864807z879996530&_p=1699864435081&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1948947918.1699864436&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1699864435&sct=1&seg=0&dl=https%3A%2F%2Fwww.kroll.com%2Fen%2Finsights%2Fpublications%2Fcyber%2Fblack-basta-technical-analysis&dt=Black%20Basta%20%E2%80%93%20Technical%20Analysis%20%7C%20Kroll&en=page_view&_fv=1&_nsi=1&_ss=1&ep.tag_name=GA4%20-%20Configuration&ep.gtm_container_and_version_id=GTM-PWHXW75%3B%20Version%20ID%3A%20270&ep.hit_timestamp=2023-11-13%20Time%3A%2008%3A33%3A55.654%20%2B00%3A00&tfd=2089
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S0E5692XKD&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Nov 2023 08:33:56 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kroll.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
48 B 165ms
55ms Ping
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-S0E5692XKD&cid=1948947918.1699864436&gtm=45je3b81v882864807z879996530&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S0E5692XKD&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Nov 2023 08:33:56 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kroll.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.es/ads/ 42 B
409 B 236ms
84ms Image
image/gif 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.es/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-S0E5692XKD&cid=1948947918.1699864436&gtm=45je3b81v882864807z879996530&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=610059724

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Nov 2023 08:33:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
209 B 53ms
51ms XHR
text/plain 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1929162620&t=pageview&_s=1&dl=https%3A%2F%2Fwww.kroll.com%2Fen%2Finsights%2Fpublications%2Fcyber%2Fblack-basta-technical-analysis&ul=en-us&de=UTF-8&dt=Black%20Basta%20%E2%80%93%20Technical%20Analysis%20%7C%20Kroll&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDACEABBAAAACAEK~&jid=852338769&gjid=476871353&cid=1948947918.1699864436&tid=UA-7299730-1&_gid=1812520026.1699864436&_r=1&_slc=1&gtm=45He3b81n81PWHXW75v79996530&cd5=1699864435675.q4v10we&cd6=2023-11-13%20Time%3A%2008%3A33%3A55.675%20%2B00%3A00&cd8=&cd9=GTM-PWHXW75%3B%20version%20ID%3A%20270&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cd4=1948947918.1699864436&cd7=pageview&z=1001777116

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kroll.com/
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 13 Nov 2023 08:33:55 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kroll.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 insight.beta.min.js Show response
snap.licdn.com/li.lms-analytics/ 41 KB
15 KB 63ms
63ms Script
application/javascript 2a02:26f0:7100::213:c60b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.beta.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::213:c60b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f1affc5a4519444738495286362e833214d11646998cd2d5ece5e4de75cd8b8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 08:33:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 08 Nov 2023 07:18:40 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=38775
accept-ranges: bytes
content-length: 15307

GET
H2 204 56180571.js Show response
bat.bing.com/p/action/ 0
118 B 83ms
83ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/56180571.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Mon, 13 Nov 2023 08:33:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3E57297771B844218FB45F5DE48AE021 Ref B: MAD30EDGE0414 Ref C: 2023-11-13T08:33:55Z
x-cache: CONFIG_NOCACHE

GET
H2 200 1043474835687043 Show response
connect.facebook.net/signals/config/ 115 KB
31 KB 127ms
126ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1043474835687043?v=2.9.138&r=stable&domain=www.kroll.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

bc27799a9d16d9e304532ad2ca1c1da97d90b43845c7d3169fa9b0854ee92f28

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 13 Nov 2023 08:33:56 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: gqVAErywbQqgBJm1K8429OWTpuH0LsaBF+uQKumDbwZWA87fgqEiMScGT7+RtWo8MGo4CnD0JZWdQrhRcQPFNQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
349 B 74ms
54ms XHR
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-7299730-1&cid=1948947918.1699864436&jid=852338769&gjid=476871353&_gid=1812520026.1699864436&_u=YCDACEAABAAAACAEK~&z=1641766814

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

94dcf5556e059d9e35d347a9fdd7c295ec5d8001d8c00693dfc2a7d18f9fb0f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kroll.com/
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 13 Nov 2023 08:33:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kroll.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK getipdata Show response
www.kroll.com/api/duff/navigation/ 37 B
928 B 307ms
306ms XHR
application/json 2606:4700:4400::ac40:9077
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kroll.com/api/duff/navigation/getipdata?res=146.70.128.171

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9077 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b76475ac3f2d498187d44ad29759e6e61263d3695ae5a8781ad388d99148564

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://duffandphelps.360learning.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.kroll.com/
X-Requested-With: XMLHttpRequest
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Mon, 13 Nov 2023 08:33:56 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Content-Encoding: br
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: frame-ancestors 'self' https://duffandphelps.360learning.com
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:f515b5ec-281f-4c24-812a-8e2c3ab458b3
Pragma: no-cache
Referrer-Policy: strict-origin
Server: cloudflare
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Cache-Control: no-cache, no-store,public
Permissions-Policy: accelerometer=(self), camera=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), payment=(self), usb=(self)
CF-Ray: 8255ac351aa3665f-MAD
Expires: -1

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=654419&time=1699864436031&url=https%3A%2F%2Fwww.kroll.com%2Fen%2Finsights%2Fpublications%2Fcyber%2Fblack-basta-technical-analysis
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=654419&time=1699864436031&url=https%3A%2F%2Fwww.kroll.com%2Fen%2Finsights%2Fpublications%2Fcyber%2Fblack-basta-technical-analysis&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D654419%26time%3D1699864436031%26url%3Dhttps%253A%252F%252Fwww.kroll.com%252Fen%25...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=654419&time=1699864436031&url=https%3A%2F%2Fwww.kroll.com%2Fen%2Finsights%2Fpublications%2Fcyber%2Fblack-basta-technical-analysis&cookiesTest=true...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=654419&time=1699864436031&url=https%3A%2F%2Fwww.kroll.com%2Fen%2Finsights%2Fpublications%2Fcyber%2Fblack-basta-technical-analysis&cookiesTest=tru...

0
267 B

373ms
234ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=654419&time=1699864436031&url=https%3A%2F%2Fwww.kroll.com%2Fen%2Finsights%2Fpublications%2Fcyber%2Fblack-basta-technical-analysis&cookiesTest=true&liSync=true&e_ipv6=AQJO8NwEeM33hQAAAYvH0ODlv7HeMtQHccr6XkgxM1vIe5m8-OBvzjcilfchTJ8psBFLcw
Requested by: Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 08:33:56 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 75B649A2850143BD8BF28B5C30617EB6 Ref B: MAD30EDGE0821 Ref C: 2023-11-13T08:33:57Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYKBIf0CjxxN/fP3NfDRQ==

Redirect headers

date: Mon, 13 Nov 2023 08:33:56 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 5C1EE4F5588E40C3A34F01FCCE030C45 Ref B: MAD30EDGE0720 Ref C: 2023-11-13T08:33:56Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=654419&time=1699864436031&url=https%3A%2F%2Fwww.kroll.com%2Fen%2Finsights%2Fpublications%2Fcyber%2Fblack-basta-technical-analysis&cookiesTest=true&liSync=true&e_ipv6=AQJO8NwEeM33hQAAAYvH0ODlv7HeMtQHccr6XkgxM1vIe5m8-OBvzjcilfchTJ8psBFLcw
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYKBIfuZZUQBzO0/wbMog==

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
409 B 189ms
70ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-7299730-1&cid=1948947918.1699864436&jid=852338769&_u=YCDACEAABAAAACAEK~&z=281849563

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Nov 2023 08:33:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.es/ads/ 42 B
108 B 85ms
84ms Image
image/gif 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.es/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-7299730-1&cid=1948947918.1699864436&jid=852338769&_u=YCDACEAABAAAACAEK~&z=281849563

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Nov 2023 08:33:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
186 B 169ms
56ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1043474835687043&ev=PageView&dl=https%3A%2F%2Fwww.kroll.com&rl=&if=false&ts=1699864436142&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4124&fbp=fb.1.1699864436140.1676943655&pm=1&hrl=921c77&ler=empty&it=1699864435988&coo=false&cs_cc=1&cas=2294165197339826&rqm=GET

Requested by

Host: www.kroll.com
URL: https://www.kroll.com/en/insights/publications/cyber/black-basta-technical-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 13 Nov 2023 08:33:56 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
195 B 232ms
232ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.kroll.com/
accept-language: es-ES,es;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 13 Nov 2023 08:33:57 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 6F6DB4512A5A4E0BA2FBB6126361DF82 Ref B: MAD30EDGE0720 Ref C: 2023-11-13T08:33:57Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
access-control-allow-origin: https://www.kroll.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYKBIf3sfrjcxZbMTm8gg==

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 32ms
32ms Image
image/gif 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1929162620&t=timing&_s=2&dl=https%3A%2F%2Fwww.kroll.com%2Fen%2Finsights%2Fpublications%2Fcyber%2Fblack-basta-technical-analysis&ul=en-us&de=UTF-8&dt=Black%20Basta%20%E2%80%93%20Technical%20Analysis%20%7C%20Kroll&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=3648&pdt=294&dns=0&rrt=0&srt=709&tcp=68&dit=1407&clt=1598&_gst=1861&_gbt=2115&_u=YCDACEABBAAAACAEK~&jid=&gjid=&cid=1948947918.1699864436&tid=UA-7299730-1&_gid=1812520026.1699864436&gtm=45He3b81n81PWHXW75v79996530&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=938198573

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: es-ES,es;q=0.9
Referer: https://www.kroll.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Nov 2023 01:35:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 25098
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

164 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

26 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.kroll.com/en	1970-01-21 00:56:40	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Mon+Nov+13+2023+08%3A33%3A55+GMT%2B0000+(Western+European+Standard+Time)&version=202310.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=babc3195-8e0c-47ba-abea-54afb5a066c1&interactionCount=0&landingPath=https%3A%2F%2Fwww.kroll.com%2Fen%2Finsights%2Fpublications%2Fcyber%2Fblack-basta-technical-analysis&groups=C0001%3A1%2CC0003%3A1%2CC0002%3A0%2CC0004%3A0
www.kroll.com/	1969-12-31 23:59:59	Name: kroll#lang Value: en
www.kroll.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: spt3hhw5ukfxaxe1lb5ewldd
.www.kroll.com/	1969-12-31 23:59:59	Name: ARRAffinity Value: 42606c7a1b146730aae96bce3f0dcd8aab72db1f2cfe44b26f0358bf15dcd4c5
.www.kroll.com/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: 42606c7a1b146730aae96bce3f0dcd8aab72db1f2cfe44b26f0358bf15dcd4c5
.kroll.com/	1970-01-20 16:11:06	Name: __cf_bm Value: QkIFAmpGFwEEi7vhf9Zz.XNol.jkjVGHE3CO3fas2BA-1699864434-0-AZTGlHzN8C/cWEtvslNLf7nBvy78+DwY+EjtayMjMFQLUKthSy6QC7kvUS866MYIW7btb4Qyfr4PSbTCCHFPuK8=
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: l5sAdJor1Pg
.youtube.com/	1970-01-20 20:30:16	Name: VISITOR_INFO1_LIVE Value: uzSP84D9hxg
www.kroll.com/	1970-01-20 16:11:08	Name: searchcookie Value: hMfdd8NdGfEOxBiZ1QKsZew4m
.kroll.com/	1970-01-20 18:20:40	Name: _gcl_au Value: 1.1.2038800000.1699864436
.kroll.com/	1970-01-21 01:47:04	Name: _ga Value: GA1.2.1948947918.1699864436
.kroll.com/	1970-01-20 16:12:30	Name: _gid Value: GA1.2.1812520026.1699864436
.kroll.com/	1970-01-20 16:11:04	Name: _gat_UA-7299730-1 Value: 1
.kroll.com/	1970-01-20 16:12:30	Name: _uetsid Value: 623a092081ff11eebf8a5b9960e86698
.kroll.com/	1970-01-21 01:32:40	Name: _uetvid Value: 623a2fa081ff11ee8ed71f762d70b823
.aidemsrv.com/	1970-01-20 16:11:06	Name: __cf_bm Value: xNFgI3A6Wll3a4AEGuEFLH2WCP5PBbE.e2CnugobSCU-1699864436-0-Aa+HN36FVIF8GC0g+tWeKWFgO9GWonxprjucxWWBV6rlVrHWE8JmDSKNjC6gEOb7JptY4uXcVrYo8FqDl/FNW7E=
.kroll.com/	1970-01-20 18:20:40	Name: _fbp Value: fb.1.1699864436140.1676943655
.linkedin.com/	1970-01-20 18:20:40	Name: li_sugr Value: e22f29e2-90bf-4078-a1b0-db8f8694cc50
.linkedin.com/	1970-01-21 00:56:40	Name: bcookie Value: "v=2&e416bdb0-ffa1-48b3-847b-638091acf6a2"
.linkedin.com/	1970-01-20 16:12:30	Name: lidc Value: "b=OGST07:s=O:r=O:a=O:p=O:g=2679:u=1:x=1:i=1699864436:t=1699950836:v=2:sig=AQEhwp2QGJgFrvEEUt3ZeE7VlLSRgDRY"
.linkedin.com/	1970-01-20 16:54:16	Name: UserMatchHistory Value: AQJMZv99FzzvSgAAAYvH0N8O_fpM_d6qE8aSNtt3djIdsM5PzONVQTRSbOeKlbpcMnpoN6YBhE-Ehg
.linkedin.com/	1970-01-20 16:54:16	Name: AnalyticsSyncHistory Value: AQL2R9b4rXFN7QAAAYvH0N8OF7CoJRtUGN-n1s6Li7VrFEbOuOoAS4YPASLfG8mr6ITLFKfouHNqTSShXUDDCA
.www.linkedin.com/	1970-01-21 00:56:40	Name: bscookie Value: "v=1&20231113083356893d99b0-ed5d-4a45-8543-dd94ba3a279aAQGU1XOR2YO0wWATAGxB2M_E7FKu6EHT"
.linkedin.com/	1970-01-20 20:30:16	Name: li_gc Value: MTswOzE2OTk4NjQ0MzY7MjswMjE3kMB2fWAU5Q2ZGuAstHHEuf8OVErviTSCPlqDljhXbA==
.kroll.com/	1970-01-21 01:47:04	Name: _ga_S0E5692XKD Value: GS1.1.1699864435.1.0.1699864437.58.0.0
www.kroll.com/	1970-01-21 01:32:40	Name: hasNoConsentForAnalytics Value: true

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://duffandphelps.360learning.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.b2c.com
api.fouanalytics.com
api.ipify.org
bat.bing.com
cdn.cookielaw.org
cdnjs.cloudflare.com
connect.facebook.net
fa.aidemsrv.com
geolocation.onetrust.com
learn.kroll.com
p.typekit.net
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
snap.licdn.com
static.searchstax.com
stats.g.doubleclick.net
unpkg.com
use.typekit.net
vjs.zencdn.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.es
www.googletagmanager.com
www.kroll.com
www.linkedin.com
www.youtube.com
104.237.62.212
13.107.42.14
2001:4860:4802:34::36
2001:4860:4802:36::178
2600:9000:2156:7a00:1e:d7b:ca80:93a1
2606:4700:20::ac43:44a1
2606:4700:4400::6812:2b89
2606:4700:4400::ac40:9077
2606:4700:4400::ac40:9b77
2606:4700::6810:7aaf
2606:4700::6811:190e
2606:4700::6811:2c5d
2606:4700::6812:82ec
2606:4700:e6::ac40:c926
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:811::2003
2a00:1450:4001:81c::2004
2a00:1450:4001:81c::200e
2a00:1450:4001:828::2008
2a00:1450:400c:c0c::9d
2a02:26f0:7100::1720:ef23
2a02:26f0:7100::213:c60b
2a02:26f0:780::210:a469
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
2a04:4e42::729
039a8bb6d736466063dde3c2a80d71d54456a7875cb1654263058bc69c1c042d
064fdf6fc52eb08000461bedb5a5210e3dbe1cc3c95ce9bac278a71912dee949
069d6b23604e81133c9d18fdd0b5e7a058ba373ccd8dbbc469cd879fb842e90a
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
267075198f02b0e104cb67bbcf6350fa6d594550818debb49a2fc0809a4c33e0
308a9c476c3561fadda0e17654698bd328ee9f4cd743f6a714a784e217ec0b7b
3ccfd8491a4f2101549ea6031091edc3616340f714216323f1f604f674749239
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
4a3ab4e36c9ed29b95ce36e4f7662205684e4d941db7f75c6bf80cb9831c161f
4d612da165bfae98c86fde27c80b48ee65eabc425f8d2c916f6dca0e09fe02b3
5819e09af544ac958e7f95887e5a777a4eaa4d1636a3c71681fc015489c1b289
5b76475ac3f2d498187d44ad29759e6e61263d3695ae5a8781ad388d99148564
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
5eb9cd3dc4b6a969f45cf83d05c3bc3b4d896fdfc1e2a8873084ac62482bca60
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
5fdecc5eca903404b76767a3eb697b18bc207ebb45ee37050f51f8678f420d97
61cc855be8d8c7a1f983036ee68a1bd120ae48064ebd4bf2f0ee4dd575e000ee
64a2d7289458f9142d8ce41ed91bd6fff9d96156132fe1ffd140757844aa16f5
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6b1fc966c38b12c845f9fd8bdb76027106b776783fd44eeed917663942b5fd16
74bfd6cab6c8204b1b9a82df0724714101b96af65bc74df3ed192c10471e3323
7688a97a3cf3ee4a4f04f8b3596ca5c89d63f4e57280907e688dcdd8dd52b49f
7e92c5fcf177fb7d35d4a4561faa9d6763dad9df06c3dbb14c8a74454bcd717f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
88158137f0bd3e348d6d208070e5b0176fb2e06f53847dbf849ae86632444dd0
8b3d63582f102c09b0569a1c48c09cbfdd5379138c2284db554f52a4a005a46f
8e9971b2d9d8bd45440bccb8441b519b98bce4dcc29c01db94d966d909f433ed
9038b214671cc27ffba2fc60ffdcd0850e355af61fc303049f5b2a42397111da
94dcf5556e059d9e35d347a9fdd7c295ec5d8001d8c00693dfc2a7d18f9fb0f3
9bbe095448faa3e88683fef0bf1bcc6085c960fe68d927806885d91651c0c8b7
9d1aa0febc6ecc7c89d33e056750bcf288264dd8b853078544b3b16b9a12b6e6
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b36d65d88f8cc5df880d031c6cd169dd7380dd4575c0458258d33cb8f9e929fc
b5a9f964f659fe78a4329e4066326a737e740c476d23d05d6d7e10ee9ac24d14
b67d8a7196d2c8e7690ce92ecab019fc5a3b196b967e2e4d381ac444eabc49eb
bc27799a9d16d9e304532ad2ca1c1da97d90b43845c7d3169fa9b0854ee92f28
c6d603c605c9e07062ffeba7c47a81e19c4f8c05604c6474371f4ad8b654c758
cc750c08daf05ff9ca63e8b0faab0c1646be5bc706fd52eb23e256e0be53799f
d15c48611b9c47c0e2f62ccde572a3925911ee9bbbbd47a2f686d294594d07fb
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
dc7e603e4934e82bfb83acf5e448dbbe8e91326cfaaeab3b47e11ff2f0078d76
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e273f97d09c191727b7b31e33582f5ae140b698f4f782aac6d6453535e4cb0dd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e52d545c37b23d072065b241819d89d1d7d90e37e3803bbd1f0d7167db8e1e1e
e8f71867a6991d5a1ba2b9cd33000e8d8691f6ba8864516946b62087de93aa85
e916490bb9ed4ac38f81a5e98a5adbf156164db79e231aae6f03151f3fa2c8be
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
eb21402f02a2230dbac7a070676aea242b1b21bcad7750aba7fe5b00036e4dff
ebe8dc4b16c090303bd55b9b24c185e8bfee559ce9e21a2a0f7b1f3068287749
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef4dfeb8629df21ab8939a77ed8c83a0cd69142b66e3bf2d94f1c1284092c40d
f1affc5a4519444738495286362e833214d11646998cd2d5ece5e4de75cd8b8e
f5e18a0fbe7092633b642bcdc066e4095fdf7f5f641eee191691a058fcd06f22
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f92c103734d0e349e776ee5fc47c61fb21cb735fec2b7344af0cb61cdc418118
feeb83e3a11fb74465e062a5081f1f6f573ef66197f218a3a86447fefe3166f6
fffd4db45c723bcea19c18cfc7217169cacaf03b09c63743b7d924d53fd4987e

www.kroll.com Open in urlscan Pro 2606:4700:4400::ac40:9077 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

68 Requests

96 %HTTPS

93 %IPv6

23 Domains

28 Subdomains

27 IPs

3 Countries

1370 kBTransfer

5066 kBSize

26 Cookies

15 Outgoing links

Redirected requests

68 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.kroll.com Open in urlscan Pro
2606:4700:4400::ac40:9077 Public Scan

Screenshot
Live screenshot

Full Image

68
Requests

96 %
HTTPS

93 %
IPv6

23
Domains

28
Subdomains

27
IPs

3
Countries

1370 kB
Transfer

5066 kB
Size

26
Cookies

68 HTTP transactions
0 data transactions