www.cybereason.com Open in urlscan Pro
45.60.64.106 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.cybereason.com/blog/royal-ransomware-analysis
Submission: On May 03 via api (May 3rd 2023, 8:11:55 pm UTC) from IN — Scanned from DE

Summary HTTP 251 Redirects Links 36 Behaviour Indicators

Summary

This website contacted 52 IPs in 4 countries across 44 domains to perform 251 HTTP transactions. The main IP is 45.60.64.106, located in United States and belongs to INCAPSULA, US. The main domain is www.cybereason.com. The Cisco Umbrella rank of the primary domain is 776459.
TLS certificate: Issued by GeoTrust RSA CA 2018 on April 13th 2023. Valid for: a year.

This is the only time www.cybereason.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
32	45.60.64.106 45.60.64.106	19551 (INCAPSULA) (INCAPSULA)
22	2606:4700::68... 2606:4700::6812:ccc9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
9	2a02:26f0:350... 2a02:26f0:3500:16::215:148f	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
10	2606:4700::68... 2606:4700::6813:bc61	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a02:26f0:350... 2a02:26f0:3500:16::215:148d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:4400::6812:2b9e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	146.75.116.157 146.75.116.157	54113 (FASTLY) (FASTLY)
2	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:826e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:8bce	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:18c4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:1495	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	104.244.42.136 104.244.42.136	13414 (TWITTER) (TWITTER)
5	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c0b::9b	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
1 5	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	18.66.97.49 18.66.97.49	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:650c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:883b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:d9f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.244.142.80 35.244.142.80	15169 (GOOGLE) (GOOGLE)
4	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
69	18.66.112.118 18.66.112.118	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:200... 2a04:4e42:200::622	54113 (FASTLY) (FASTLY)
1	13.32.27.69 13.32.27.69	16509 (AMAZON-02) (AMAZON-02)
1	108.138.7.8 108.138.7.8	16509 (AMAZON-02) (AMAZON-02)
1	52.222.236.122 52.222.236.122	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:20e... 2600:9000:20eb:fc00:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
6 6	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2001:4860:480... 2001:4860:4802:36::36	15169 (GOOGLE) (GOOGLE)
1	34.96.71.22 34.96.71.22	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2	18.66.97.57 18.66.97.57	16509 (AMAZON-02) (AMAZON-02)
1 2	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
1	2600:1f18:612... 2600:1f18:612b:4232:ccf8:7954:61b3:e7d6	14618 (AMAZON-AES) (AMAZON-AES)
1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	35.156.172.173 35.156.172.173	16509 (AMAZON-02) (AMAZON-02)
2 2	185.89.210.180 185.89.210.180	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	54.147.21.139 54.147.21.139	14618 (AMAZON-AES) (AMAZON-AES)
1	2a04:4e42:8e:... 2a04:4e42:8e::720	54113 (FASTLY) (FASTLY)
251	52

32 45.60.64.106 (United States)

ASN19551 (INCAPSULA, US)

www.cybereason.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2606:4700::6812:ccc9 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a02:26f0:3500:16::215:148f (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700::6813:bc61 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:16::215:148d (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2b9e (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 146.75.116.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:826e (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:8bce (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:18c4 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:1495 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.136 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0b::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-49.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:650c (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:883b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:d9f (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.142.80 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 80.142.244.35.bc.googleusercontent.com

cdn.pdst.fm	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

69 18.66.112.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-118.fra56.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::622 (United States)

ASN54113 (FASTLY, US)

fast.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.69 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-69.fra56.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.7.8 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-8.fra56.r.cloudfront.net

px.airpr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.236.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-122.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:20eb:fc00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:1ec:21::14 (United States) 6 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:36::36 (United States)

ASN15169 (GOOGLE, US)

us-central1-adaptive-growth.cloudfunctions.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.71.22 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 22.71.96.34.bc.googleusercontent.com

s.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.97.57 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-57.fra56.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.80.39.216 (Canada) 1 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4232:ccf8:7954:61b3:e7d6 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.156.172.173 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-172-173.eu-central-1.compute.amazonaws.com

dpx.airpr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.210.180 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 54.147.21.139 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-147-21-139.compute-1.amazonaws.com

bootstrap.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
customer.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
metrics.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
event.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
targeting.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
flow.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:8e::720 (United States)

ASN54113 (FASTLY, US)

driftt.imgix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
69	driftt.com js.driftt.com — Cisco Umbrella Rank: 5211	851 KB
32	cybereason.com www.cybereason.com — Cisco Umbrella Rank: 776459	3 MB
22	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 7695	69 KB
14	drift.com bootstrap.api.drift.com — Cisco Umbrella Rank: 6124 customer.api.drift.com — Cisco Umbrella Rank: 6825 metrics.api.drift.com — Cisco Umbrella Rank: 5997 event.api.drift.com — Cisco Umbrella Rank: 6659 targeting.api.drift.com — Cisco Umbrella Rank: 6355 flow.api.drift.com — Cisco Umbrella Rank: 11469	11 KB
10	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 361	158 KB
10	typekit.net use.typekit.net — Cisco Umbrella Rank: 432 p.typekit.net — Cisco Umbrella Rank: 559	142 KB
9	linkedin.com 6 redirects platform.linkedin.com — Cisco Umbrella Rank: 3224 px.ads.linkedin.com — Cisco Umbrella Rank: 347 www.linkedin.com — Cisco Umbrella Rank: 594 px4.ads.linkedin.com — Cisco Umbrella Rank: 6148	166 KB
7	google.com 1 redirects region1.analytics.google.com — Cisco Umbrella Rank: 4365 www.google.com — Cisco Umbrella Rank: 2	1 KB
7	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2587 www.google-analytics.com — Cisco Umbrella Rank: 30	21 KB
6	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 74 googleads.g.doubleclick.net — Cisco Umbrella Rank: 34 10272547.fls.doubleclick.net Failed 10428681.fls.doubleclick.net Failed	5 KB
5	google.de www.google.de — Cisco Umbrella Rank: 6386	885 B
5	gstatic.com fonts.gstatic.com	132 KB
5	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 328 fonts.googleapis.com — Cisco Umbrella Rank: 37	36 KB
4	mathtag.com pixel.mathtag.com — Cisco Umbrella Rank: 987	4 KB
3	company-target.com s.company-target.com — Cisco Umbrella Rank: 1559 api.company-target.com — Cisco Umbrella Rank: 3227	3 KB
3	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 830	1 KB
3	airpr.com 1 redirects px.airpr.com — Cisco Umbrella Rank: 16045 dpx.airpr.com — Cisco Umbrella Rank: 12748	3 KB
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 14492 ibc-flow.techtarget.com — Cisco Umbrella Rank: 18915	2 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 335	13 KB
3	hubspot.com app.hubspot.com — Cisco Umbrella Rank: 5209 track.hubspot.com — Cisco Umbrella Rank: 2158 forms.hubspot.com — Cisco Umbrella Rank: 4222	3 KB
3	twitter.com platform.twitter.com — Cisco Umbrella Rank: 805 syndication.twitter.com — Cisco Umbrella Rank: 1119 analytics.twitter.com Failed	131 KB
2	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 406	2 KB
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 523	2 KB
2	cloudfunctions.net us-central1-adaptive-growth.cloudfunctions.net — Cisco Umbrella Rank: 2361
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 638 script.hotjar.com — Cisco Umbrella Rank: 870	72 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 150	89 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 200	11 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 48	185 KB
1	imgix.net driftt.imgix.net — Cisco Umbrella Rank: 14726	17 KB
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 318	239 B
1	tremorhub.com partners.tremorhub.com — Cisco Umbrella Rank: 1052	393 B
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 641	98 B
1	demandbase.com tag.demandbase.com — Cisco Umbrella Rank: 4077	20 KB
1	wistia.com fast.wistia.com — Cisco Umbrella Rank: 3446	117 KB
1	pdst.fm cdn.pdst.fm — Cisco Umbrella Rank: 2342	6 KB
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2253	898 B
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 4288	2 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 736	5 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 654	15 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2039	64 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2027	21 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 4056	87 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 580	303 B
0	t.co Failed t.co Failed
251	44

	Domain	Requested by
69	js.driftt.com	www.cybereason.com js.driftt.com
32	www.cybereason.com	www.cybereason.com cdn2.hubspot.net
22	cdn2.hubspot.net	www.cybereason.com
10	cdn.cookielaw.org	www.cybereason.com cdn.cookielaw.org
9	use.typekit.net	www.cybereason.com
5	www.google.com	1 redirects www.cybereason.com
5	www.google.de	www.cybereason.com
5	www.google-analytics.com	www.cybereason.com www.google-analytics.com
5	fonts.gstatic.com	fonts.googleapis.com
4	targeting.api.drift.com	js.driftt.com
4	px.ads.linkedin.com	4 redirects
4	pixel.mathtag.com	www.googletagmanager.com pixel.mathtag.com www.cybereason.com
4	googleads.g.doubleclick.net	www.cybereason.com www.googletagmanager.com
4	fonts.googleapis.com	www.cybereason.com cdn2.hubspot.net
3	cdn.linkedin.oribi.io	snap.licdn.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.cybereason.com
2	flow.api.drift.com	js.driftt.com
2	event.api.drift.com	js.driftt.com
2	metrics.api.drift.com	js.driftt.com
2	customer.api.drift.com	js.driftt.com
2	bootstrap.api.drift.com	js.driftt.com
2	secure.adnxs.com	2 redirects
2	dpx.airpr.com	1 redirects
2	dsum-sec.casalemedia.com	1 redirects s.company-target.com
2	api.company-target.com	tag.demandbase.com js.driftt.com
2	us-central1-adaptive-growth.cloudfunctions.net	cdn.pdst.fm
2	ibc-flow.techtarget.com	trk.techtarget.com
2	px4.ads.linkedin.com	www.cybereason.com
2	www.linkedin.com	2 redirects
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	region1.analytics.google.com	www.googletagmanager.com
2	region1.google-analytics.com	www.googletagmanager.com
2	platform.twitter.com	www.cybereason.com platform.twitter.com
2	connect.facebook.net	www.cybereason.com connect.facebook.net
2	cdnjs.cloudflare.com	www.cybereason.com cdn2.hubspot.net
2	www.googletagmanager.com	www.cybereason.com
1	driftt.imgix.net
1	forms.hubspot.com	js.hsleadflows.net
1	track.hubspot.com
1	pixel.rubiconproject.com	s.company-target.com
1	partners.tremorhub.com	s.company-target.com
1	id.rlcdn.com	www.cybereason.com
1	s.company-target.com	tag.demandbase.com
1	script.hotjar.com	static.hotjar.com
1	px.airpr.com	www.cybereason.com
1	tag.demandbase.com	www.cybereason.com
1	fast.wistia.com	www.googletagmanager.com
1	cdn.pdst.fm	www.cybereason.com
1	trk.techtarget.com	www.cybereason.com
1	js.hs-scripts.com	www.googletagmanager.com
1	ws.zoominfo.com	www.cybereason.com
1	snap.licdn.com	www.googletagmanager.com
1	static.hotjar.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	syndication.twitter.com	platform.twitter.com
1	p.typekit.net	www.cybereason.com
1	js.hs-banner.com	www.cybereason.com
1	js.hs-analytics.net	www.cybereason.com
1	js.hsleadflows.net	www.cybereason.com
1	app.hubspot.com	www.cybereason.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	platform.linkedin.com	www.cybereason.com
1	ajax.googleapis.com	www.cybereason.com
0	analytics.twitter.com Failed	www.cybereason.com
0	t.co Failed	www.cybereason.com
0	10428681.fls.doubleclick.net Failed	www.googletagmanager.com
0	10272547.fls.doubleclick.net Failed	www.googletagmanager.com
251	67

This site contains links to these domains. Also see Links.

Domain
www.bleepingcomputer.com
twitter.com
www.microsoft.com
blog.bushidotoken.net
cybernews.com
ieeexplore.ieee.org
chuongdong.com
github.com
www.esecurityplanet.com
www.youtube.com
attack.mitre.org
www.facebook.com
www.linkedin.com
www.instagram.com
cookiepedia.co.uk
www.onetrust.com

Subject Issuer	Validity	Valid
*.cybereason.com GeoTrust RSA CA 2018	`2023-04-13` - `2024-05-08`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2023-04-06` - `2024-04-05`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
use.typekit.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-14` - `2023-10-15`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2022-06-09` - `2023-06-09`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-12-13` - `2023-12-13`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-02-10` - `2023-05-11`	3 months	crt.sh
platform.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-21` - `2023-08-21`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
syndication.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2023-02-16` - `2023-08-16`	6 months	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2023-04-04` - `2024-04-03`	a year	crt.sh
cdn.pdst.fm GTS CA 1D4	`2023-03-28` - `2023-06-26`	3 months	crt.sh
pixel.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-05` - `2023-07-05`	a year	crt.sh
drift.com Amazon RSA 2048 M02	`2023-03-01` - `2023-09-21`	7 months	crt.sh
fast.wistia.com GlobalSign Atlas R3 DV TLS CA 2022 Q3	`2022-09-28` - `2023-10-30`	a year	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2022-08-17` - `2023-09-18`	a year	crt.sh
*.airpr.com Amazon RSA 2048 M02	`2023-02-21` - `2023-12-07`	10 months	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-02-24` - `2023-08-06`	5 months	crt.sh
www.google.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2023-04-03` - `2023-07-03`	3 months	crt.sh
misc.google.com GTS CA 1C3	`2023-04-17` - `2023-07-10`	3 months	crt.sh
*.company-target.com R3	`2023-04-19` - `2023-07-18`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-02` - `2024-03-03`	a year	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2022-09-16` - `2023-10-18`	a year	crt.sh
*.tremorhub.com Amazon RSA 2048 M01	`2023-02-22` - `2024-03-23`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
*.imgix.com GlobalSign Atlas R3 DV TLS CA 2023 Q1	`2023-03-05` - `2024-04-05`	a year	crt.sh

This page contains 8 frames:

Primary Page: https://www.cybereason.com/blog/royal-ransomware-analysis
Frame ID: 8E600B2D0EAD4E6CF3085C6E3ACACBE2
Requests: 157 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.cybereason.com
Frame ID: 0536ECF7B00E641945C245D5F0C2AC5D
Requests: 2 HTTP requests in this frame

Frame: https://10272547.fls.doubleclick.net/activityi;src=10272547;type=landing;cat=allsite;ord=2043388878265;gtm=45He3510;gcs=G111;auiddc=1803308819.1683144710;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
Frame ID: 6FD13389DF94C6F4472316CB4C95E35D
Requests: 1 HTTP requests in this frame

Frame: https://10428681.fls.doubleclick.net/activityi;src=10428681;type=cyber0;cat=cyber0;ord=5113950580559;gtm=45He3510;gcs=G111;auiddc=1803308819.1683144710;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
Frame ID: 9C851B12F72C6DC10DB50ABE46F54F67
Requests: 1 HTTP requests in this frame

Frame: https://s.company-target.com/s/sync?exc=lr
Frame ID: FF343630ADC9FF3517E94EB595FD12D1
Requests: 4 HTTP requests in this frame

Frame: https://pixel.mathtag.com/sync/iframe?mt_uuid=857a6452-c005-4400-9d72-bc38abb888e7&no_iframe=1&mt_adid=241675&source=mathtag
Frame ID: DC2D79EBBBE501783E2DC2A804E29DF4
Requests: 2 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
Frame ID: A0D50F4F3E3D0A2A8218F0A52D59AADE
Requests: 42 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
Frame ID: 2EEE19F547AF1A21785514A997630183
Requests: 36 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

(1) New Messages!Back ButtonSearch IconFilter Icon

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Imperva (Security) Expand

Overall confidence: 100%
Detected patterns

/_Incapsula_Resource

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

251
Requests

95 %
HTTPS

62 %
IPv6

44
Domains

67
Subdomains

52
IPs

4
Countries

5293 kB
Transfer

11441 kB
Size

51
Cookies

36 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bleepingcomputer.com/news/security/new-royal-ransomware-emerges-in-multi-million-dollar-attacks/
Title: utilized

Search URL Search Domain Scan URL

URL: https://twitter.com/ido_cohen2/status/1599404888617758721?t=AasRHMIDIIunfLRi4TEuiA&s=31
Title: reported

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-us/security/blog/2022/11/17/dev-0569-finds-new-ways-to-deliver-royal-ransomware-various-payloads/
Title: reportedly

Search URL Search Domain Scan URL

URL: https://blog.bushidotoken.net/2022/11/the-continuity-of-conti.html
Title: Qbot

Search URL Search Domain Scan URL

URL: https://cybernews.com/news/silverstone-formula-one-ransomware/
Title: Silverstone Circuit

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/callback-phishing-attacks-evolve-their-social-engineering-tactics/
Title: callback phishing

Search URL Search Domain Scan URL

URL: https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9895237
Title: Conti

Search URL Search Domain Scan URL

URL: https://chuongdong.com/reverse%20engineering/2021/01/03/BabukRansomware/
Title: Babuk

Search URL Search Domain Scan URL

URL: https://chuongdong.com/reverse%20engineering/2022/03/19/LockbitRansomware/
Title: Lockbit

Search URL Search Domain Scan URL

URL: https://github.com/struppigel/PortEx
Title: PortexAnalyzer

Search URL Search Domain Scan URL

URL: https://www.esecurityplanet.com/threats/ransomware-intermittent-encryption/
Title: partial encryption

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=GOswitXwSPI
Title: Variant Payload Prevention

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/tactics/TA0005
Title: TA0005

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1083/
Title: T1083

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/tactics/TA0007/
Title: TA0007

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1016/
Title: T1016

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1046/
Title: T1046

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1057/
Title: T1057

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1082/
Title: T1082

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/software/S0575/
Title: T1135

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/tactics/TA0040
Title: TA0040

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1486/
Title: T1486

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1489/
Title: T1489

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1490/
Title: T1490

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/tactics/TA0002/
Title: TA0002

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1059/
Title: T1059

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?original_referer=https://www.cybereason.com/blog/royal-ransomware-analysis&utm_medium=social&utm_source=twitter&url=https://www.cybereason.com/blog/royal-ransomware-analysis&utm_medium=social&utm_source=twitter&source=tweetbutton&text=

Search URL Search Domain Scan URL

URL: http://www.facebook.com/share.php?u=https://www.cybereason.com/blog/royal-ransomware-analysis&utm_medium=social&utm_source=facebook

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://www.cybereason.com/blog/royal-ransomware-analysis&utm_medium=social&utm_source=linkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Cybereason/

Search URL Search Domain Scan URL

URL: https://twitter.com/cybereason

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCOm7AaB0HiNH4Phe66sK0Ew

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cybereason

Search URL Search Domain Scan URL

URL: https://www.instagram.com/cybereason

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 104

https://www.google.com/pagead/landing?gcs=G111&gcd=G100&rnd=2168851.1683144710&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&gtm=45He3510n81TJVVB7C&auid=1803308819.1683144710 HTTP 302
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=G100&rnd=2168851.1683144710&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&gtm=45He3510n81TJVVB7C&auid=1803308819.1683144710

Request Chain 130

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1683144709789&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&tm=gtmv2 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3885972%252C72596%252C4030924%26time%3D1683144709789%26url%3Dhttps%253A%252F%252Fwww.cybereason.com%252Fblog%252Froyal-ransomware-analysis%26tm%3Dgtmv2%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1683144709789&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&tm=gtmv2&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1683144709789&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&tm=gtmv2&liSync=true&e_ipv6=AQIbF_ODj-MigwAAAYfjPhjjlWZQElaVfpZJ4-HITp6Bs7DJF53ti1BJXUoBg4d_puwjFQ_Y

Request Chain 133

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1683144709794&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&tm=gtmv2 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3885972%252C72596%252C4030924%26time%3D1683144709794%26url%3Dhttps%253A%252F%252Fwww.cybereason.com%252Fblog%252Froyal-ransomware-analysis%26tm%3Dgtmv2%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1683144709794&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&tm=gtmv2&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1683144709794&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&tm=gtmv2&liSync=true&e_ipv6=AQJ_eyd-Vqf3xgAAAYfjPhjbqEDHKqT9Wj_SF7ux8lColXY3R0nbXPpg8vn47di4sfDNr7pG

Request Chain 155

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1699042309&external_user_id=fb5dfaa2-f826-4695-a216-47686b466d60 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1699042309&external_user_id=fb5dfaa2-f826-4695-a216-47686b466d60&C=1

Request Chain 164

https://dpx.airpr.com/px?hostname=www.cybereason.com&profile=660386&ga_account_id=UA-56367941-1&ga_account_type=UA&ga_c=387688827.1683144709&an=true HTTP 302
https://secure.adnxs.com/getuid?https://dpx.airpr.com/anpx?adnxs_uid=$UID&airpr_id=5686181562 HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdpx.airpr.com%2Fanpx%3Fadnxs_uid%3D%24UID%26airpr_id%3D5686181562 HTTP 302
https://dpx.airpr.com/anpx?adnxs_uid=8777140370465426193&airpr_id=5686181562

251 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request royal-ransomware-analysis Show response
www.cybereason.com/blog/ 105 KB
23 KB 133ms
75ms Document
text/html 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.64.106 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

63ebb6a79c80af87ee400c639c1d203249db156b970705e93077cefa895f913d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	deny

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: s-maxage=10800, max-age=0
cf-ray: 7c1b27bbe9806d7d-MUC
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Wed, 03 May 2023 20:11:48 GMT
edge-cache-tag: CT-65264194600,CT-83456797486,CT-94353422598,CG-3354902,CG-5272851739,P-3354902,L-42870461961,CW-34473990280,CW-41681847227,CW-41682410610,CW-42867014566,CW-43300360745,CW-44252461159,CW-86933076631,E-34470223313,E-34470224480,E-34470477360,E-35275979682,E-35291999472,E-42363645447,E-42507089303,E-42507091846,E-42760289143,PGS-ALL,SW-0,B-5272851739,GC-36042052587
etag: W/"7a086c432317b224e3c4b069321d76fe"
last-modified: Tue, 02 May 2023 23:55:20 GMT
link: </hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XFYhFhbTNcjrYWHEzvrTUOVVFcMYqa0bTfglAZPvo0cAOaUYlh2OgHfQVagIRTMzUO5ITUmXjQpvrDHrADdBVq6Yj%2BueikpisybGdFnkOGF22NlcQXsc%2FlFydVdt6s5h3bGS3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-cdn: Imperva
x-frame-options: deny
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: HIT
x-hs-content-id: 94353422598
x-hs-https-only: worker
x-hs-hub-id: 3354902
x-hs-prerendered: Tue, 02 May 2023 23:55:20 GMT
x-iinfo: 13-11053967-11053971 NNNN CT(5 12 0) RT(1683144707468 13) q(0 0 1 0) r(1 1) U12

GET
H2 200 index.js Show response
www.cybereason.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 11 KB
4 KB 237ms
231ms Script
application/javascript 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:47 GMT
content-encoding: gzip
last-modified: Fri, 21 Apr 2023 15:17:56 GMT
x-cdn: Imperva
etag: W/"0bbd63c0750f141fd5cec04a9393647e"
content-type: application/javascript
x-iinfo: 13-11053967-0 0CNN RT(1683144707468 318) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=30482207, public
content-length: 4062
expires: Sat, 20 Apr 2024 15:28:34 GMT

GET
H2 200 project.js Show response
www.cybereason.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
736 B 253ms
248ms Script
application/javascript 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:47 GMT
content-encoding: gzip
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
x-cdn: Imperva
etag: W/"61ca66de658cab9587e4636894680d5d"
content-type: application/javascript
x-iinfo: 13-11053967-0 0CNN RT(1683144707468 335) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=26425744, public
content-length: 556
expires: Mon, 04 Mar 2024 16:40:51 GMT

GET
H2 200 module_41681847227_CR_-_Malicious_Life_Network_--_Tier_One_Header.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41681847227/1644941386203/ 3 KB
1 KB 128ms
87ms Stylesheet
text/css 2606:4700::6812:ccc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41681847227/1644941386203/module_41681847227_CR_-_Malicious_Life_Network_--_Tier_One_Header.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ccc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9cec59b071d9d61e74c42ac4db8d2815aaace7e51983afe2481c14b97f332258

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 25125
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
last-modified: Tue, 15 Feb 2022 16:09:47 GMT
server: cloudflare
etag: W/"38a0b2ad68cbd188720dcc11cc435ad6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1644941386203
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sygKUwU67wf1AwN9kONwKXn29n8ECR3z6gtga9%2FWwbszGloDkCGDYicmbIy4Z2xEX8jBIsHyM9b4Z7SMZMtnHq3wmOslsSHOOjzLy9lFoSBCi2LMpwQC1eDOgn81DzeVmcHjTgSli%2FxCR31lID8%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7c1b27bc7ba19c0d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12

GET
H2 200 module_41682410610_CR_-_Malicious_Life_Network_--_Main_Hero.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41682410610/1644941443237/ 6 KB
2 KB 125ms
84ms Stylesheet
text/css 2606:4700::6812:ccc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41682410610/1644941443237/module_41682410610_CR_-_Malicious_Life_Network_--_Main_Hero.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ccc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b6c9f9a48bd0a163671773a199c876dc64d66947d47ac509c95e29177046c9a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 197004
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Tue, 15 Feb 2022 16:10:44 GMT
server: cloudflare
etag: W/"af924b62631098b8dc817f28551a6908"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1644941443237
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CA576PH7oiIS4YHb1lv0u51yIXzx78tLzbzosSYBU2d9k2VulQxrBOKYn5gosPF1tF66OtSU4GhG%2FhUG1M6qpCkbYJiQWhmL3SEj2nI6YMaKgAYXHyT%2BbwuLoDjV2uUzHuhhQc0hv1MoKW6hNxA%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7c1b27bc8bb79c0d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_43300360745_CR_-_Malicious_Life_Network_--_Related_Posts.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/43300360745/1649424828375/ 1 KB
1 KB 137ms
96ms Stylesheet
text/css 2606:4700::6812:ccc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/43300360745/1649424828375/module_43300360745_CR_-_Malicious_Life_Network_--_Related_Posts.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ccc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f533e083f3d896349ecf4b75a3b17a2e5155b309318af9dc44965ce50c66a1dd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 148633
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-hs-alternate-content-type: text/plain
x-envoy-upstream-service-time: 114
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 14f6f1a1-b460-4504-89dd-6bf0a9dfc5c5
last-modified: Fri, 08 Apr 2022 13:33:49 GMT
server: cloudflare
etag: W/"65a7b4b8acda13ea823f6b3cd6887d8d"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1649424828375
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZCY%2BnQEp8qLWtg4c%2FnBz1%2BNK4ZMW55Yj0x7NUDRGFgPx9EMk8nNpqIiGYtG%2FslMC3%2Fd9xsIbDXlhqrrYzg4VxGa0ryifT%2FBJKEAr%2FttqIOe4hS54NMc6aTwH7J0CgyGXSqWJYF09cAsLGbo3wJ8%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-6db9d854cb-qmj5d
cf-ray: 7c1b27bc7ba39c0d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 module_86933076631_CR_-_Sticky_CTA_Bar.css
cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/1669911113479/ 2 KB
1 KB 117ms
76ms Stylesheet
text/css 2606:4700::6812:ccc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/1669911113479/module_86933076631_CR_-_Sticky_CTA_Bar.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ccc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a9e725bae41656623ccda8be25cbdd295ee1c73c8d3016023549a83c261a3ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 482195
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Thu, 01 Dec 2022 16:11:54 GMT
server: cloudflare
etag: W/"c21ee1fe9f984d7f96a03cbd5dffeba0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1669911113479
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=baf7jERtQhYyR%2FvbM7oFjni8lBRdICTLI%2Fg5WzH5Z8MNPWKbHjjMedJkY7ji2fXMflnCG85R8u7RZL1PYgjihf0VfwLJIrClHe1y3CWo2V1XkV27Ubyn%2FjJY46%2FdkrQCYWIB9uWflq5OvARqp5o%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7c1b27bc7ba29c0d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_34473990280_CR_-_Footer_Full__en_US.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/34473990280/1681829697586/ 3 KB
1 KB 116ms
75ms Stylesheet
text/css 2606:4700::6812:ccc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/34473990280/1681829697586/module_34473990280_CR_-_Footer_Full__en_US.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ccc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: abb03b2160dd9f75fa8eb557ca242d7cd93f159d53708c58f4d2887bd4f05ead

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1314444
x-amz-cf-pop: IAD12-P2
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
last-modified: Tue, 18 Apr 2023 14:54:58 GMT
server: cloudflare
etag: W/"2d832f69213af1582ea19a1326d20337"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681829697586
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ey17NY%2BuhjXDCPziYM71fEzm%2B%2BpgvRJ6czl7qjR6IJHBZWdUmlaOb8hWjBxYIXUm3wKikllfcuQkIaEbZ2G05bten4DyfSLv0qJUX2Tvd9ce9gebhGwFTFRe5Q6rn8BTUtiR0Y%2BjfnVr%2FkwYg6E%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7c1b27bc8ba49c0d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 250 KB
83 KB 143ms
55ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-PZ3FE06790

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d49cad6ca0bfed928157530516a0bd7401a16b4f1153e98b5d9cb7885caa4b13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 84669
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 03 May 2023 20:11:48 GMT

GET
H2 200 vyv2ljd.js Show response
use.typekit.net/ 19 KB
7 KB 33ms
7ms Script
text/javascript 2a02:26f0:3500:16::215:148f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/vyv2ljd.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

8d2ac98905612a732e98a0f57b7a72f8ddb8e3700f59ee0dca28f8535d4ba0fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Wed, 03 May 2023 20:11:48 GMT
server: nginx
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 6894

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
31 KB 118ms
36ms Script
text/javascript 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Tue, 02 May 2023 11:21:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 118195
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 May 2024 11:21:53 GMT

GET
H2 200 ionicons.eot
www.cybereason.com/hubfs/__dam/fonts/ 118 KB
68 KB 256ms
251ms Font
application/vnd.ms-fontobject 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hubfs/__dam/fonts/ionicons.eot
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: a4803d7bdeb478a5b9238fe74d8aaa98dafe2e8e68fccbd0e3f4dced823f27f0

Request headers

Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:47 GMT
content-encoding: gzip
last-modified: Fri, 25 Sep 2020 09:38:01 GMT
x-cdn: Imperva
etag: W/"2c2ae068be3b089e0a5b59abb1831550"
content-type: application/vnd.ms-fontobject
x-iinfo: 13-11053967-0 0CNN RT(1683144707468 339) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1759024, public
content-length: 68926
expires: Wed, 24 May 2023 04:48:51 GMT

GET
H2 200 Criteria-CF-Regular.woff2
www.cybereason.com/hubfs/dam/fonts/criteria/ 14 KB
14 KB 271ms
266ms Font
application/font-woff2 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hubfs/dam/fonts/criteria/Criteria-CF-Regular.woff2
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: fcba0ef5c17fd435aaa6cfac66375e7bfae52f5116b7a6e126c8b0f38b841613

Request headers

Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:47 GMT
last-modified: Thu, 13 Jan 2022 17:33:57 GMT
x-cdn: Imperva
etag: "8c4e317165d35f99602a1c625d63a040"
content-type: application/font-woff2
x-iinfo: 13-11053967-0 0CNN RT(1683144707468 342) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1759024, public
content-length: 14572
expires: Wed, 24 May 2023 04:48:51 GMT

GET
H2 200 Criteria-CF-Medium.woff2
www.cybereason.com/hubfs/dam/fonts/criteria/ 14 KB
15 KB 271ms
267ms Font
application/font-woff2 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hubfs/dam/fonts/criteria/Criteria-CF-Medium.woff2
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: f24560f5b81158a42b8d38ffe5795d9959eb2308ee6780ea912a6594bb999d1e

Request headers

Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:47 GMT
last-modified: Thu, 13 Jan 2022 17:33:57 GMT
x-cdn: Imperva
etag: "32457643e2ecf8bcf7fdba1110db901c"
content-type: application/font-woff2
x-iinfo: 13-11053967-0 0CNN RT(1683144707468 345) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1759024, public
content-length: 14772
expires: Wed, 24 May 2023 04:48:51 GMT

GET
H2 200 Peristyle-Black.woff2
www.cybereason.com/hubfs/dam/fonts/peristyle/ 14 KB
14 KB 271ms
267ms Font
application/font-woff2 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hubfs/dam/fonts/peristyle/Peristyle-Black.woff2
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 9d943fe5fde08d5b742d383b625031f75e3e89035369f2cde2778f4c6cf5c119

Request headers

Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:47 GMT
last-modified: Fri, 15 Oct 2021 16:32:36 GMT
x-cdn: Imperva
etag: "a17b2e1c032fa4a5eea1eeb1416eb385"
content-type: application/font-woff2
x-iinfo: 13-11053967-0 0CNN RT(1683144707468 353) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1759024, public
content-length: 14136
expires: Wed, 24 May 2023 04:48:51 GMT

GET
H2 200 OtAutoBlock.js Show response
cdn.cookielaw.org/consent/26b02624-42c7-456d-82c2-9669db762671/ 97 KB
13 KB 44ms
20ms Script
application/x-javascript 2606:4700::6813:bc61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/26b02624-42c7-456d-82c2-9669db762671/OtAutoBlock.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:bc61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

feff03ca165d052833b3a4dd4913360784cfd4db4f9a9c8bcf63430158fd83e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: d6NevSmTdJ3FawMjhK3i8A==
age: 50261
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12770
x-ms-lease-status: unlocked
last-modified: Wed, 14 Dec 2022 19:43:20 GMT
server: cloudflare
etag: 0x8DADE0B74530370
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: d3f55578-b01e-0088-28e1-5a603f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7c1b27bc6a8e35e2-FRA
expires: Thu, 04 May 2023 20:11:48 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 43ms
19ms Script
application/javascript 2606:4700::6813:bc61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:bc61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8d41783702d7bb7a7a9c548b151903859eb90a32d29eeaa3487a7937611a27f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: rpnZu/dYNZPLIh9pLOSMrg==
age: 54080
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6757
x-ms-lease-status: unlocked
last-modified: Tue, 02 May 2023 02:12:13 GMT
server: cloudflare
etag: 0x8DB4AB2A524751F
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f1d3cdb4-c01e-014f-4c2b-7d5aab000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7c1b27bc6a8f35e2-FRA

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
161 KB 45ms
8ms Script
text/javascript 2a02:26f0:3500:16::215:148d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:148d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Play /

Resource Hash

2aff416ebc64b78c9a8db2771b586167845b362ff431e1ba4257d4e68946fd44

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-cdn-client-ip-version: IPV6
x-cdn: AKAM
content-length: 163643
x-li-uuid: AAX6zxgP/iURmghSx+wIoA==
server: Play
x-li-pop: prod-lor1-x
vary: Accept-Encoding
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: text/javascript; charset=UTF-8
x-li-fabric: prod-lor1
cache-control: public, max-age=3600
x-li-proto: http/1.1
expires: Wed, 3 May 2023 20:30:52 GMT

GET
H2 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1683054480792/hubspot/hubspot_default/shared/responsive/ 4 KB
2 KB 67ms
27ms Stylesheet
text/css 2606:4700::6812:ccc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1683054480792/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ccc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 90079
x-amz-cf-pop: IAD12-P2
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 111
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 37f02470-e6d1-46f0-a5af-9834130954e6
last-modified: Tue, 02 May 2023 19:08:02 GMT
server: cloudflare
etag: W/"94daf62e7e6df83595c6251fb0c7c055"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1683054481901
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S3Zyatio7UtZL5yVIHdwVsrqlqO%2FiMYAKQS1OnqETendbP7rJ%2FPaQ62%2BDRrTjRZCif2DpuXLaeE20VbA2RdT4x%2FNQMczXkPkaOfLR%2BKCllWCIo28V3GKd3dXqiblLRMoFDQftVVZLJIKiNv3B%2BU%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-6db9d854cb-qmj5d
cf-ray: 7c1b27bc8ba99c0d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 cr-master__cta.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470223313/1655232518190/__CR_Web_Platform/CSS/ 3 KB
1 KB 125ms
86ms Stylesheet
text/css 2606:4700::6812:ccc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470223313/1655232518190/__CR_Web_Platform/CSS/cr-master__cta.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ccc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c31a94a2a97f5b5fe19d6d4081c9c66400d9483fc65d62d4ef8ca83b5c2fb57a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 34979
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Tue, 14 Jun 2022 18:48:39 GMT
server: cloudflare
etag: W/"29d616ce2740000b02cc9cacae33a2db"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1655232518974
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TFTs8Se5ajQTUXwv8OO4wDxf1126SchMHx%2FktD45LrivRSZdwh6%2BrNvx4n10fsf4wTuCs6OwYLTzFy6cHPrCfkR1Aqg5Ay9f2VO%2F8Jg0ueAR2PPaFcLqzYvfEhY2xZT1jSnSMybqwwEiaCuzShA%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7c1b27bc8baa9c0d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 cr-master__main.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1665758499223/__CR_Web_Platform/CSS/ 49 KB
10 KB 121ms
82ms Stylesheet
text/css 2606:4700::6812:ccc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1665758499223/__CR_Web_Platform/CSS/cr-master__main.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ccc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac8b5b9335dd32b274d2711eebaf848eba7cc3e3b3cfc84dfc25e840b072c334

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1041374
x-amz-cf-pop: IAD12-P2
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Fri, 14 Oct 2022 14:41:41 GMT
server: cloudflare
etag: W/"48ca526201db2c257bee6366f6f73eb0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1665758500214
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nngmqTWFlb2CRDNhhAhos%2Budv0qjKGKdTf6lcZVCKlp1BQxn6Nc6GreOfKVeJc5mvu95SR%2FcWmNeRdYLqBGjJxPH3KzVVLUQ0T6i8lOZt%2BqKWGrpuXvQwpzdacSHxXAKTSAbgujtH0uehqnmxqg%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7c1b27bc8bb29c0d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 ionicons.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/35275979682/1642096258129/__CR_Web_Platform/CSS/ 50 KB
8 KB 118ms
79ms Stylesheet
text/css 2606:4700::6812:ccc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/35275979682/1642096258129/__CR_Web_Platform/CSS/ionicons.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ccc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 72fe18777ebf37b44d58c82be9b67edceefb88c2c6984c614c72991d6e3b8853

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 739990
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 14
last-modified: Thu, 13 Jan 2022 17:50:59 GMT
server: cloudflare
etag: W/"71c8c946791f3411c42a4cb1e9cdb5ed"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1642096258332
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4BWA3CzEiW0Oei%2BdBPq0fRuZDM5iZcYQv6%2F74zJIbQ0HSRQ%2Fa1wnGOrFiXUBwinXomBJ0wGID9DRaA1BreinmS7VFARTM6D%2B3zxdCEtBiTHhzZ%2F%2BMOmOd1MpfhLkGh296Sa1XqBREMIzKdJ6rRk%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7c1b27bc8bb39c0d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 14

GET
H2 200 cr-mln__build.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42760289143/1663004429410/__CR_Web_Platform/CSS/ 22 KB
4 KB 131ms
92ms Stylesheet
text/css 2606:4700::6812:ccc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42760289143/1663004429410/__CR_Web_Platform/CSS/cr-mln__build.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ccc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e18234d885ed9a551c15b4a6db8a66f519058a512c928a61e22c9d479203feb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 133134
x-amz-cf-pop: IAD55-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Mon, 12 Sep 2022 17:40:31 GMT
server: cloudflare
etag: W/"9e4d00bd62ca17db2fb876fa39ba3022"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1663004430214
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ITB2GpIdSX%2F32KcTrbTKsCZWZh4kt0wne8u44eScRw%2Fw8fdmcYZrXTrkDE1qLhyHqVt2i6pCownDfZRJH6vUFRW%2F8eLCOW0uJ7Wd8SOHeNYWzcbxVNubELW6oYV737e1SUJUq7%2BCeRpwwuT%2Fbwc%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7c1b27bc8bb49c0d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 cr-framework__bulma-columns.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470224480/1635957556830/__CR_Web_Platform/CSS/bulma/ 19 KB
3 KB 154ms
115ms Stylesheet
text/css 2606:4700::6812:ccc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470224480/1635957556830/__CR_Web_Platform/CSS/bulma/cr-framework__bulma-columns.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ccc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 81c836c05ab1f2d37b7aa60d509a656c7a441e2a4fabf035c1b0666a4daa50fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 739990
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 14
last-modified: Wed, 03 Nov 2021 16:39:17 GMT
server: cloudflare
etag: W/"636c18615b58fca9536b2e1c578c6db7"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1635957556893
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ThYpzTAIfaDrqkUIWka5PGXBe%2BAI0tiD9G1r1iIubZ%2B7R1RitlEA%2FhFQUaB5etYQeGRoZ4VAwcuwUjYJlIiM%2B7XluKM43i42W6XHc0muIg6SgjcBpZRIuaCcxlWiTwIA5gJwA0e4Q%2FOT6YfyZrk%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7c1b27bc8ba69c0d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 14

GET
H2 200 cr-framework__bulma.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/35291999472/1654531651565/__CR_Web_Platform/CSS/bulma/ 63 KB
9 KB 115ms
77ms Stylesheet
text/css 2606:4700::6812:ccc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/35291999472/1654531651565/__CR_Web_Platform/CSS/bulma/cr-framework__bulma.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ccc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 18c545256f2217ee841db63336dddc318198118b706001a05985fc1f9efc6551

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1337776
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Mon, 06 Jun 2022 16:07:33 GMT
server: cloudflare
etag: W/"84c377016cc8d5f4c82d61754c144d63"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1654531652721
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wDkLl%2F4tpSY8eZHrmWPrzPACg0GTodBiC6og9YTkvLNuEjigBi8UsGu4J2WlZhd1YfTYUvcjUFocVW8ycBz7mOA0iG5L4RXnE2qAikAyYYkQnUky09ZLNQ5N3B4vKECjKWalIqHXzSROXBYO0wc%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7c1b27bc8baf9c0d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 hamburger-animation.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42363645447/1635957556555/__CR_Web_Platform/CSS/ 22 KB
3 KB 126ms
87ms Stylesheet
text/css 2606:4700::6812:ccc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42363645447/1635957556555/__CR_Web_Platform/CSS/hamburger-animation.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ccc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c9130ee8c979a74ab038cf5e8a06db5cb94253eab35ea5242f515d605f4781ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1781834
x-amz-cf-pop: IAD66-C1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
last-modified: Wed, 03 Nov 2021 16:39:17 GMT
server: cloudflare
etag: W/"a0b451fd96744fa455495e022542ab86"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1635957556622
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E8d7FdUs8BCbbyhQnkqJpd24djYOo7YVh12MaEr94ytk4s0PW5TumJ5U8rfP9OV5vxEvFNIoAi8jUh2vxvnmzK70mXVIaUmxCeTHtLcmmmwiSwbIR9l4MPFTKFSA0eCIXWVd0f6VTl2S4GkMvbs%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7c1b27bc8ba79c0d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 animate.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42507091846/1635957557027/__CR_Web_Platform/CSS/ 52 KB
4 KB 123ms
85ms Stylesheet
text/css 2606:4700::6812:ccc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42507091846/1635957557027/__CR_Web_Platform/CSS/animate.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ccc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b48f9a7031474a0f73f92f2e6cbbfad730b5466cda96d86a4459c06efc986173

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 197004
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Wed, 03 Nov 2021 16:39:18 GMT
server: cloudflare
etag: W/"55009d64191e6f9e712a841773ee6611"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1635957557027
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=utMuYrodRhxrxrKmchOPgn3Cq%2FRh6h%2Fwd01kyk5VF4Js4XUtj6BU7msmSQDa%2BWQ7Sm5taYu2qE0jZivLFzLaoewtcMng8UdWt2LCzcSaXMxqAojdU39d3UvYdVEnO6yn3%2FudAjTSVvyqMUlBU9c%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7c1b27bc8bb19c0d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
6 KB 34ms
15ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 541184
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5631
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7918"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SJIBCftU2PTYtkMfxDVYoXv61FZhksrAISCrXn2lXW2I3ih9lUb5EFx9SAczvqLjly%2BUJeJNSTtQH18ZG1%2Fi8vaRFNaNTH1Q3SfYTmYmiZ%2BVtY4sFW5Euok7WQNAl%2BYCABZj3r57ejgOeAZpVkmJMOqS"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7c1b27bc5aef1987-FRA
expires: Mon, 22 Apr 2024 20:11:48 GMT

GET
H2 200 css2
fonts.googleapis.com/ 21 KB
1 KB 127ms
46ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

560abbd7d0555a1eaf630c3487f47ffdc097772b00227e5bfcb85aafcdcb3491

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 03 May 2023 20:10:40 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 03 May 2023 20:11:48 GMT

GET
H2 200 marker-animation.js Show response
www.cybereason.com/hubfs/dam/plugins/ 6 KB
2 KB 270ms
268ms Script
application/javascript 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hubfs/dam/plugins/marker-animation.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 99985c50b5c9c935c272df6687cc04da7fa72a790343424fce7c361a4b26c8f9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:47 GMT
content-encoding: gzip
last-modified: Tue, 27 Oct 2020 17:09:14 GMT
x-cdn: Imperva
etag: W/"c789451d244987df6815383a74c748e9"
content-type: application/javascript
x-iinfo: 13-11053967-0 0CNN RT(1683144707468 356) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=333023, public
content-length: 2303
expires: Sun, 07 May 2023 16:42:10 GMT

GET
H2 200 cr-logo-inline--primary-black.png
www.cybereason.com/hubfs/dam/images/images-web/logos/cr-brand/ 5 KB
5 KB 11ms
8ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/logos/cr-brand/cr-logo-inline--primary-black.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: fd6c0f5026c29648ab8887658f23e6c57faedfe7f9d85e702823ae5dfcbdc8f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:47 GMT
last-modified: Fri, 03 Dec 2021 18:08:59 GMT
x-cdn: Imperva
etag: "0200a44af913040fda048d2ccd029463"
content-type: image/png
x-iinfo: 13-11053967-0 0CNN RT(1683144707468 377) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1187569, public
content-length: 5084
expires: Wed, 17 May 2023 14:04:36 GMT

GET
H2 200 cr-malicious-life-logo-v2.png
www.cybereason.com/hubfs/dam/images/images-web/logos/cr-brand/ 35 KB
35 KB 12ms
9ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/logos/cr-brand/cr-malicious-life-logo-v2.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 1ef8b59b832109ecbec2f9ed52e8073e2ab73862fa5e6697e1fe05d1c8358a02

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:47 GMT
last-modified: Wed, 15 Dec 2021 18:41:35 GMT
x-cdn: Imperva
etag: "4f8f695cfdda0e2a9e41271fd3ef4840"
content-type: image/png
x-iinfo: 13-11053967-0 0CNN RT(1683144707468 379) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=70356, public
content-length: 35653
expires: Thu, 04 May 2023 15:44:23 GMT

GET
H2 200 cr-blog-icon--search-dark-gray.png
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/ 440 B
574 B 13ms
11ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/cr-blog-icon--search-dark-gray.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: e90344957225c9e0caa52e2591fd6066740e0650bc100c422435762160fb2e33

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:47 GMT
last-modified: Wed, 03 Mar 2021 03:19:57 GMT
x-cdn: Imperva
etag: "5285e68f20ece59da650da19c81751e2"
content-type: image/png
x-iinfo: 13-11053967-0 0CNN RT(1683144707468 381) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=70356, public
content-length: 440
expires: Thu, 04 May 2023 15:44:23 GMT

GET
H2 200 Royal%20Ransomware-1.png
www.cybereason.com/hubfs/ 530 KB
532 KB 17ms
15ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/Royal%20Ransomware-1.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 83611ba6d05b168984207c7de4c1250357b9f2c8bd27c925dbe454580f553fb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
last-modified: Wed, 07 Dec 2022 16:35:04 GMT
x-cdn: Imperva
etag: "6260bec2d67f20851164269fb545dcc3"
content-type: image/png
x-iinfo: 13-11053967-11053088 2CNN RT(1683144707468 382) q(0 0 0 -1) r(0 0) U18
cache-control: max-age=350845, public
content-length: 542425
expires: Sun, 07 May 2023 21:39:13 GMT

GET
H2 200 26b02624-42c7-456d-82c2-9669db762671.json Show response
cdn.cookielaw.org/consent/26b02624-42c7-456d-82c2-9669db762671/ 5 KB
2 KB 56ms
27ms XHR
application/x-javascript 2606:4700::6813:bc61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/26b02624-42c7-456d-82c2-9669db762671/26b02624-42c7-456d-82c2-9669db762671.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:bc61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e1cde8163009973e673686a5ad8f79bc91d114d04f1b306547010a84db5b933

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: JMEWjTYeW9Wru+wVx54+fg==
age: 69755
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1708
x-ms-lease-status: unlocked
last-modified: Wed, 14 Dec 2022 19:43:20 GMT
server: cloudflare
etag: 0x8DADE0B74535185
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 8f5f9275-801e-0125-21e1-5a0600000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7c1b27bd9d9b30ed-FRA
expires: Thu, 04 May 2023 20:11:48 GMT

GET
H2 200 animate.min.css
cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/ 70 KB
4 KB 15ms
14ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1665758499223/__CR_Web_Platform/CSS/cr-master__main.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1665758499223/__CR_Web_Platform/CSS/cr-master__main.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2421080
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4216
last-modified: Mon, 07 Sep 2020 12:33:38 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f5628a2-11846"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KlEBeiHcpaw28pnK%2Bf5XD7AfDopHYjRwNwwPyToLoab03rCRX5VMFbqUa1CUmyVjzl5RyrHgneQViLb9JmP4MfuZbJPcz8144xd9qrDN7OQQyxi7CLY2r35YEDO1%2F%2FSwMx86fY94KGfGOtMwqBX5kvJl"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7c1b27bd9cb01987-FRA
expires: Mon, 22 Apr 2024 20:11:48 GMT

GET
H2 200 css2
fonts.googleapis.com/ 22 KB
971 B 47ms
46ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Barlow:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1665758499223/__CR_Web_Platform/CSS/cr-master__main.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e806ffbc50a4eff3c4316b490ced202d54a67009817f089484260286082364ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1665758499223/__CR_Web_Platform/CSS/cr-master__main.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 03 May 2023 19:59:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 03 May 2023 20:11:48 GMT

GET
H2 200 css2
fonts.googleapis.com/ 23 KB
998 B 48ms
47ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Barlow+Condensed:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1665758499223/__CR_Web_Platform/CSS/cr-master__main.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e732af923d9d5d156f2191b7bcc178a1e6e9aa1fdfcfd18bdb4a8f2a50ee7eb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1665758499223/__CR_Web_Platform/CSS/cr-master__main.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 03 May 2023 20:11:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 03 May 2023 20:11:48 GMT

GET
H2 200 css2
fonts.googleapis.com/ 51 KB
2 KB 58ms
58ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Barlow:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1665758499223/__CR_Web_Platform/CSS/cr-master__main.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6bb88418db9a97af411cf0c0263ad03068aeeef2cfcb7675f707c690ab85fcf5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1665758499223/__CR_Web_Platform/CSS/cr-master__main.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 03 May 2023 20:11:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 03 May 2023 20:11:48 GMT

GET
H2 200 cr-framework__bulma.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/35291999472/1654531651565/__CR_Web_Platform/CSS/bulma/ 63 KB
10 KB 28ms
26ms Other
text/css 2606:4700::6812:ccc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/35291999472/1654531651565/__CR_Web_Platform/CSS/bulma/cr-framework__bulma.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ccc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 18c545256f2217ee841db63336dddc318198118b706001a05985fc1f9efc6551

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1337776
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Mon, 06 Jun 2022 16:07:33 GMT
server: cloudflare
etag: W/"84c377016cc8d5f4c82d61754c144d63"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1654531652721
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=te%2BkqVUHSmVRMO6MHXrRs%2BPrn%2FklhlJpuS0FmHCeWO9yhBlgpNZqbuA0mqYQiXW2tfc2H2lin7gjCTRkplVHeTBJf5%2F3jokzD7fSqa8aTtLTQYeCjI5%2FEkvawtSAUgE3ummr%2FwqhUaT5wzgpbzw%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7c1b27be0da79c0d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 hamburger-animation.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42363645447/1635957556555/__CR_Web_Platform/CSS/ 22 KB
3 KB 23ms
21ms Other
text/css 2606:4700::6812:ccc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42363645447/1635957556555/__CR_Web_Platform/CSS/hamburger-animation.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ccc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c9130ee8c979a74ab038cf5e8a06db5cb94253eab35ea5242f515d605f4781ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1781834
x-amz-cf-pop: IAD66-C1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
last-modified: Wed, 03 Nov 2021 16:39:17 GMT
server: cloudflare
etag: W/"a0b451fd96744fa455495e022542ab86"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1635957556622
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xMh2A3XAm6wNSsFWw03%2FobqpxWgTRQKava%2FH%2BPWA6O3wuPOKtvtAbtG5vhvc3h2kXtPHUzE32F99R4iio6OHDrCIHmZW0Sp%2Fb6oinroi%2BQ%2BH44qrDgwPk107MGj3leICIsA36Nj0oucyyineXYQ%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7c1b27be0da89c0d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 twitter-gray.svg
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/ 749 B
623 B 16ms
14ms Image
image/svg+xml 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/twitter-gray.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: f9db6465a204cc4186368b72a0ba4f063e64569aa4fc96e0f40c7ac69423121b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:47 GMT
content-encoding: gzip
last-modified: Thu, 01 Apr 2021 02:23:43 GMT
x-cdn: Imperva
etag: W/"5c103d0cd978b3a8d7ccab6bff714599"
content-type: image/svg+xml
x-iinfo: 13-11053967-0 0CNN RT(1683144707468 383) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1800227, public
content-length: 433
expires: Wed, 24 May 2023 16:15:34 GMT

GET
H2 200 facebook-gray.svg
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/ 372 B
454 B 17ms
15ms Image
image/svg+xml 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/facebook-gray.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: d82231820461c83d1b0966caae71bd2732bd89e9a910fdb90d193c3dca16dbc7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:47 GMT
content-encoding: gzip
last-modified: Thu, 01 Apr 2021 02:23:43 GMT
x-cdn: Imperva
etag: W/"8c22d0d78005c386bf29edacfdd2360d"
content-type: image/svg+xml
x-iinfo: 13-11053967-0 0CNN RT(1683144707468 384) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1800228, public
content-length: 299
expires: Wed, 24 May 2023 16:15:35 GMT

GET
H2 200 linkedin-gray.svg
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/ 742 B
771 B 17ms
15ms Image
image/svg+xml 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/linkedin-gray.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 12127e3110351f54262db955bafe353593dd58c89c7f6b6fc159c10515e93c61

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:47 GMT
content-encoding: gzip
last-modified: Wed, 07 Apr 2021 01:13:30 GMT
x-cdn: Imperva
etag: W/"446340b1a8e73ee28b1a47837a13fdf3"
content-type: image/svg+xml
x-iinfo: 13-11053967-0 0CNN RT(1683144707468 385) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1800227, public
content-length: 630
expires: Wed, 24 May 2023 16:15:34 GMT

GET
H2 200 blog-post-text%20-%202022-08-30T093119.758.png
www.cybereason.com/hubfs/ 821 KB
822 KB 21ms
19ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/blog-post-text%20-%202022-08-30T093119.758.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: c3d9e935d7a7c80ab14a7bcf7d39b20a0155f5de73d2cd953a7981ccabb25e64

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
last-modified: Tue, 30 Aug 2022 17:02:49 GMT
x-cdn: Imperva
etag: "aa4ce191a0ae864db6c61d91b2b4d32c"
content-type: image/png
x-iinfo: 13-11053967-11049470 2CNN RT(1683144707468 386) q(0 0 0 -1) r(0 0) U18
cache-control: max-age=351446, public
content-length: 841203
expires: Sun, 07 May 2023 21:49:14 GMT

GET
H2 200 Vs.png
www.cybereason.com/hubfs/ 110 KB
111 KB 23ms
21ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/Vs.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 0e38365e416ab6d7967b10fd966b661477d270f50041f0a2552263aa3fb71d3b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:47 GMT
last-modified: Tue, 08 Feb 2022 14:34:15 GMT
x-cdn: Imperva
etag: "f58780f0e659c4d6d4898f791b372e4a"
content-type: image/png
x-iinfo: 13-11053967-11053121 2CNN RT(1683144707468 388) q(0 0 0 -1) r(0 0) U18
cache-control: max-age=80355, public
content-length: 112645
expires: Thu, 04 May 2023 18:31:02 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 66 B
303 B 37ms
20ms XHR
application/json 2606:4700:4400::6812:2b9e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2b9e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 7c1b27bdec9d3a6c-FRA
access-control-allow-headers: Content-Type

GET
H2 200 cr-logo-inline--primary-white.png
www.cybereason.com/hubfs/dam/images/images-web/logos/cr-brand/ 5 KB
5 KB 21ms
19ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/logos/cr-brand/cr-logo-inline--primary-white.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 8f657cd3617d00d51bbc4dee693b71bde939c80310034a8d82641804d4eb7e16

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:47 GMT
last-modified: Fri, 03 Dec 2021 18:09:12 GMT
x-cdn: Imperva
etag: "9fa007f86be3dd9a921a2d00bf86f36e"
content-type: image/png
x-iinfo: 13-11053967-0 0CNN RT(1683144707468 389) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=73740, public
content-length: 4953
expires: Thu, 04 May 2023 16:40:47 GMT

GET
H2 200 animatedModal.min.js Show response
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42507089303/1644440411417/__CR_Web_Platform/JS/animatedModal/ 2 KB
1 KB 24ms
24ms Script
application/javascript 2606:4700::6812:ccc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42507089303/1644440411417/__CR_Web_Platform/JS/animatedModal/animatedModal.min.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ccc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f94c946a13b9ebe43281550b7d0c00edf4694ad06bcb4c8679bee6d48df5115

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1781834
x-amz-cf-pop: IAD66-C1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
last-modified: Wed, 09 Feb 2022 21:00:12 GMT
server: cloudflare
etag: W/"690ad93d1d2a9fc11f9df295692413fe"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1644440411792
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2BfOCNfhsg9HqjG8NfysL5bxQouY3iLB6AWggZibbkFbOcrrrJmN0Gp8dxKGqBhPXrSzjIO%2Bn11eQCOEw7uZSQ8VY2M40WBI1pmveqch8oHUvTemI0Q9aztAz7PSAzUcPRgrfxM%2B%2BhSD3SLDAHo%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7c1b27bdfd959c0d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 module_41681847227_CR_-_Malicious_Life_Network_--_Tier_One_Header.min.js Show response
cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41681847227/1644941386128/ 374 B
575 B 30ms
30ms Script
application/javascript 2606:4700::6812:ccc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41681847227/1644941386128/module_41681847227_CR_-_Malicious_Life_Network_--_Tier_One_Header.min.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ccc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 119bf322a2ce6d2a82422b51404bc54b375c881f12a120205598d1691fa48820

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1751754
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Tue, 15 Feb 2022 16:09:47 GMT
server: cloudflare
etag: W/"1d7f81aaf24568ea5d90a82b829960fd"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1644941386128
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uegl27LdXP6VpPdiyM%2BtRsLjBoG9JLlhv6lfOHLPbFYHnC%2BwSyiV6C%2Fp4Vj22CsAY1YW3RfkdpuZAqHgvhc6BuKVHcV23XzaUAZvNCbz7HHzJi5hMAB2illgrJ1S8vwlUplP5w1wAjEa%2Fiy1clI%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7c1b27bdfd9d9c0d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_41682410610_CR_-_Malicious_Life_Network_--_Main_Hero.min.js Show response
cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41682410610/1644941443113/ 305 B
592 B 26ms
23ms Script
application/javascript 2606:4700::6812:ccc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41682410610/1644941443113/module_41682410610_CR_-_Malicious_Life_Network_--_Main_Hero.min.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ccc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 66ba9d76c09ad6dd52135d52c368f6d87ac40b5b4ce418e41a105fb221c7e470

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 197004
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Tue, 15 Feb 2022 16:10:44 GMT
server: cloudflare
etag: W/"86f1ecf1077302d6bd359676a0142438"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1644941443113
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EELd%2Bj8YViuGX1drHbuP%2FhdAU%2Fqimzj83AZwgvWU33dQLOvXZGKH5UBkkGV7s6e%2BFdjuImt5f98ksU90mOEL2BYJruPoMNc3eCsrPtVPh749x2hJOllqMDBDMYtXm%2BbypQAPO1n4C0N%2BTPTz2GM%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7c1b27be0da49c0d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_43300360745_CR_-_Malicious_Life_Network_--_Related_Posts.min.js Show response
cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/43300360745/1649424828285/ 401 B
956 B 31ms
28ms Script
application/javascript 2606:4700::6812:ccc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/43300360745/1649424828285/module_43300360745_CR_-_Malicious_Life_Network_--_Related_Posts.min.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ccc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe9ce59aa6f3f2c6d0be658bec3e8515959f544fed27adc4506480cb9ead5157

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 910798
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-hs-alternate-content-type: text/plain
x-envoy-upstream-service-time: 150
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c668f8f5-2a81-436e-ad79-7d3783d24341
last-modified: Fri, 08 Apr 2022 13:33:49 GMT
server: cloudflare
etag: W/"c559951fe9a2b257ae98f9aeb1c4d6a2"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1649424828285
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SPbcyEjTq7GNHP%2FJ%2B9TYs7GXqTT513ANPtUKhSp9QxLw%2F5l6a3XsCB5VqxQ5MKyA%2BeWB9i3CXIC1WMJxYC0Do65cG9NGd85faHYXMO0IUY13Kyua85ESGIQTRT8UvxHLmDp6Mdle6IIZ3Z5kB3U%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8497bd8f5f-dsnkh
cf-ray: 7c1b27be0da59c0d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 module_86933076631_CR_-_Sticky_CTA_Bar.min.js Show response
cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/86933076631/1669911113440/ 694 B
838 B 27ms
24ms Script
application/javascript 2606:4700::6812:ccc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/86933076631/1669911113440/module_86933076631_CR_-_Sticky_CTA_Bar.min.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ccc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 65a923b747d84787bc4e01270fa29f4314d3d36df432cd3eb801c30f8adfd466

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 482194
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Thu, 01 Dec 2022 16:11:54 GMT
server: cloudflare
etag: W/"de347f1a06cbb5270942bfc43d48cf48"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1669911113440
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MhiTcuc3aBuGezcgUYQuZjgkX%2BQGfiUh0NxTUltQTRelJ9J0sYXAFnHC%2BbcDnr8%2Fx5GFHETMdrnpbdmHs8XMyfjToIXSw%2FRCZ8nxfGeDrKFEOMVuEihUhLIc1ZMP2I9JAknCBacIKEgFpJ8EJa4%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7c1b27be0da69c0d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 3354902.js Show response
www.cybereason.com/hs/scriptloader/ 1 KB
703 B 30ms
29ms Script
application/javascript 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs/scriptloader/3354902.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 7b5973abd43dd394b2c537ea13659e89608ec51b3c231d9e2d1e2facea81cb45

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: gzip
last-modified: Wed, 03 May 2023 20:10:21 GMT
x-cdn: Imperva
etag: "e457e248"
content-type: application/javascript;charset=utf-8
x-iinfo: 13-11053967-11053748 2CNN RT(1683144707468 391) q(0 0 0 -1) r(0 0)
cache-control: max-age=51, public
content-length: 517
expires: Wed, 03 May 2023 20:12:39 GMT

GET
H2 200 _Incapsula_Resource Show response
www.cybereason.com/ 136 KB
19 KB 30ms
28ms Script
application/javascript 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1936904195
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: bb5107eeaea15d6a902d81f5fbe8c897acfc20693378ae598718b7b28a2a9bcf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

cache-control: no-cache, no-store
content-encoding: gzip
x-robots-tag: noindex
content-length: 19668
content-type: application/javascript

GET
H2 200 cr-blog-hero-owl-transparent.png
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/ 670 KB
670 KB 25ms
22ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/cr-blog-hero-owl-transparent.png
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41682410610/1644941443237/module_41682410610_CR_-_Malicious_Life_Network_--_Main_Hero.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 266d85b7ad351501b8651b0e659d6d74fbe07085d3226cd3f7601f6522fbdf97

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn2.hubspot.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:47 GMT
last-modified: Fri, 19 Feb 2021 04:27:31 GMT
x-cdn: Imperva
etag: "cd208635457bf65f33aa7c8849efcf21"
content-type: image/png
x-iinfo: 13-11053967-0 0CNN RT(1683144707468 406) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=73734, public
content-length: 685987
expires: Thu, 04 May 2023 16:40:41 GMT

GET
H2 200 cr-ml-sidebar-subscribe-bg.jpg
www.cybereason.com/hubfs/dam/images/images-web/backgrounds/ 34 KB
34 KB 25ms
25ms Image
image/jpeg 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/backgrounds/cr-ml-sidebar-subscribe-bg.jpg
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42760289143/1663004429410/__CR_Web_Platform/CSS/cr-mln__build.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 9967a27efc89a8cefe9665100ec51cded3a8c89f95cdca1285bfce207666cd11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn2.hubspot.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:47 GMT
last-modified: Thu, 31 Mar 2022 18:30:54 GMT
x-cdn: Imperva
etag: "c2444af5dedceb18b268a01a640beb72"
content-type: image/jpeg
x-iinfo: 13-11053967-0 0CNN RT(1683144707468 410) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=70355, public
content-length: 34358
expires: Thu, 04 May 2023 15:44:22 GMT

GET
H2 200 cr-mln-network__footer-subscribe-bg.png
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/ 38 KB
38 KB 28ms
28ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/cr-mln-network__footer-subscribe-bg.png
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42760289143/1663004429410/__CR_Web_Platform/CSS/cr-mln__build.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 38b5fa249791d286db654d516dfb6173cc332a8d725c41b58d08c642b26bc641

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn2.hubspot.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:47 GMT
last-modified: Wed, 10 Mar 2021 19:10:18 GMT
x-cdn: Imperva
etag: "c28026bc6a6d55f395e2227b7b19c8c9"
content-type: image/png
x-iinfo: 13-11053967-0 0CNN RT(1683144707468 411) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=70355, public
content-length: 38595
expires: Thu, 04 May 2023 15:44:22 GMT

GET
H2 200 ionicons.ttf
www.cybereason.com/hubfs/__dam/fonts/ 184 KB
107 KB 27ms
26ms Font
font/ttf 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hubfs/__dam/fonts/ionicons.ttf
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/35275979682/1642096258129/__CR_Web_Platform/CSS/ionicons.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 2ba7f20b1d8990e17a47fe3d88e4c766628aaa2baf1dd30fca0a0db59836f5f9

Request headers

Referer: https://cdn2.hubspot.net/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:47 GMT
content-encoding: gzip
last-modified: Fri, 25 Sep 2020 09:38:00 GMT
x-cdn: Imperva
etag: W/"24712f6c47821394fba7942fbb52c3b2"
content-type: font/ttf
x-iinfo: 13-11053967-0 0CNN RT(1683144707468 413) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1759028, public
content-length: 109801
expires: Wed, 24 May 2023 04:48:55 GMT

GET
H2 200 Criteria-CF-Bold.woff2
www.cybereason.com/hubfs/dam/fonts/criteria/ 14 KB
14 KB 28ms
27ms Font
application/font-woff2 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hubfs/dam/fonts/criteria/Criteria-CF-Bold.woff2
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1665758499223/__CR_Web_Platform/CSS/cr-master__main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 17a31aae550a664382ab9d8085efc03a10a4548985f33ac4e5a533d5ab5e9339

Request headers

Referer: https://cdn2.hubspot.net/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:47 GMT
last-modified: Thu, 13 Jan 2022 17:33:57 GMT
x-cdn: Imperva
etag: "ba487b98622054117d0be2f92f3f45b2"
content-type: application/font-woff2
x-iinfo: 13-11053967-0 0CNN RT(1683144707468 414) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1759027, public
content-length: 14332
expires: Wed, 24 May 2023 04:48:54 GMT

GET
H2 200 FlamCondBook.woff2
www.cybereason.com/hubfs/dam/fonts/flama/ 14 KB
14 KB 29ms
28ms Font
application/font-woff2 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hubfs/dam/fonts/flama/FlamCondBook.woff2
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1665758499223/__CR_Web_Platform/CSS/cr-master__main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 2ca281bdcd543e2e3559e6505c323c8d64df73f2a594a043780df3007e16d161

Request headers

Referer: https://cdn2.hubspot.net/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:47 GMT
last-modified: Fri, 10 Dec 2021 14:25:11 GMT
x-cdn: Imperva
etag: "9b97cc4b573f2e8b6ead12339a15b141"
content-type: application/font-woff2
x-iinfo: 13-11053967-0 0CNN RT(1683144707468 415) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1759027, public
content-length: 14544
expires: Wed, 24 May 2023 04:48:54 GMT

GET
H2 200 HTxwL3I-JCGChYJ8VI-L6OO_au7B4-Lwz3bWuQ.woff2
fonts.gstatic.com/s/barlowcondensed/v12/ 20 KB
20 KB 172ms
90ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlowcondensed/v12/HTxwL3I-JCGChYJ8VI-L6OO_au7B4-Lwz3bWuQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow+Condensed:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d2c4912162eaa41299aaf5063ecb92a26d76071fe6d1f77742b32c833daab99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 29 Apr 2023 21:14:08 GMT
x-content-type-options: nosniff
age: 341860
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20432
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:38:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Apr 2024 21:14:08 GMT

GET
H2 200 HTxwL3I-JCGChYJ8VI-L6OO_au7B4873z3bWuQ.woff2
fonts.gstatic.com/s/barlowcondensed/v12/ 21 KB
21 KB 186ms
104ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlowcondensed/v12/HTxwL3I-JCGChYJ8VI-L6OO_au7B4873z3bWuQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b281bf2f4179c06ba68f0a427f2341287c41eacc2ce9d534c6f5c513ac633fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 29 Apr 2023 21:37:15 GMT
x-content-type-options: nosniff
age: 340473
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21352
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:30:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Apr 2024 21:37:15 GMT

GET
H2 200 7cHqv4kjgoGqM7E30-8s51os.woff2
fonts.gstatic.com/s/barlow/v12/ 21 KB
21 KB 195ms
115ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E30-8s51os.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b14e8397d552f351a4396dec25ec5da1348865683100e94c4ab0faea4a9a254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 29 Apr 2023 14:11:24 GMT
x-content-type-options: nosniff
age: 367224
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21796
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:35:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Apr 2024 14:11:24 GMT

GET
H2 200 7cHqv4kjgoGqM7E3t-4s51os.woff2
fonts.gstatic.com/s/barlow/v12/ 21 KB
21 KB 205ms
124ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3t-4s51os.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65a47caa5183b035bf78d0f93adbe5cea500333410259c54abf2de356740df7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 29 Apr 2023 14:43:31 GMT
x-content-type-options: nosniff
age: 365297
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21724
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:29:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Apr 2024 14:43:31 GMT

GET
H2 200 HOSP.woff2
www.cybereason.com/hubfs/dam/fonts/hsop/ 154 KB
154 KB 28ms
27ms Font
application/font-woff2 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hubfs/dam/fonts/hsop/HOSP.woff2
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1665758499223/__CR_Web_Platform/CSS/cr-master__main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: a6728e3326fe3805e12f697731cbc97f2a5b773533c1cb4be0c56da998a94db6

Request headers

Referer: https://cdn2.hubspot.net/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:47 GMT
last-modified: Fri, 11 Feb 2022 15:12:37 GMT
x-cdn: Imperva
etag: "2ffd5c598df2d32b13ebd689e6daa668"
content-type: application/font-woff2
x-iinfo: 13-11053967-0 0CNN RT(1683144707468 416) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1776626, public
content-length: 157664
expires: Wed, 24 May 2023 09:42:13 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v35/ 47 KB
48 KB 106ms
36ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Tue, 02 May 2023 17:26:21 GMT
x-content-type-options: nosniff
age: 96327
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48412
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:08:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 May 2024 17:26:21 GMT

GET
H2 200 Royal%20Ransomware%20Image%201.png
www.cybereason.com/hs-fs/hubfs/ 93 KB
93 KB 14ms
13ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Royal%20Ransomware%20Image%201.png?width=857&height=377&name=Royal%20Ransomware%20Image%201.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: f12285b24f42a85dce2b8d8a05e7badb1ca05e34eabf96b9bff5965f9ce189b3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
last-modified: Tue, 06 Dec 2022 18:49:30 GMT
x-cdn: Imperva
etag: "cff_PNOmOP6CPkbWsNkEuO0qeiYkzxKMoed8Z1QCJCDQ:623b490405b10acf497560fd8ae1f356"
content-type: image/png
x-iinfo: 13-11053967-11053088 2CNN RT(1683144707468 483) q(0 0 0 -1) r(0 0) U18
cache-control: max-age=364333, public
content-length: 94882
expires: Mon, 08 May 2023 01:24:01 GMT

GET
H2 200 Royal%20Ransomware%20Image%202.png
www.cybereason.com/hs-fs/hubfs/Blog%20Images%20Royal%20Ransomware/ 8 KB
8 KB 15ms
14ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Blog%20Images%20Royal%20Ransomware/Royal%20Ransomware%20Image%202.png?width=560&height=302&name=Royal%20Ransomware%20Image%202.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 927b457d66e9bd6e989e851006b4f3f9b6f7ca3aecb8d95434c3d91a3fe71c39

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
last-modified: Tue, 06 Dec 2022 19:07:29 GMT
x-cdn: Imperva
etag: "cfBJ3kFWWDvNvdcoUumXnsLrTBode6H2v9yPeAvJq3DQ:fae6ed4f04a0a43a5d491ada1974eae7"
content-type: image/png
x-iinfo: 13-11053967-11053086 2CNN RT(1683144707468 485) q(0 0 0 -1) r(0 0) U18
cache-control: max-age=385271, public
content-length: 8330
expires: Mon, 08 May 2023 07:12:59 GMT

GET
H2 200 Royal%20Ransomware%20Image%203.png
www.cybereason.com/hs-fs/hubfs/Blog%20Images%20Royal%20Ransomware/ 5 KB
5 KB 15ms
15ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Blog%20Images%20Royal%20Ransomware/Royal%20Ransomware%20Image%203.png?width=432&height=227&name=Royal%20Ransomware%20Image%203.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 8062b928d1d1fa09dd25a507677b992f5ef61e3ddd3743330b0e3fc2de74f81f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
last-modified: Tue, 06 Dec 2022 19:07:29 GMT
x-cdn: Imperva
etag: "cfAv-otwWibwjuOeUFajSsUu4fqC2xDMx9Nr_W4YDyDQ:a61d71b5b686acbe4870b3afa3357c87"
content-type: image/png
x-iinfo: 13-11053967-11053084 2CNN RT(1683144707468 486) q(0 0 0 -1) r(0 0) U18
cache-control: max-age=1796439, public
content-length: 5287
expires: Wed, 24 May 2023 15:12:27 GMT

GET
H2 200 Royal%20Ransomware%20Image%204.png
www.cybereason.com/hs-fs/hubfs/Blog%20Images%20Royal%20Ransomware/ 18 KB
19 KB 18ms
17ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/Blog%20Images%20Royal%20Ransomware/Royal%20Ransomware%20Image%204.png?width=795&height=351&name=Royal%20Ransomware%20Image%204.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 16287ef8f3ffc83998985a3db0881e70bb724e48bbb8508795d1bfe7921e2fef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:48 GMT
last-modified: Tue, 06 Dec 2022 19:07:29 GMT
x-cdn: Imperva
etag: "cfQhOKsKYzicJTUvLfr5lrXE0Hr5K--Y7dg_7j9CkmDQ:9b1207882c0f76b2664a99ce4ebf12b0"
content-type: image/png
x-iinfo: 13-11053967-11049470 2CNN RT(1683144707468 489) q(0 0 0 -1) r(0 0) U18
cache-control: max-age=75271, public
content-length: 18870
expires: Thu, 04 May 2023 17:06:19 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.38.0/ 369 KB
88 KB 18ms
18ms Script
application/javascript 2606:4700::6813:bc61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.38.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:bc61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42b2b9d16fbf8d3c6be72420699360790966e58fe30d8794fd90a71c8aef122d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 03 May 2023 20:11:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: jz950M8ZW7RakPP2zlLHZQ==
age: 57730
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 89624
x-ms-lease-status: unlocked
last-modified: Thu, 21 Jul 2022 06:31:17 GMT
server: cloudflare
etag: 0x8DA6AE29E465D1D
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: b92be9b9-501e-00e4-57a4-4acbec000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7c1b27bebd5c35e2-FRA

GET
H2 200 module_41681847227_CR_-_Malicious_Life_Network_--_Tier_One_Header.min.js
cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41681847227/1644941386128/ 374 B
664 B 29ms
28ms Other
application/javascript 2606:4700::6812:ccc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41681847227/1644941386128/module_41681847227_CR_-_Malicious_Life_Network_--_Tier_One_Header.min.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:ccc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 119bf322a2ce6d2a82422b51404bc54b375c881f12a120205598d1691fa48820

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:49 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1751755
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Tue, 15 Feb 2022 16:09:47 GMT
server: cloudflare
etag: W/"1d7f81aaf24568ea5d90a82b829960fd"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1644941386128
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bm52Y%2FMLbDS74C7bnuiff%2BBjzso6Cmnndzekmhoo8I%2BalE5VRVckDkwgHRHioFns303M%2FNZIfIRdfzazQ00q%2Bt0umdWJMMDByVNFdwyU9FzQ22DhQYWWGuKwOds2SzpG7BGBsmrDvQNit6%2F9Twk%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7c1b27bf4f3e9c0d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 all.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 45ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

84b968b853c9239a3ac226c3548f5deeedc6667f4f1287ff89f6130acfc01c07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 03 May 2023 20:11:49 GMT
content-md5: 3mCq2UQDCCA0q75hpNw7wA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1689
x-fb-rlafr: 0
x-fb-debug: A5+Tp20HTJh+gvZxtd3cbTyhK/Qb1wgZwWCjdwoIHq50V2bMvKg34EKCjC1WrkB+/ZkNB5o1eiolf6RfoFkwrw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1679558926
x-fb-content-md5: a4262a5b7fecbdd1fd2969ddfd92c375
cross-origin-opener-policy: same-origin-allow-popups
etag: "7b6163aee9b148b5840494ee6c8cd617"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
x-frame-options: DENY
timing-allow-origin: *
expires: Wed, 03 May 2023 20:16:49 GMT

GET
H2 200 widgets.js Show response
platform.twitter.com/ 91 KB
27 KB 65ms
9ms Script
application/javascript 146.75.116.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:49 GMT
content-encoding: gzip
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 27630
x-served-by: cache-iad-kiad7000096-IAD, cache-fra-eddf8230094-FRA
last-modified: Tue, 24 Jan 2023 21:41:51 GMT
etag: "9e99725b7a4cd730a934afba2a438bb5+gzip"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=1800
accept-ranges: bytes
tw-cdn: FT

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
994 B 240ms
213ms Script
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=3354902&callback=jsonpHandler

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: d1fa5f0d-ab3b-45cf-91f7-8e1a7b67754c
x-envoy-upstream-service-time: 5
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=7c1b27bf7b3e2bf1&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: 4143419b-8c59-41ce-8d86-ef086d78441b
server: cloudflare
x-trace: 2BA0E9DD490E1E0F76BA1A4110797352403A880194000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-589c5fd4fb-9sjmd
x-evy-trace-virtual-host: all
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 7c1b27bf7b3e2bf1-FRA

GET
H2 200 l
use.typekit.net/af/343335/00000000000000003b9b0ad0/27/ 16 KB
16 KB 32ms
8ms Font
application/font-woff2 2a02:26f0:3500:16::215:148f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/343335/00000000000000003b9b0ad0/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 599dd661a1d9e0af96d614fab0ea7396bf06de4265029166a265c2b10cc1a1b0

Request headers

Referer: https://www.cybereason.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:49 GMT
server: nginx
etag: "eedb93b5a9ba82f97df21a2548066c304a8baad8"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 16112

GET
H2 200 l
use.typekit.net/af/4b34d2/00000000000000003b9b0acf/27/ 16 KB
16 KB 30ms
7ms Font
application/font-woff2 2a02:26f0:3500:16::215:148f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/4b34d2/00000000000000003b9b0acf/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: f3f2822ba3d24c1f7f53bff8959801c644b2c1c556eb8c15ca36a86717f1ae7d

Request headers

Referer: https://www.cybereason.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:49 GMT
server: nginx
etag: "2d91046573f0e4458e7737f18f00bb9c13388e11"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 16256

GET
H2 200 l
use.typekit.net/af/cb6232/00000000000000003b9b0ad8/27/ 15 KB
15 KB 32ms
9ms Font
application/font-woff2 2a02:26f0:3500:16::215:148f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/cb6232/00000000000000003b9b0ad8/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: f64368e7be69abe40585911860d83acfa8b14179d3008b2594166ae4c10ec0fd

Request headers

Referer: https://www.cybereason.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:49 GMT
server: nginx
etag: "865da7d2ecc4da3cb6bd5574f01738cfc5c8bb11"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 15452

GET
H2 200 l
use.typekit.net/af/abc1c3/00000000000000003b9b0ac9/27/ 16 KB
16 KB 37ms
14ms Font
application/font-woff2 2a02:26f0:3500:16::215:148f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/abc1c3/00000000000000003b9b0ac9/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 72493a3f42ed0260f03b6ffd3ea131be38a1070845bfae24927f643a3fcf3255

Request headers

Referer: https://www.cybereason.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:49 GMT
server: nginx
etag: "8c3ee2b4e977df4e0f73e1b985c24fba9611fc49"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 16660

GET
H2 200 l
use.typekit.net/af/62203f/00000000000000003b9b0ac8/27/ 17 KB
17 KB 30ms
8ms Font
application/font-woff2 2a02:26f0:3500:16::215:148f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/62203f/00000000000000003b9b0ac8/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i7&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 5c8d63abd4075c4ebd692fbd02e35fb72950f214a6486607c1819d4279ad526f

Request headers

Referer: https://www.cybereason.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:49 GMT
server: nginx
etag: "7b5be73a29b093f7ae3c099f5a521c9274f6db28"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 17152

GET
H2 200 l
use.typekit.net/af/19a2f0/00000000000000003b9b0ac7/27/ 16 KB
16 KB 41ms
19ms Font
application/font-woff2 2a02:26f0:3500:16::215:148f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/19a2f0/00000000000000003b9b0ac7/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: dd8ce52adc4b0ab60f82c29ba12f25e2f6446245fc8c0b5f4bd6dab3146f9ef7

Request headers

Referer: https://www.cybereason.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:49 GMT
server: nginx
etag: "b9e1ecdf0fe601a7e9dfc362b400290203e7b31c"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 16464

GET
H2 200 l
use.typekit.net/af/cfbead/0000000000000000000146b3/27/ 23 KB
23 KB 30ms
8ms Font
application/font-woff2 2a02:26f0:3500:16::215:148f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/cfbead/0000000000000000000146b3/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 875f8e591b4fbc6567e2b33553bea9ca2d0e18593bd857783a569fe7bf4ba097

Request headers

Referer: https://www.cybereason.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:49 GMT
server: nginx
etag: "122498e3424e674610da39fb441d661549879239"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 23244

GET
H2 200 l
use.typekit.net/af/f50d41/00000000000000003b9b2c84/27/ 15 KB
15 KB 36ms
15ms Font
application/font-woff2 2a02:26f0:3500:16::215:148f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/f50d41/00000000000000003b9b2c84/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 0b454edb897d49bf8a73b07627b670a55f0972988094770495a308e5a5e39d1b

Request headers

Referer: https://www.cybereason.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:49 GMT
server: nginx
etag: "13c2813ff67959226aaa4eccfcdd1399bd756b8d"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 15336

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 545 KB
87 KB 76ms
34ms Script
application/javascript 2606:4700::6811:826e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsleadflows.net/leadflows.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs/scriptloader/3354902.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:826e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7239304bfda1edbdc25f38e13e0c6ed0c40c2aa7bf88e95b9fc8f17ba36a8253

Request headers

Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

content-encoding: br
age: 38787
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1180/bundle/main/lead-flows-release.js&cfRay=7c1774ccdcd31b35-IAD
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"0bee9cd87f137fe7aec90112cb8b0376"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1180/bundle/main/lead-flows-release.js
date: Wed, 03 May 2023 20:11:49 GMT
x-amz-version-id: RmhmaytfCYjkF4kIWncNidw0.aX_4QVo
via: 1.1 05133180bbd1649d4b8f97441bf305e8.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 11
x-evy-trace-route-configuration: listener_https/all
x-request-id: 1d4a31f5-8cdf-4d57-be25-4a571cc38024
last-modified: Mon, 03 Apr 2023 03:50:40 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-589c5fd4fb-cssjl
cf-ray: 7c1b27bf9cbf37da-FRA
x-amz-cf-id: WWXz5OuFZNMyKaJ7oc95UJvtqu6O9lJb6QIXAAAPUIcJUjiFJXCZmg==

GET
H2 200 3354902.js Show response
js.hs-analytics.net/analytics/1683144600000/ 66 KB
21 KB 177ms
157ms Script
text/javascript 2606:4700::6810:8bce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1683144600000/3354902.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs/scriptloader/3354902.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:8bce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d7d0d63194f8f4d3a2ef0847df18aa1ecc078ce2845024b7797870ca7991e80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:49 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: R1N98FTMM85KYE8Z
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-envoy-upstream-service-time: 30
x-amz-id-2: DHZvXZv5r8jmTVE0kjmSdSOAVxufiHcNj7VMSb/I5/a2Ru4yajINAP42AnGHtkKZmMHupC9Igp0=
x-evy-trace-listener: listener_https
x-request-id: dd50f946-4fec-4fff-b877-e693a1a165a4
x-evy-trace-route-configuration: listener_https/all
last-modified: Tue, 18 Apr 2023 13:58:33 GMT
server: cloudflare
etag: W/"e33a033ddb525e041a03d7d36c00004a"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6b7cfc8cf5-c2gr8
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 7c1b27bf7f9a363d-FRA
expires: Wed, 03 May 2023 20:16:49 GMT

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/3354902/ 208 KB
64 KB 429ms
405ms Script
text/javascript 2606:4700::6812:18c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/3354902/banner.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs/scriptloader/3354902.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a30badc76ee6b46edaf9bf58b7ca82eaeac7f8f1fd8447e7b853ad86fa796854

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:49 GMT
x-amz-version-id: XioPdPZeFl6_.2kFZI2VICXpjf_kOtK8
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 3H1BYHE2QGNTXM04
x-amz-server-side-encryption: AES256
x-amz-id-2: Bunmt3juDIXFgM8OAv6HH5HTRdXEA6VbZfX/CI0/0xcDH+otsrlyt0eytZOK+hpZxhY6xA4/xvY=
last-modified: Mon, 17 Apr 2023 15:12:45 GMT
server: cloudflare
etag: W/"56d560cf037c20f2a8fa1ae1ab05b271"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.cybereason.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 7c1b27bf796737dd-FRA
expires: Wed, 03 May 2023 20:16:49 GMT

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/26b02624-42c7-456d-82c2-9669db762671/7c93933a-f6db-49b9-9381-908a8de85fc8/ 136 KB
23 KB 25ms
24ms Fetch
application/x-javascript 2606:4700::6813:bc61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/26b02624-42c7-456d-82c2-9669db762671/7c93933a-f6db-49b9-9381-908a8de85fc8/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.38.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:bc61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

efe5742eb3f854188a51fb0aeb62d132dc70f0b5504843886c446bdd3ea5f1bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 03 May 2023 20:11:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Qa1L81RG74Gpuues9M1Lww==
age: 21138
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 23537
x-ms-lease-status: unlocked
last-modified: Wed, 14 Dec 2022 19:43:22 GMT
server: cloudflare
etag: 0x8DADE0B754D6C62
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 2ded6588-b01e-012d-76e1-5a1d73000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7c1b27bf680e30ed-FRA
expires: Thu, 04 May 2023 20:11:49 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
256 B 55ms
17ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-PZ3FE06790&gtm=45je3510&_p=1183655933&gcs=G100&gdid=dZTQ1Zm&cid=387688827.1683144709&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=Ag&_s=1&sid=1683144709&sct=1&seg=0&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&dt=Royal%20Rumble%3A%20Analysis%20of%20Royal%20Ransomware&en=page_view&_fv=2&_nsi=1&_ss=2&_c=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PZ3FE06790
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 20:11:49 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cybereason.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 52ms
18ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-PZ3FE06790&gtm=45je3510&_p=1183655933&gcs=G100&gdid=dZTQ1Zm&cid=387688827.1683144709&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAw&_s=2&sid=1683144709&sct=1&seg=0&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&dt=Royal%20Rumble%3A%20Analysis%20of%20Royal%20Ransomware&en=visit_blog&_c=1&_et=3
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PZ3FE06790
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 20:11:49 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cybereason.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 p.gif
p.typekit.net/ 35 B
228 B 43ms
8ms Image
image/gif 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.typekit.net/p.gif?s=1&k=vyv2ljd&ht=tk&h=www.cybereason.com&f=32224.32226.32227.32228.32230.32231.10875.32265&a=657783&js=1.21.0&app=typekit&e=js&_=1683144709105
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

unused62: 8096267
date: Wed, 03 May 2023 20:11:49 GMT
last-modified: Sat, 09 Oct 2021 02:10:03 GMT
server: nginx
etag: "6160f9fb-23"
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 35

GET
H3 200 all.js Show response
connect.facebook.net/en_GB/ 308 KB
86 KB 25ms
14ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js?hash=8966ebc437b985d78b23db69f4f55957

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

cba8e827aa41d50aa3d9c800a287328e1b994bb507055c32a500b3f79397340b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 03 May 2023 20:11:49 GMT
content-md5: W5ebe/X1xcgmx1nzZM8YHw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88518
x-fb-rlafr: 0
x-fb-debug: zcmyAcH/ujZcHHUd+WUtAqcyUuYHPqOqYIobAeBl+89XZKGgT7sB/tHeYCLN+QpSXf0y5th1YUZUZuDp9iE27Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 6d7b76f0f2f1c7f57ea915a5d094695f
cross-origin-opener-policy: same-origin-allow-popups
etag: "d34df71072638c8e4a6d7017c84c5d95"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Thu, 02 May 2024 19:19:05 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.38.0/assets/ 13 KB
3 KB 25ms
25ms Fetch
application/json 2606:4700::6813:bc61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.38.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.38.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:bc61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14e4d1596c6b58896dfce1fc1ec45372bab4d2259ba82828fa3f96cc4f859fc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 03 May 2023 20:11:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: l8TaFfqEBdbGRIscoE5PLQ==
age: 69755
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3007
x-ms-lease-status: unlocked
last-modified: Thu, 21 Jul 2022 06:31:09 GMT
server: cloudflare
etag: 0x8DA6AE29925C8FF
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 4b382d4f-d01e-0076-2fe1-5a5c5a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7c1b27c0090b30ed-FRA

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/6.38.0/assets/v2/ 62 KB
13 KB 28ms
28ms Fetch
application/json 2606:4700::6813:bc61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.38.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.38.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:bc61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0c36470d3b6f534495768bdd7ed92dbb0d6d8d1f3b7b69adba7153b68b90f35

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 03 May 2023 20:11:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: JtD7zjxzBe/apQLaCwCdaw==
age: 32458
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 13258
x-ms-lease-status: unlocked
last-modified: Thu, 21 Jul 2022 06:31:11 GMT
server: cloudflare
etag: 0x8DA6AE29A87E4A6
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 67b9f448-301e-0151-03e1-5a8046000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7c1b27c0090c30ed-FRA

GET
H2 200 otCookieSettingsButton.json Show response
cdn.cookielaw.org/scripttemplates/6.38.0/assets/ 5 KB
2 KB 25ms
25ms Fetch
application/json 2606:4700::6813:bc61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.38.0/assets/otCookieSettingsButton.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.38.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:bc61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 03 May 2023 20:11:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: keZk8SpZZgHvyFwdMFhvhQ==
age: 32458
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1767
x-ms-lease-status: unlocked
last-modified: Thu, 21 Jul 2022 06:31:10 GMT
server: cloudflare
etag: 0x8DA6AE29A3CDCC9
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 62ba961c-101e-014d-6ae1-5a5851000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7c1b27c0091130ed-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/6.38.0/assets/ 22 KB
4 KB 26ms
26ms Fetch
text/css 2606:4700::6813:bc61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.38.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.38.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:bc61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

17770d05051a8a4f270ba5bdf049b90cc166ac42bd4513f419308a5804d7a161

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 03 May 2023 20:11:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: TLLtdkuMahUQRVIfmZNHNw==
age: 69755
x-ms-lease-status: unlocked
last-modified: Thu, 21 Jul 2022 06:31:23 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 2e5b0f2e-501e-0127-42e1-5a04fa000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7c1b27c0091230ed-FRA

GET
H2 200 widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html Show response
platform.twitter.com/widgets/ Frame 0536 320 KB
103 KB 8ms
8ms Document
text/html 146.75.116.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.cybereason.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf

Request headers

Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=315360000
content-encoding: gzip
content-length: 105435
content-type: text/html; charset=utf-8
date: Wed, 03 May 2023 20:11:49 GMT
etag: "95e1b50b0c179aefb47b5b211bb347b5+gzip"
last-modified: Tue, 24 Jan 2023 21:41:13 GMT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
tw-cdn: FT
vary: Accept-Encoding
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-served-by: cache-iad-kjyo7100105-IAD, cache-fra-eddf8230094-FRA

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 0536 869 B
658 B 201ms
117ms Fetch
application/json 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=b1447a344658ee4883ded8d4a044b68434b1bfdb

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.cybereason.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-response-time: 110
date: Wed, 03 May 2023 20:11:49 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Wed, 03 May 2023 20:11:49 GMT
server: tsa_o
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: 1970f4a8ee3dfe8f
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7626143928
x-connection-hash: a2aadee29a51304c73a88bb139d09c661432a055e92f11696f513f80b1939cbd
content-length: 337

GET
DATA 200
OK truncated
/ 817 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 28ms
18ms Image
image/svg+xml 2606:4700::6813:bc61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:bc61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 03 May 2023 20:11:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 50433
x-ms-lease-status: unlocked
last-modified: Tue, 02 May 2023 02:12:16 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: f40216a1-e01e-00d4-1d1b-7d91c6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7c1b27c148ca35e2-FRA

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 51 KB
21 KB 128ms
42ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 03 May 2023 18:35:44 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 5765
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Wed, 03 May 2023 20:35:44 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 19ms
18ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-PZ3FE06790&gtm=45je3510&_p=1183655933&_gaz=1&gcs=G111&gdid=dZTQ1Zm&cid=387688827.1683144709&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=3&sid=1683144709&sct=1&seg=0&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&dt=Royal%20Rumble%3A%20Analysis%20of%20Royal%20Ransomware&en=user_engagement&ep.ga_temp_client_id=387688827.1683144709&_et=394
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PZ3FE06790
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 20:11:49 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cybereason.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
256 B 70ms
24ms Ping
text/plain 2a00:1450:400c:c0b::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-PZ3FE06790&cid=387688827.1683144709&gtm=45je3510&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PZ3FE06790
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0b::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 20:11:49 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cybereason.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 440 KB
102 KB 83ms
81ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0d1860f248ba17416772d30bab9ae2b2542c4a1f94b9a22957e43ed23fcefaa2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 103834
x-xss-protection: 0
last-modified: Wed, 03 May 2023 19:39:23 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 03 May 2023 20:11:49 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 175ms
76ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-PZ3FE06790&cid=387688827.1683144709&gtm=45je3510&aip=1&z=1319380225

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 20:11:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

landing
googleads.g.doubleclick.net/pagead/
Redirect Chain

https://www.google.com/pagead/landing?gcs=G111&gcd=G100&rnd=2168851.1683144710&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&gtm=45He3510n81TJVVB7C&auid=1803308819.1683144710
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=G100&rnd=2168851.1683144710&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&gtm=45He3510n81TJVVB7C&auid=18033...

42 B
409 B

49ms
44ms

Ping
image/gif

2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=G100&rnd=2168851.1683144710&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&gtm=45He3510n81TJVVB7C&auid=1803308819.1683144710

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 20:11:49 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 03 May 2023 20:11:49 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=G100&rnd=2168851.1683144710&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&gtm=45He3510n81TJVVB7C&auid=1803308819.1683144710
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/934771702/ 3 KB
2 KB 138ms
49ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/934771702/?random=1683144709638&cv=11&fst=1683144709638&bg=ffffff&guid=ON&async=1&gtm=45He3510&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&hn=www.googleadservices.com&frm=0&tiba=Royal%20Rumble%3A%20Analysis%20of%20Royal%20Ransomware&auid=1803308819.1683144710&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a5fe314e9e087136d7a69df2a5e30cdf87a9f9799a9bdd94b5dcbf2eba3b1e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 20:11:49 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1213
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/401574334/ 3 KB
1 KB 139ms
51ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/401574334/?random=1683144709642&cv=11&fst=1683144709642&bg=ffffff&guid=ON&async=1&gtm=45He3510&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&hn=www.googleadservices.com&frm=0&tiba=Royal%20Rumble%3A%20Analysis%20of%20Royal%20Ransomware&auid=1803308819.1683144710&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc0ffd42c2af4f77699a5ff36ec5468938cffa30b9bd27dd59730d78c450a79a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 20:11:49 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1212
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 46ms
11ms Script
application/javascript 146.75.116.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:49 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-fra-eddf8230116-FRA

GET
H2 200 bat.js Show response
bat.bing.com/ 40 KB
12 KB 79ms
34ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

eec5c0b7f3736c064a5c93fb61f419fe7d3f7c1815c81004312fd349fd43be2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Wed, 03 May 2023 20:11:49 GMT
last-modified: Thu, 20 Apr 2023 19:01:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E26938F78EF14DF89C8C0C8BAD8C1F06 Ref B: FRAEDGE1709 Ref C: 2023-05-03T20:11:49Z
etag: "808c558fba73d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12036

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/561371164/ 3 KB
1 KB 131ms
50ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/561371164/?random=1683144709649&cv=11&fst=1683144709649&bg=ffffff&guid=ON&async=1&gtm=45He3510&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&hn=www.googleadservices.com&frm=0&tiba=Royal%20Rumble%3A%20Analysis%20of%20Royal%20Ransomware&auid=1803308819.1683144710&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d82ed8b4da48af2de1835bae3947405cdeb6fee6c561602dcaa1186a337058d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 20:11:49 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1214
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activityi;src=10272547;type=landing;cat=allsite;ord=2043388878265;gtm=45He3510;gcs=G111;auiddc=1803308819.1683144710;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
10272547.fls.doubleclick.net/ Frame 6FD1 0
0

GET
H2 200 hotjar-704918.js Show response
static.hotjar.com/c/ 9 KB
4 KB 80ms
11ms Script
application/javascript 18.66.97.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-704918.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-49.fra56.r.cloudfront.net

Software

Resource Hash

db07a04add516c031623e008da211da3fd5e7c9817592e296a04e011733df1ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:40 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 7ed0982309781d390a105a3ead66dbfa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 9
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
etag: W/af50a114c7b9bac1f312546de9762abb
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=60
x-cache-hit: 1
x-amz-cf-id: 8-xoQF5BIboGH3kmYSFmgAl0MvhCGXEq0STvsHIopUcfDiBxeYXi8A==

GET activityi;src=10428681;type=cyber0;cat=cyber0;ord=5113950580559;gtm=45He3510;gcs=G111;auiddc=1803308819.1683144710;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
10428681.fls.doubleclick.net/ Frame 9C85 0
0

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 29ms
8ms Script
application/x-javascript 2a02:26f0:3500:16::215:148d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:148d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 10 Jan 2023 17:22:56 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=67180
accept-ranges: bytes
content-length: 4777

GET
H2 200 1cwYCUDAYD26hHzYzki9 Show response
ws.zoominfo.com/pixel/ 3 KB
2 KB 343ms
297ms Script
text/javascript 2606:4700::6810:650c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/1cwYCUDAYD26hHzYzki9

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

18e4e8c5d3c06e0e08460836160288c2a9bfbd6b4b1ede2c3970becee357955f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 7c1b27c3cb479b80-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 3354902.js Show response
js.hs-scripts.com/ 1 KB
898 B 180ms
135ms Script
application/javascript 2606:4700::6812:883b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/3354902.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:883b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 94703eb3b87075caab95ff0cfc7db39b256a86f2981a81f5d31945424ed0c587

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:49 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Wed, 03 May 2023 19:22:34 GMT
server: cloudflare
x-hubspot-correlation-id: 9e5968f2-0b0e-4be9-96f5-5458c76259b0
x-trace: 2B91B35CB33284D7126EA5A57231D4B855F301A439000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.cybereason.com
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 7c1b27c3c82f68f7-FRA
expires: Wed, 03 May 2023 20:12:49 GMT

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 89ms
42ms Script
text/javascript 2606:4700::6812:d9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d9f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:49 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
server: cloudflare
age: 368
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=1200
cf-ray: 7c1b27c3d8901da4-FRA
expires: Wed, 03 May 2023 20:15:41 GMT

GET
H2 200 ping.min.js Show response
cdn.pdst.fm/ 26 KB
6 KB 60ms
16ms Script
application/javascript 35.244.142.80
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pdst.fm/ping.min.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.142.80 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 80.142.244.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: cb8d40d1eb7e2dc885affcf0012d9e1a73c270d843e8b890d36538e52d0a0342

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:02:33 GMT
content-encoding: gzip
age: 556
x-guploader-uploadid: ADPycds3w6cpQUKbvREaeFJyRkkNI601m5jdKRtwVsPNH-bpcnNNLKi-nVGRtju4J8135WZCjXEWO33gh8QD6ilQMk15LcWIrN3Z
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5774
last-modified: Fri, 28 May 2021 20:34:03 GMT
server: UploadServer
etag: "d001d1c9f5a942fa5524eeacb047e819"
vary: Accept-Encoding
x-goog-generation: 1622234043862937
x-goog-hash: crc32c=oKoi/w==, md5=0AHRyfWpQvpVJO6ssEfoGQ==
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 5774
accept-ranges: bytes
content-type: application/javascript;
expires: Wed, 03 May 2023 21:02:33 GMT

GET
H/1.1 200
OK js Show response
pixel.mathtag.com/event/ 1 KB
2 KB 80ms
25ms Script
text/javascript 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.mathtag.com/event/js?mt_id=1506452&mt_adid=241675&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 830 785530e master cdg-pixel-x30 config_version:"unknown" /
Resource Hash: 01376f897e5bf0d6aa4de42e5ea04a97467218a38ef5c9e80573699abded0eca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date: Wed, 03 May 2023 20:11:49 GMT
Server: MT3 830 785530e master cdg-pixel-x30 config_version:"unknown"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: text/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 1439
Expires: Wed, 03 May 2023 20:11:48 GMT

GET
H2 200 zdcd6x8yhg85.js Show response
js.driftt.com/include/1683144900000/ 221 KB
63 KB 189ms
140ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1683144900000/zdcd6x8yhg85.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8989f87b90cacdbca5875bdfbed7dd3c3f2acee982b9353c04d86e8c123906c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-amz-version-id: x8TZ8iebDtxhM0duvZHFnO4hbRoyqYO1
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Wed, 03 May 2023 20:11:49 GMT
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 30
last-modified: Fri, 28 Apr 2023 19:39:03 GMT
server: istio-envoy
etag: W/"1aa02cf06cb1a631ba2d08d343214ad7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: itYP6YHG71EmI-unlKOBfOobx_eueZ9RBAk-Hu48dmuj4kVg7xdHtQ==

GET
H2 200 E-v1.js Show response
fast.wistia.com/assets/external/ 639 KB
117 KB 46ms
12ms Script
text/javascript 2a04:4e42:200::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/E-v1.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

9c15091763db95921143569394192f41a23238617ab6a318090645cd2291439e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:49 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=0
age: 129
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
content-length: 119230
x-served-by: cache-iad-kcgs7200068-IAD, cache-fra-eddf8230126-FRA
x-browser-version: 113
last-modified: Wed, 03 May 2023 19:08:44 GMT
server: AmazonS3
x-timer: S1683144710.802670,VS0,VE0
etag: "4e6b8013702845cfc9ccfd3ef4321663"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
x-browser: chrome
asset-version: 550d64f4bd047ed3cde480cc56d6f48b25cbe9a8
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 18, 15

GET
H2 200 6e1424cff90e9cd4.min.js Show response
tag.demandbase.com/ 72 KB
20 KB 66ms
10ms Script
application/javascript 13.32.27.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.demandbase.com/6e1424cff90e9cd4.min.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.69 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-69.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

2a3b923fdb316cd5c440894dbb11a730871fae112ce929602357b872fc9955d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-amz-version-id: HpkQL0jJXUQ4M1787SLjXJj.sYXEO3bx
content-encoding: gzip
via: 1.1 1c12254585d1d316d9380549d59e3c80.cloudfront.net (CloudFront)
date: Wed, 03 May 2023 19:49:12 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA56-C2
age: 1387
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 26 Apr 2023 02:26:10 GMT
server: AmazonS3
etag: W/"3677b8aea5a9b677fc57f07b77197635"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
x-amz-cf-id: yTq2qEx5pIVIc3sil4ohAKWRuM6oZ5itrj82Io-cSqIJ32VkwUvcgQ==

GET
H2 200 airpr.js Show response
px.airpr.com/ 7 KB
2 KB 42ms
8ms Script
application/javascript 108.138.7.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://px.airpr.com/airpr.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.7.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-7-8.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: 529b9c583e6cf8da02c9cadf8c38b5714198f0fde2dcde01da2d5ee681228738

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 17:30:12 GMT
content-encoding: gzip
via: 1.1 e75bff6012758ccb55ff41b176b32342.cloudfront.net (CloudFront)
last-modified: Sat, 21 Apr 2018 18:03:55 GMT
server: nginx
x-amz-cf-pop: FRA56-P6
age: 9697
etag: "5adb7d0b-853"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: max-age=43200
content-length: 2131
x-amz-cf-id: 0efSaEiDR__n4Uaq1iq19mZi3i60y05kNaQank6o2JVEx4qrP6IhjA==
expires: Thu, 04 May 2023 05:47:09 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
211 B 43ms
42ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j100&a=1183655933&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&ul=en-us&de=UTF-8&dt=Royal%20Rumble%3A%20Analysis%20of%20Royal%20Ransomware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IADAAEABAAAAACAAI~&jid=565492435&gjid=1933120179&cid=387688827.1683144709&tid=UA-56367941-1&_gid=109901342.1683144710&_r=1&_slc=1&z=992455934

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 03 May 2023 20:11:49 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cybereason.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.b440b8b3971e5ec6056f.js Show response
script.hotjar.com/ 264 KB
68 KB 59ms
9ms Script
application/javascript 52.222.236.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.b440b8b3971e5ec6056f.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-704918.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-122.fra56.r.cloudfront.net

Software

Resource Hash

674492bb351bc3c8328b014f9ad016d26361a9da7599de0f0af8dfdbb7b99d48

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 09:29:07 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 88f858f045c3909fad9cebbada511aee.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 38562
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 69234
last-modified: Wed, 03 May 2023 09:28:55 GMT
etag: "4d60597d3bb7082d16c50293546f6f66"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: _9bn7080sOB_5oF2GDRmxzUMI9JX-sCGTvhSENCPdh-g59ybRVExlw==

GET adsct
t.co/i/ 0
0

GET adsct
analytics.twitter.com/i/ 0
0

GET adsct
t.co/1/i/ 0
0

GET adsct
analytics.twitter.com/1/i/ 0
0

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/3885972,4030924,72596/domain/cybereason.com/ 36 B
376 B 88ms
12ms XHR
application/json 2600:9000:20eb:fc00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/3885972,4030924,72596/domain/cybereason.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:fc00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 12:11:05 GMT
content-encoding: gzip
via: 1.1 96ab38d99b79d57e5c7e9b8a07c0fad2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 28844
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=35384
x-amz-cf-id: TzyDLN7lzOT8vuRb4XCbBz0u8pdqP2-fu5bYTGaw8w7aiumdy-960Q==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1683144709789&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&tm=gtmv2
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3885972%252C72596%252C4030924%26time%3D1683144709789%26url%3Dhttps%253A%252F%252F...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1683144709789&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&tm=gtmv2&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1683144709789&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&tm=gtmv2&liSync=true&e_ipv6=...

0
144 B

201ms
185ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1683144709789&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&tm=gtmv2&liSync=true&e_ipv6=AQIbF_ODj-MigwAAAYfjPhjjlWZQElaVfpZJ4-HITp6Bs7DJF53ti1BJXUoBg4d_puwjFQ_Y
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:50 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 0C1363B024BA43B28A65CB9EC6DAACC6 Ref B: FRAEDGE1722 Ref C: 2023-05-03T20:11:50Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX6z6qUHrXGqBvvOia9+g==

Redirect headers

date: Wed, 03 May 2023 20:11:49 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 5DC92A1C0CAA47C183EE40A44A9AFA56 Ref B: FRAEDGE1321 Ref C: 2023-05-03T20:11:50Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1683144709789&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&tm=gtmv2&liSync=true&e_ipv6=AQIbF_ODj-MigwAAAYfjPhjjlWZQElaVfpZJ4-HITp6Bs7DJF53ti1BJXUoBg4d_puwjFQ_Y
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX6z6qRH6rLKhvlD+Xjcw==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/3885972,4030924,72596/domain/cybereason.com/ 36 B
377 B 84ms
12ms XHR
application/json 2600:9000:20eb:fc00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/3885972,4030924,72596/domain/cybereason.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:fc00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 12:11:05 GMT
content-encoding: gzip
via: 1.1 96ab38d99b79d57e5c7e9b8a07c0fad2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 28844
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=35384
x-amz-cf-id: YQ7vza8fFk4LUYLBicVxTy02grtefuWqGEe3Rwn81Wg8keVpSx5phw==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/3885972,4030924,72596/domain/cybereason.com/ 36 B
376 B 84ms
13ms XHR
application/json 2600:9000:20eb:fc00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/3885972,4030924,72596/domain/cybereason.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:fc00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 12:11:05 GMT
content-encoding: gzip
via: 1.1 96ab38d99b79d57e5c7e9b8a07c0fad2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 28844
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=35384
x-amz-cf-id: 1M3czwvrXoOVBocKLlixG0Us2tH_ByZ2T-jEPdBzZZJ0kyW3FkiDCg==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1683144709794&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&tm=gtmv2
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3885972%252C72596%252C4030924%26time%3D1683144709794%26url%3Dhttps%253A%252F%252F...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1683144709794&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&tm=gtmv2&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1683144709794&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&tm=gtmv2&liSync=true&e_ipv6=...

0
265 B

202ms
178ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1683144709794&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&tm=gtmv2&liSync=true&e_ipv6=AQJ_eyd-Vqf3xgAAAYfjPhjbqEDHKqT9Wj_SF7ux8lColXY3R0nbXPpg8vn47di4sfDNr7pG
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:50 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 7566046BE4364D29A94BD151BD2B17F0 Ref B: FRAEDGE1722 Ref C: 2023-05-03T20:11:50Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX6z6qUFlVY2G6BGgisqg==

Redirect headers

date: Wed, 03 May 2023 20:11:49 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 62988D3329E04181B32E1002202E42C7 Ref B: FRAEDGE1321 Ref C: 2023-05-03T20:11:50Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1683144709794&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&tm=gtmv2&liSync=true&e_ipv6=AQJ_eyd-Vqf3xgAAAYfjPhjbqEDHKqT9Wj_SF7ux8lColXY3R0nbXPpg8vn47di4sfDNr7pG
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX6z6qRAJTJRLKkpZO4Gg==

GET
H2 204 56273944.js Show response
bat.bing.com/p/action/ 0
118 B 111ms
111ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/56273944.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Wed, 03 May 2023 20:11:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1FA50C9AE6224D1ABD7EC0BCCBD34D99 Ref B: FRAEDGE1709 Ref C: 2023-05-03T20:11:49Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
286 B 31ms
31ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=56273944&tm=gtm002&Ver=2&mid=d6b97a27-20d5-4d1d-944a-66d801327148&sid=bcd62e40e9ee11edae7d63b493a77d2f&vid=bcd66320e9ee11eda77dad02ea9c3812&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Royal%20Rumble%3A%20Analysis%20of%20Royal%20Ransomware&p=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&r=&lt=631&evt=pageLoad&sv=1&rn=118591

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 03 May 2023 20:11:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7AAA23A3B16641FB83F62293ED40F5D3 Ref B: FRAEDGE1709 Ref C: 2023-05-03T20:11:49Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 26ms
20ms XHR
text/plain 2a00:1450:400c:c0b::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-56367941-1&cid=387688827.1683144709&jid=565492435&gjid=1933120179&_gid=109901342.1683144710&_u=IADAAEAAAAAAACAAI~&z=465667474

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0b::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 03 May 2023 20:11:49 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cybereason.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/934771702/ 42 B
108 B 55ms
46ms Image
image/gif 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/934771702/?random=1683144709638&cv=11&fst=1683144000000&bg=ffffff&guid=ON&async=1&gtm=45He3510&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&frm=0&tiba=Royal%20Rumble%3A%20Analysis%20of%20Royal%20Ransomware&fmt=3&is_vtc=1&random=2536031575&rmt_tld=0&ipr=y

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 20:11:49 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/934771702/ 42 B
154 B 63ms
51ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/934771702/?random=1683144709638&cv=11&fst=1683144000000&bg=ffffff&guid=ON&async=1&gtm=45He3510&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&frm=0&tiba=Royal%20Rumble%3A%20Analysis%20of%20Royal%20Ransomware&fmt=3&is_vtc=1&random=2536031575&rmt_tld=1&ipr=y

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 20:11:49 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/561371164/ 42 B
108 B 66ms
54ms Image
image/gif 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/561371164/?random=1683144709649&cv=11&fst=1683144000000&bg=ffffff&guid=ON&async=1&gtm=45He3510&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&frm=0&tiba=Royal%20Rumble%3A%20Analysis%20of%20Royal%20Ransomware&fmt=3&is_vtc=1&random=4074399053&rmt_tld=0&ipr=y

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 20:11:49 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/561371164/ 42 B
108 B 84ms
71ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/561371164/?random=1683144709649&cv=11&fst=1683144000000&bg=ffffff&guid=ON&async=1&gtm=45He3510&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&frm=0&tiba=Royal%20Rumble%3A%20Analysis%20of%20Royal%20Ransomware&fmt=3&is_vtc=1&random=4074399053&rmt_tld=1&ipr=y

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 20:11:49 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/401574334/ 42 B
108 B 60ms
49ms Image
image/gif 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/401574334/?random=1683144709642&cv=11&fst=1683144000000&bg=ffffff&guid=ON&async=1&gtm=45He3510&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&frm=0&tiba=Royal%20Rumble%3A%20Analysis%20of%20Royal%20Ransomware&fmt=3&is_vtc=1&random=642223587&rmt_tld=0&ipr=y

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 20:11:49 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/401574334/ 42 B
108 B 63ms
53ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/401574334/?random=1683144709642&cv=11&fst=1683144000000&bg=ffffff&guid=ON&async=1&gtm=45He3510&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&frm=0&tiba=Royal%20Rumble%3A%20Analysis%20of%20Royal%20Ransomware&fmt=3&is_vtc=1&random=642223587&rmt_tld=1&ipr=y

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 20:11:49 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
471 B 128ms
125ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=16570449&r=1683144709819&ref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 16570449
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:50 GMT
via: 1.1 google
x-guploader-uploadid: ADPycdtWB1Imo2vPoVMIwUCVtkxLdOf8E6KsRvyR3IcEOopyuGZ79DJBT2kXjrbaeW8OUO20mSGNi942wMOGpn5RZQQCUgKPvbHA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Wed, 03 May 2023 21:11:50 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 169ms
114ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=16570449&r=1683144709819&ref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.cybereason.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 03 May 2023 20:11:49 GMT
expires: Wed, 03 May 2023 20:11:49 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ADPycdt5r11AzRwhvyVUdHc5ARaHkTQqDx7q07BK15RAUHfecwkipthGWPLGNc2P6dWRZnj3cmI3bnjeF_pDWe9kBRjUjXbx0QvM

POST
H2 204 pdst-events-prod-sink
us-central1-adaptive-growth.cloudfunctions.net/ 0
0 163ms
162ms Fetch
text/html 2001:4860:4802:36::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink
Requested by: Host: cdn.pdst.fm
URL: https://cdn.pdst.fm/ping.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend / Express
Resource Hash

Request headers

Accept: application/json
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 03 May 2023 20:11:50 GMT
server: Google Frontend
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
x-powered-by: Express
access-control-allow-methods: GET, POST
content-type: text/html
access-control-allow-origin: *
x-cloud-trace-context: 6b40c2e92dd83a410ffc13c13c01a68b
function-execution-id: 7bgouyq3o9ei
access-control-allow-headers: Content-Type, Accept
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

OPTIONS
H2 200 pdst-events-prod-sink
us-central1-adaptive-growth.cloudfunctions.net/ Frame 0
0 226ms
153ms Preflight
text/html 2001:4860:4802:36::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.cybereason.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

access-control-allow-headers: Content-Type, Accept
access-control-allow-methods: GET, POST
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: gzip
content-length: 22
content-type: text/html; charset=utf-8
date: Wed, 03 May 2023 20:11:49 GMT
etag: W/"2-ROqGvmcGDXooyAXFZHZ+i4au1yQ"
function-execution-id: 1emf4g4c0ttf
server: Google Frontend
x-cloud-trace-context: db8c45b07cebedb8c2d8f5b5aa1d720c
x-powered-by: Express

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 73ms
71ms Image
image/gif 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-56367941-1&cid=387688827.1683144709&jid=565492435&_u=IADAAEAAAAAAACAAI~&z=1714501149

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 20:11:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 79ms
78ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-56367941-1&cid=387688827.1683144709&jid=565492435&_u=IADAAEAAAAAAACAAI~&z=1714501149

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 20:11:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sync Show response
s.company-target.com/s/ Frame FF34 634 B
977 B 155ms
107ms Document
text/html 34.96.71.22
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.company-target.com/s/sync?exc=lr
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/6e1424cff90e9cd4.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.71.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 22.71.96.34.bc.googleusercontent.com
Software: /
Resource Hash: c39ff1c764099cb118dfa6d18a0e6d31dad39c7748bceb7625878847f5ba8e3b

Request headers

Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-methods: GET,OPTIONS
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 634
content-type: text/html; charset=UTF-8
date: Wed, 03 May 2023 20:11:49 GMT
via: 1.1 google

GET
H2 451 464526.gif
id.rlcdn.com/ 0
98 B 77ms
24ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/464526.gif
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:49 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H2 200 ip.json Show response
api.company-target.com/api/v2/ 461 B
956 B 85ms
49ms XHR
application/json 18.66.97.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&page_title=Royal%20Rumble%3A%20Analysis%20of%20Royal%20Ransomware
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/6e1424cff90e9cd4.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-57.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: 06294245f12818c2d04b2a9f1e1d9d5cadd44667f565cdc6f51c83aaf4dfef28

Request headers

Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 03 May 2023 20:11:49 GMT
identification-source: CENTRAL
content-encoding: gzip
via: 1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
x-cache: Miss from cloudfront
request-id: 0242404c-c272-495b-805d-d42f25946e8b
pragma: no-cache
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.cybereason.com
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
vary: Accept-Encoding, Origin
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: I7GuBuZnxrUwoXPCTuW7yJP8fmztvjrVPvfzXplOhUgcoL4QMHFoPA==
expires: Tue, 02 May 2023 20:11:49 GMT

GET
H/1.1 200
OK iframe Show response
pixel.mathtag.com/sync/ Frame DC2D 677 B
1 KB 25ms
23ms Document
text/html 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.mathtag.com/sync/iframe?mt_uuid=857a6452-c005-4400-9d72-bc38abb888e7&no_iframe=1&mt_adid=241675&source=mathtag
Requested by: Host: pixel.mathtag.com
URL: https://pixel.mathtag.com/event/js?mt_id=1506452&mt_adid=241675&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 830 785530e master cdg-pixel-x34 config_version:"unknown" /
Resource Hash: 3ef64e4a0001cd55211fff6bd306290f29c7482a6006d070ee21e52484b7ef22

Request headers

Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 677
Content-Type: text/html
Date: Wed, 03 May 2023 20:11:49 GMT
Expires: Wed, 03 May 2023 20:11:48 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 830 785530e master cdg-pixel-x34 config_version:"unknown"

GET
H/1.1 200
OK img
pixel.mathtag.com/comp/ 0
492 B 33ms
32ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/comp/img?mt_id=99&ns=xx&bcdv=0
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 830 785530e master zrh-pixel-x30 config_version:"unknown" /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date: Wed, 03 May 2023 20:11:50 GMT
Server: MT3 830 785530e master zrh-pixel-x30 config_version:"unknown"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Expires: Wed, 03 May 2023 20:11:49 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 42ms
39ms Image
image/gif 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j100&a=1183655933&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&ul=en-us&de=UTF-8&dt=Royal%20Rumble%3A%20Analysis%20of%20Royal%20Ransomware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aDDAAEABAAAAACAAI~&jid=&gjid=&cid=387688827.1683144709&tid=UA-56367941-1&_gid=109901342.1683144710&cd3=(Non-Company%20Visitor)&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=(Non-Company%20Visitor)&cd8=(Non-Company%20Visitor)&cd9=Bot&cd10=(Non-Company%20Visitor)&cd11=(Non-Company%20Visitor)&cd12=Frankfurt%20am%20Main&cd13=HE&cd14=Germany&z=394673265

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 03:07:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 61487
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame FF34
Redirect Chain

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1699042309&external_user_id=fb5dfaa2-f826-4695-a216-47686b466d60
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1699042309&external_user_id=fb5dfaa2-f826-4695-a216-47686b466d60&C=1

43 B
766 B

14ms
9ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=18&expiry=1699042309&external_user_id=fb5dfaa2-f826-4695-a216-47686b466d60&C=1
Requested by: Host: s.company-target.com
URL: https://s.company-target.com/s/sync?exc=lr
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 03 May 2023 20:11:50 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 03 May 2023 20:11:50 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=18&expiry=1699042309&external_user_id=fb5dfaa2-f826-4695-a216-47686b466d60&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H2 200 sync
partners.tremorhub.com/ Frame FF34 43 B
393 B 320ms
101ms Image
image/gif 2600:1f18:612b:4232:ccf8:7954:61b3:e7d6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partners.tremorhub.com/sync?UIDM=fb5dfaa2-f826-4695-a216-47686b466d60
Requested by: Host: s.company-target.com
URL: https://s.company-target.com/s/sync?exc=lr
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4232:ccf8:7954:61b3:e7d6 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Wed, 03 May 2023 20:11:50 GMT
server: nginx
content-type: image/gif

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame FF34 0
239 B 76ms
13ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?nid=5578&put=fb5dfaa2-f826-4695-a216-47686b466d60&v=1181926
Requested by: Host: s.company-target.com
URL: https://s.company-target.com/s/sync?exc=lr
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK img
pixel.mathtag.com/comp/ Frame DC2D 0
491 B 22ms
22ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/comp/img?mt_id=99&ns=xx&bcdv=0
Requested by: Host: pixel.mathtag.com
URL: https://pixel.mathtag.com/sync/iframe?mt_uuid=857a6452-c005-4400-9d72-bc38abb888e7&no_iframe=1&mt_adid=241675&source=mathtag
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 830 785530e master zrh-pixel-x3 config_version:"unknown" /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.mathtag.com/sync/iframe?mt_uuid=857a6452-c005-4400-9d72-bc38abb888e7&no_iframe=1&mt_adid=241675&source=mathtag
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Date: Wed, 03 May 2023 20:11:50 GMT
Server: MT3 830 785530e master zrh-pixel-x3 config_version:"unknown"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Expires: Wed, 03 May 2023 20:11:49 GMT

GET
BLOB 200
OK 33b9224d-475d-4f58-84a3-3e58a59095b9
https://www.cybereason.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.cybereason.com/33b9224d-475d-4f58-84a3-3e58a59095b9
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET
H2 200 core Show response
js.driftt.com/ Frame A0D5 2 KB
1 KB 301ms
301ms Document
text/html 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1683144900000/zdcd6x8yhg85.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e2a0c716824375ab3b6ba3d71119d6ea8658ec6d3afbe6efa8e49b07cc1e858b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 03 May 2023 20:11:50 GMT
etag: W/"d24683eab735beaadd07b2ec060ce6d9"
last-modified: Fri, 28 Apr 2023 19:38:52 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-id: cgBVxrdnya2MClwRuOJaqdnXPcsQ3DA_c3w5uPCWW3J5D18RxAmIcA==
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-amz-version-id: Tj4_13N0iwCYRl75UDfc15zCZqfNJI.x
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 14

GET
H2 200 chat Show response
js.driftt.com/core/ Frame 2EEE 2 KB
1 KB 119ms
118ms Document
text/html 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1683144900000/zdcd6x8yhg85.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e2a0c716824375ab3b6ba3d71119d6ea8658ec6d3afbe6efa8e49b07cc1e858b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 03 May 2023 20:11:50 GMT
etag: W/"d24683eab735beaadd07b2ec060ce6d9"
last-modified: Fri, 28 Apr 2023 19:38:52 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-id: TCV2w8hkdoC_NlmhDjesQ6zbZhtX-D56GjNTyOdgzknlM6JxqDKI5Q==
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-amz-version-id: Tj4_13N0iwCYRl75UDfc15zCZqfNJI.x
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 17

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
605 B 130ms
129ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=609496040&v=1.1&a=3354902&pi=94353422598&ct=blog-post&ccu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&cpi=94353422598&cgi=5272851739&lpi=94353422598&lvi=94353422598&lvc=en&pu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&t=Royal+Rumble%3A+Analysis+of+Royal+Ransomware&cts=1683144710689&vi=c04627fe8188fd433d2ca2527c704228&nc=true&u=85683782.c04627fe8188fd433d2ca2527c704228.1683144710685.1683144710685.1683144710685.1&b=85683782.1.1683144710685&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: d826fb92-7e3c-4ecd-96c3-238ebc713fa6
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 6b0827f7-b567-4e2b-908a-a7201e2e8684
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6cK0LdWx%2ByFQIikrfOHjGcCjkp8wJQjNunfoKNWKp5C49k1pJdImbxbafPDaKUU23C9iKEGfdKdcZe3el3lG1SrA59%2BHWIGeF6w%2F7EwedZlYazrmx5UEU%2BeGvpSrDx17ixXIYaBhLSmIC3181COt"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8684ddbc9d-dfjrn
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7c1b27c9daa32bf1-FRA
x-robots-tag: none

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 40ms
39ms Image
image/gif 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j100&a=1183655933&t=event&ni=1&_s=3&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&ul=en-us&de=UTF-8&dt=Royal%20Rumble%3A%20Analysis%20of%20Royal%20Ransomware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=airpr&ea=visitor%20hit&_u=aDDAAEABAAAAACAAI~&jid=&gjid=&cid=387688827.1683144709&tid=UA-56367941-1&_gid=109901342.1683144710&cd3=(Non-Company%20Visitor)&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=(Non-Company%20Visitor)&cd8=(Non-Company%20Visitor)&cd9=Bot&cd10=(Non-Company%20Visitor)&cd11=(Non-Company%20Visitor)&cd12=Frankfurt%20am%20Main&cd13=HE&cd14=Germany&cd16=387688827.1683144709&z=1497921858

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 03:07:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 61487
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

204

anpx
dpx.airpr.com/
Redirect Chain

https://dpx.airpr.com/px?hostname=www.cybereason.com&profile=660386&ga_account_id=UA-56367941-1&ga_account_type=UA&ga_c=387688827.1683144709&an=true
https://secure.adnxs.com/getuid?https://dpx.airpr.com/anpx?adnxs_uid=$UID&airpr_id=5686181562
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdpx.airpr.com%2Fanpx%3Fadnxs_uid%3D%24UID%26airpr_id%3D5686181562
https://dpx.airpr.com/anpx?adnxs_uid=8777140370465426193&airpr_id=5686181562

0
63 B

10ms
9ms

Image
text/plain

35.156.172.173
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dpx.airpr.com/anpx?adnxs_uid=8777140370465426193&airpr_id=5686181562
Protocol: H2
Server: 35.156.172.173 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-156-172-173.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:50 GMT
cache-control: private
server: nginx

Redirect headers

Date: Wed, 03 May 2023 20:11:50 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.213.155.141; 185.213.155.141; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: bbd79d9e-4800-4fe1-a772-8c6c859fcd67
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://dpx.airpr.com/anpx?adnxs_uid=8777140370465426193&airpr_id=5686181562
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 220 B
1 KB 228ms
179ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=3354902&utk=c04627fe8188fd433d2ca2527c704228&__hstc=85683782.c04627fe8188fd433d2ca2527c704228.1683144710685.1683144710685.1683144710685.1&__hssc=85683782.1.1683144710685&contentId=94353422598&currentUrl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fafbdcf0b23118feba3708d9b64058e2acce3976ecd57bd8a49d747ff22529da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: d21a1c53-924e-4068-bd8f-4b258b12b31a
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 37
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: fc2f0d2e-77f5-47fc-b4a2-3ff2e2ef8372
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.cybereason.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: false
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a322XZ91zdo8q7ftsrmHG8qNdwza9SiVZGXuwriHDyKeW2gOlAWKtjq3noT8vTnkac8Um6%2BEmDhzBF6x%2FpHfXcB84OPy2DszmDe7SQtbiknJL0jK3yB1Vn5GxcjrghBJTItTepm7QfpITgzJT9nD"}],"group":"cf-nel","max_age":604800}
x-robots-tag: none
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 7c1b27ca7d929bec-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-58fd596dd9-6ghg2

GET
H2 200 runtime~main.288ca7cf.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 6 KB
3 KB 8ms
8ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

a3986521f7e895cf3175098026f4471920366f5b3d3d1d0299a3c710a779e2ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 19:38:51 GMT
x-amz-version-id: RlY44XUgIyFaw723OVFcTKdHmmxqiGSD
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 433979
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 39
last-modified: Fri, 28 Apr 2023 19:33:24 GMT
server: istio-envoy
etag: W/"6d70ba943e02b1750bd44bdd0c539787"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8OOnC7zho1-KeuroZwnLlqRwBipfgQwk1GBmCcMeKbewwm_dMRe9SA==

GET
H2 200 10.f16292bd.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 35 KB
13 KB 9ms
8ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/10.f16292bd.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

958a03c833d9116f7ab9a5ee503f7b0360b9291b268bfb77128a8f0e19238613

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 19:46:35 GMT
x-amz-version-id: vxCcv4zYAYLBWzoN3vV_gQ.FCbDVMFxs
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3543915
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 33
last-modified: Wed, 22 Mar 2023 19:45:36 GMT
server: istio-envoy
etag: W/"cdb5f42b656ab6b237aa50c24c0d8474"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: TFTJKSVdgcQQk14xM_mz2vRN2TBbIXtj1VIn1ayyZjFCEs8hUKU83A==

GET
H2 200 main~493df0b3.02edd878.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 7 KB
3 KB 10ms
9ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.02edd878.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

95245f488fc923a05392ac8ca5985ac00d44b0603ba7b987d103475181268d88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 31 Mar 2023 08:47:48 GMT
x-amz-version-id: GeEu4y5ogkTLvG9nQWQR5SjDp.WHrJPZ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2892242
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 42
last-modified: Fri, 31 Mar 2023 03:20:40 GMT
server: istio-envoy
etag: W/"552f770e8c42c3e418dbe498f587a82e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wGlq5k9OVZc-accqH83lYQ3sq7dS3RA4OTVUeqKyTQuYAwrFMnMhcg==

GET
H2 200 52.b1edaf4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 23 KB
8 KB 8ms
7ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7cb58278c8f54a62c0afa6da0c67b3a45aad637a0bf614e9c0dd42b73cee266b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 01:53:48 GMT
x-amz-version-id: lxujLHLILbiou2pPIvSbvmgPaqeh.Vzu
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3262682
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 41
last-modified: Fri, 24 Mar 2023 15:27:32 GMT
server: istio-envoy
etag: W/"cd29b9bc973e48a7fcd0ee7153bdf03b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: m6pAX9KC2wz5EQnydw2b08e2jcE21aDUdNG9eTHL8qQQNDQaBK6mhg==

GET
H2 200 36.b49bf23f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 36 KB
10 KB 9ms
7ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/36.b49bf23f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c2b7a45d31339f18ed57fd095feca4da1b3fbab75a5afbc053957f6e8e1613a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 05:06:18 GMT
x-amz-version-id: Q4PwFrBFPFv3rKed2hELrYzow2Zuj9ZP
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2991932
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 31
last-modified: Wed, 29 Mar 2023 16:46:55 GMT
server: istio-envoy
etag: W/"4ae92c53ef226eb2a201fc855ccb7835"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: MvtLBsYbKTbR43b0HLiRLn6_JE1VrH02J8ZOpG4nftrNtLJ-pGXcMQ==

GET
H2 200 25.22647a55.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 32 KB
11 KB 10ms
8ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.22647a55.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ec547a2f9fde5ce8e398da2810828ba3c30c641ce2761f5bf915225efb35f919

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:42:37 GMT
x-amz-version-id: XA_4ua4Mc1QdvybS1pWZjlgaFWs12iw1
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3947353
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 31
last-modified: Fri, 17 Mar 2023 17:38:17 GMT
server: istio-envoy
etag: W/"2ce6c446f71a395ff41647c9ba4b9c19"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: L5XmXoAY7jm79RZs2DqzsiNRVvpuiGQ7-Ji6q9wDgj700DP0x93cLg==

GET
H2 200 20.2ffef383.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 17 KB
6 KB 10ms
9ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.2ffef383.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

f46108976666130f89c43a82ee045f7a3afb264494060ef6b3d9eb6589e49d16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 00:35:31 GMT
x-amz-version-id: 6Bytm8AhFrZOtVi540MCYAzaNTefw5KL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3526579
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 35
last-modified: Wed, 22 Mar 2023 19:45:36 GMT
server: istio-envoy
etag: W/"ec6e94b6cea3a27506634867a8009ded"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: bP7B4JdsxmgfOnToZOZlsXvzrRBKnKl-v8XCi48pi_QXIz7csACTVA==

GET
H2 200 42.67956b13.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 25 KB
8 KB 11ms
10ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/42.67956b13.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

9d88866c6295ffc0cadaa1ccb951367e196737a413482176d5787b70aae04ef0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 31 Mar 2023 08:47:48 GMT
x-amz-version-id: iy3lhWfWhugpxaPV1Myr6j1VGgCA5HIt
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2892242
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 54
last-modified: Fri, 31 Mar 2023 03:20:38 GMT
server: istio-envoy
etag: W/"d53cdfd4559700cfe085380882a8e897"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: LobcjQEX0CVCa81LEQxXL1U955Lg-kqnFM9PSbDyiQrLdf2qu9kadw==

GET
H2 200 21.b3438b1b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 74 KB
23 KB 12ms
10ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b3438b1b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

3169ab3142fbf3ecf7eee1b5682a4556ed8a3d4ba940befa71c31b5a43991d92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 03 Apr 2023 07:18:02 GMT
x-amz-version-id: UXQvjOaV4cAuEvK3KPgjO_jLHWxz9qS_
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2638428
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 108
last-modified: Fri, 31 Mar 2023 03:20:37 GMT
server: istio-envoy
etag: W/"10e1bfa61646f14df045c581bc9410fd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: w7R0a1yGIGA6iMJ4S0h-N55WddRQDZs40NNzJO277cjQtbkO5a2GtA==

GET
H2 200 27.3951aad8.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 66 KB
20 KB 13ms
11ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/27.3951aad8.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e8e658c81a7ff92a6e0f9049ee3a8fc42082e8303abb6ed44c73361259cbdbae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 06 Apr 2023 23:37:41 GMT
x-amz-version-id: 26UTh.m4ArSpFKSrN66bvcz3uXZQ9UHl
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2320449
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 54
last-modified: Wed, 05 Apr 2023 19:06:49 GMT
server: istio-envoy
etag: W/"5b2b6d0508fe18c3efb6bcd6249fd4e1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: cMzxGazsZGeUidJAS6z61GCmUHlKSTvOm0G0aOeBLQqLz9qdaCZWXg==

GET
H2 200 15.699b0dc7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 91 KB
28 KB 14ms
13ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/15.699b0dc7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

047d14c117d25e9e0a1a2ba3f4aa23a602d417fc7402294e484d20b19140ecf1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 13:17:36 GMT
x-amz-version-id: cF.xMpCShLNVO58x3JtnZ0cwl5OG09zq
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3135254
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 78
last-modified: Mon, 27 Mar 2023 17:53:24 GMT
server: istio-envoy
etag: W/"43d1442a9d30453da9eaeb12b9daafff"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: FdEzsykKWb14ZRSXxrxnsRpokuXTP9ZSPBj3Bn0XJ5TTe46q21L0eQ==

GET
H2 200 12.d33926cb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 23 KB
7 KB 15ms
13ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/12.d33926cb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

28816769ece0ee343025ff388216c645e175c92cce4db6bd812a321b1ad345c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:36:00 GMT
x-amz-version-id: RO4lA8yEDOZtfT2PvBv0Xiq3xw4.OB.v
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3947750
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 27
last-modified: Fri, 17 Mar 2023 17:38:17 GMT
server: istio-envoy
etag: W/"bdcb035523ec144399213aa65a8430ff"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 7R2xCUCuolfCwG5i0wgj4DgSf073zL9iQ7I1vD7sG7AT7kxEm07PRA==

GET
H2 200 19.8e79a39a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 62 KB
20 KB 16ms
14ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.8e79a39a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b7c5d1d3e03d31b9b450c0aac2972f3aef995be2a69ec5ecfa6200c4a321ef40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 03:37:47 GMT
x-amz-version-id: aUjwhsxVenkczBcI0zYivT4naL6jgMgC
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2478843
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 60
last-modified: Tue, 04 Apr 2023 15:21:34 GMT
server: istio-envoy
etag: W/"c478a5bb4d7885e2b9250c6beeb4fd6d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XDbq4M-G4gaV9qL5hmb2AQv_rex5R_Cdy_DRADgVGuszhJ7GNT7V6Q==

GET
H2 200 50.de3b5864.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 105 KB
34 KB 16ms
15ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/50.de3b5864.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c8c302716cf94980a0d77e614d9fb6c430f166b5ef7c42b7c382771955e52ba6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 02:49:27 GMT
x-amz-version-id: .Jp3H9IwroEnQF4Gakvu11ViwJAtAJzd
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3777742
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 63
last-modified: Mon, 20 Mar 2023 19:06:57 GMT
server: istio-envoy
etag: W/"114785899ceb423273fcc17aaad202e9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: c91nZEyrVAZlg6gkSQ254P_ZlQvfN5Sp5T_miPQKO3t0uBOOlMrGQg==

GET
H2 200 41.a1867ad4.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 12 KB
4 KB 18ms
17ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.a1867ad4.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d641c13a78017e11f15b152b78082bcd0cf474766f13ba649bfa6378d956c492

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 31 Mar 2023 08:47:49 GMT
x-amz-version-id: JBBoCHQ25QjCrCSsnBK3xXQ0hh61rDKz
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2892241
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 25
last-modified: Fri, 31 Mar 2023 03:20:38 GMT
server: istio-envoy
etag: W/"299dd262bf32831c99dc78a9c5b5ca43"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 6si6rLGHbntcZjmBGjoCOGxEi1bO4FBBO0JNtdrV_itaTYFpd1MbaQ==

GET
H2 200 30.57dfb56c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 13 KB
6 KB 18ms
17ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/30.57dfb56c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c96b2cd5b57e02ce65ab0a787a6c8ea69efbf424064e15500691847cd879e8ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 06 Apr 2023 04:07:33 GMT
x-amz-version-id: 6i.Q9se5wwt8PhzEnxv9nt9k1hldMqUL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2390657
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 35
last-modified: Wed, 05 Apr 2023 19:06:49 GMT
server: istio-envoy
etag: W/"b8addee34a5cd2241740a2e3094039b3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Dx69K2xYoLmP3K1NudoaxMg_f0_7DaLEU1oe-6Xhv4LYTYcXt5o5Dw==

GET
H2 200 22.4cb40074.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 17 KB
7 KB 19ms
18ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.4cb40074.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

cdeb836f7f77cd2174fa0bb4aa3825963aa64faf657a24f988b82f1c4d28ce69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 01:13:18 GMT
x-amz-version-id: wITkTXOkJrHiVChAuzkmL_98MXQL9dkp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3265112
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 38
last-modified: Fri, 24 Mar 2023 15:27:31 GMT
server: istio-envoy
etag: W/"6cf24f8ea74f43662c776ce6af09d469"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: IVI9jor_xbnT_hiZFYcViF-x_GPW4brZUH8kIHmUA8cmPjGV-ZNPbQ==

GET
H2 200 9.b5c2854f.chunk.css
js.driftt.com/core/assets/css/ Frame 2EEE 31 KB
4 KB 19ms
16ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/9.b5c2854f.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 02 Apr 2023 13:04:48 GMT
x-amz-version-id: LhcyJeU2kFf26i1b16YWESXZ4pGeN9QF
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2704022
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 40
last-modified: Wed, 29 Mar 2023 16:46:52 GMT
server: istio-envoy
etag: W/"9ef689f5d4cb5dab3b0e463418857c2f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: xfO_3Da2LnkXSbHQ7FjpJuC9aakK_k2dQ1f0TE3OogLiRznB6LBf-g==

GET
H2 200 9.c3fb736e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 80 KB
25 KB 20ms
17ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.c3fb736e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

97835f51936631312648ce4198cd92c85beae9e09e3cdaff439c57ffccc5c5d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 15:53:54 GMT
x-amz-version-id: yjn0Mr9niEwveuUV6Ps9NwvZvY1Il2ab
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3471475
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 14
last-modified: Fri, 24 Mar 2023 15:27:33 GMT
server: istio-envoy
etag: W/"b4ca5f0ecc404e3c35769971c076a425"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: aByGh8fwBieF_FsIFVeVqJkJPcBgURdeHZlEav05wICHYmJfxj4lrg==

GET
H2 200 17.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 2EEE 24 B
696 B 19ms
16ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/17.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 26 Jan 2023 20:13:51 GMT
x-amz-version-id: eR0JFDWwyA3gsnd_XajqmmtDUbC85CBL
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 8380679
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
content-length: 24
last-modified: Tue, 11 Oct 2022 19:09:27 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: kGT2BBIUiGdb74xEbj-4gX-0fN08Yoqe4ycdzlTDanhQ7Os_lW9d9g==

GET
H2 200 17.81f008ad.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 91 KB
23 KB 20ms
18ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.81f008ad.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ae3f6024712196dff7272f57c522e4048826b484f7336a97cc3e7f6f00d2d443

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 16:01:28 GMT
x-amz-version-id: pq2QZWEko7dMDbeq5q9U3.Qr6wYVodOo
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1311022
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 33
last-modified: Mon, 17 Apr 2023 18:50:41 GMT
server: istio-envoy
etag: W/"2c5463d20bb9c942f4cb26607893067b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: hFIvm_UcqcuHgRiDwKDaHgYj2BESPYeZWvPU5G9kywiQfb8AZ3CXmw==

GET
H2 200 26.a55c1f38.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 50 KB
14 KB 21ms
19ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.a55c1f38.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7616b033adbe366f235d70696b659f554051c0e578508896aab0ff5b169491db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 19:38:51 GMT
x-amz-version-id: CLxBuTmXn3tjxxf_j0OncAOh499FdB3n
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 433978
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 28 Apr 2023 19:33:22 GMT
server: istio-envoy
etag: W/"89bd8cf777e065fa7ca75d777c943155"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: V4uz5n1GIc6RZAfeHypYQ5bZY1FjP6apa5XCUsk-_5yDMDE4RjgSHg==

GET
H2 200 18.12d8d932.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 40 KB
13 KB 22ms
20ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.12d8d932.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2ff2b9a5434137bda235f2847f5939dcd06977e5437ae82bfa197e00faabc6a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 19:38:51 GMT
x-amz-version-id: 51lzaeDhcNerEWUeOM6e5tRXtG.B7lli
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 433978
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Fri, 28 Apr 2023 19:33:21 GMT
server: istio-envoy
etag: W/"f8d07bd5dd786d7b8a311fde8e1e4859"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wJdI9hWwu7GxJril3mUz2pvwCQk75C_u2JLhZKjnNOfOv_BL9E7wmQ==

GET
H2 200 38.11d2b6a7.chunk.css
js.driftt.com/core/assets/css/ Frame 2EEE 3 KB
1 KB 8ms
7ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/38.11d2b6a7.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 13:17:36 GMT
x-amz-version-id: LFPPxWsKM9buI7tNlxr2ORSmQyZS03tk
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3135254
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 29
last-modified: Mon, 27 Mar 2023 17:53:23 GMT
server: istio-envoy
etag: W/"87532c4db85f1429fa6d759bc3332f36"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ZxpgTxjFHL-8mJHzL-gFzN00u-DAGX9ZsFFlgEZ0oT3foC8fAJZ73g==

GET
H2 200 38.2c907ce3.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 3 KB
2 KB 8ms
8ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/38.2c907ce3.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

0c07bf805e857013386ec7ea2d26911aed5c827ee90e71a94188553c6d8ef337

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 09 Mar 2023 16:46:57 GMT
x-amz-version-id: UxCT8aDYj_hNgM93MexUSctwVxa1i.5F
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4764293
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Thu, 09 Mar 2023 16:34:01 GMT
server: istio-envoy
etag: W/"ad63bf20f878fb64a363281ee85aa567"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: YKZiMcOoXAo_iphRICfxTz2hy5utjct4E_epC1KfFXkoXsz4LRu_eQ==

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 9 KB
3 KB 8ms
8ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 25 Mar 2023 07:22:55 GMT
x-amz-version-id: FbY0009UR6SM8SEWGeJjbUjChZiwlwq2
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3415735
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 63
last-modified: Fri, 24 Mar 2023 15:27:29 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: DiyadSyjCik3JtgacSjeQKTYnsF0bDvmRnt7Al8vkMsvoMY4eOfXnA==

GET
H2 200 3.07aa08a5.chunk.css
js.driftt.com/core/assets/css/ Frame 2EEE 7 KB
2 KB 9ms
9ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/3.07aa08a5.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 07 Apr 2023 08:09:51 GMT
x-amz-version-id: a6aW3pFI8jDJfd5Fzc5RXPW1PSDB8w30
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2289719
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 56
last-modified: Wed, 05 Apr 2023 19:06:46 GMT
server: istio-envoy
etag: W/"189aeffd571884559dababa22c66d75a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8ARG3OxDOxsRNdIGN5He0-kEpUr_pOFV4MVZ5uG7N-ncCk0LsGxk4Q==

GET
H2 200 3.f50b964b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 54 KB
15 KB 10ms
10ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/3.f50b964b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 02 Apr 2023 13:04:52 GMT
x-amz-version-id: TZgR.kF9jQEw5fwgp1aPwIBAWqAwmYWG
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2704018
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 50
last-modified: Fri, 31 Mar 2023 03:20:38 GMT
server: istio-envoy
etag: W/"1ac37bf2b93050f29058b66a9ad43e10"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 34fqlrY3UPut3RsCk5rmiGs9Aplo3F1zJAneIrC7jar0c2WvBsT7PQ==

GET
H2 200 1.02a6af84.chunk.css
js.driftt.com/core/assets/css/ Frame 2EEE 44 KB
7 KB 11ms
10ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/1.02a6af84.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

120def079fc4e239098c571e178a9a1b73746f05c6f65a97cd7291b8c13aa401

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 31 Mar 2023 08:47:50 GMT
x-amz-version-id: 2mFqsYPgAFu7IBkViFaO6MCHTOONwEvX
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2892240
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 33
last-modified: Fri, 31 Mar 2023 03:20:34 GMT
server: istio-envoy
etag: W/"295093fc512c5e44a90c3c28242de8ae"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: g3C40Q8TIdcRsrJzrKyJRID67Z6t13YdRyHv54U4xr8zcnUICpm1Cw==

GET
H2 200 1.dd688aaf.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 53 KB
17 KB 20ms
20ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/1.dd688aaf.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d3ed94b69049a6046b0472b87a4d1be0a1c9482c9edc3793bf72714c82c7ce0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 20:29:53 GMT
x-amz-version-id: EYuyMkYTdV6Sz.Tu3e2Qz8Z_YPV77rIe
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2418117
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Wed, 05 Apr 2023 19:06:48 GMT
server: istio-envoy
etag: W/"456df11dba646f06e80bbae67a65aad8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: WpkUVS5d3hHj0ynXpsJeYYSbSa7R3LYtjD_YLyGSSBsx3tdaIOB6ZQ==

GET
H2 200 4.b4477698.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 23 KB
10 KB 22ms
22ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/4.b4477698.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

277725f80d5c0175c2a996fe1eea07395b87ec1bd0496353409e99e96024816e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 20:29:53 GMT
x-amz-version-id: 0s5HvDu7I8ZUWeiRZtf_7BJNbUsVlUik
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2418117
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Wed, 05 Apr 2023 19:06:49 GMT
server: istio-envoy
etag: W/"ec2b0368f8359c0e46e2bfb9cf8e79ef"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: kJoekig-b2T94eL3QL-a12XEUmJsKvbgzS9hX6BdNa1xcwIXJIpPig==

GET
H2 200 35.a3318c5e.chunk.css
js.driftt.com/core/assets/css/ Frame 2EEE 14 KB
3 KB 23ms
23ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/35.a3318c5e.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

f3342c52eee43a2ea931cae2ee2d6d9a2939432ffcb03bb4f2983ac7e49b26cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 06 Apr 2023 04:07:35 GMT
x-amz-version-id: XpghMM6Bvn3zdgxgFBI2tr0e58zP8_PK
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2390655
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 79
last-modified: Wed, 05 Apr 2023 19:05:07 GMT
server: istio-envoy
etag: W/"b06e02b360914b25e58305b1b9b954dc"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8kQGsd0nTZ5Y1ANjUI9hA6HzjjrUd3PSwRyhJovjiPab84djrHMPjQ==

GET
H2 200 35.46d29dea.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 12 KB
5 KB 24ms
24ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.46d29dea.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2693e158a319fe2c6576e7fdd76ad78ca5e0235cce4418503e5fee2e7426b2d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 19:38:52 GMT
x-amz-version-id: xuvYWNeKM10RQbhB8D3mlc4N6CStBtYA
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 433978
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 32
last-modified: Fri, 28 Apr 2023 19:33:22 GMT
server: istio-envoy
etag: W/"8195467360aaef75c927565e2e787326"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: r-KqXc2c80xlTldgK1SekRmXuAjA1AqrtlZUmuhJSNkdGKcDlQMeFA==

GET
H2 200 runtime~main.288ca7cf.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 6 KB
3 KB 8ms
8ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

a3986521f7e895cf3175098026f4471920366f5b3d3d1d0299a3c710a779e2ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 19:38:51 GMT
x-amz-version-id: RlY44XUgIyFaw723OVFcTKdHmmxqiGSD
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 433980
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 39
last-modified: Fri, 28 Apr 2023 19:33:24 GMT
server: istio-envoy
etag: W/"6d70ba943e02b1750bd44bdd0c539787"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: KOBJ6M8oiNu3C4mJfgX1X2hGcw88oHBMsemLgS3ziqwaoKCzUi-P6A==

GET
H2 200 10.f16292bd.chunk.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 35 KB
13 KB 9ms
8ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/10.f16292bd.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

958a03c833d9116f7ab9a5ee503f7b0360b9291b268bfb77128a8f0e19238613

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 23 Mar 2023 19:46:35 GMT
x-amz-version-id: vxCcv4zYAYLBWzoN3vV_gQ.FCbDVMFxs
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3543916
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 33
last-modified: Wed, 22 Mar 2023 19:45:36 GMT
server: istio-envoy
etag: W/"cdb5f42b656ab6b237aa50c24c0d8474"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Z6DeZnJN9WHc83uebGtMeqOtgYNYanuQ_0MGj0h5PDLPTExDUKBEQQ==

GET
H2 200 main~493df0b3.02edd878.chunk.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 7 KB
3 KB 9ms
9ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.02edd878.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

95245f488fc923a05392ac8ca5985ac00d44b0603ba7b987d103475181268d88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 31 Mar 2023 08:47:48 GMT
x-amz-version-id: GeEu4y5ogkTLvG9nQWQR5SjDp.WHrJPZ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2892243
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 42
last-modified: Fri, 31 Mar 2023 03:20:40 GMT
server: istio-envoy
etag: W/"552f770e8c42c3e418dbe498f587a82e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 5fkQWYQUK4vgJ7gBq6o_GHs6eRmeY6kSvwWtsCsiL0-w3wEZJifiaA==

GET
H2 200 52.b1edaf4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 23 KB
8 KB 9ms
5ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7cb58278c8f54a62c0afa6da0c67b3a45aad637a0bf614e9c0dd42b73cee266b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 01:53:48 GMT
x-amz-version-id: lxujLHLILbiou2pPIvSbvmgPaqeh.Vzu
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3262683
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 41
last-modified: Fri, 24 Mar 2023 15:27:32 GMT
server: istio-envoy
etag: W/"cd29b9bc973e48a7fcd0ee7153bdf03b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 56nhms1CGsBhq9WhfIujf2xw40SIILnA33YK7Ga7VRMiIYM0rqyz9g==

GET
H2 200 36.b49bf23f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 36 KB
10 KB 12ms
8ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/36.b49bf23f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c2b7a45d31339f18ed57fd095feca4da1b3fbab75a5afbc053957f6e8e1613a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 05:06:18 GMT
x-amz-version-id: Q4PwFrBFPFv3rKed2hELrYzow2Zuj9ZP
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2991933
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 31
last-modified: Wed, 29 Mar 2023 16:46:55 GMT
server: istio-envoy
etag: W/"4ae92c53ef226eb2a201fc855ccb7835"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ZmRu7zsIphPWZthxK8K6jv3KAcN1jMKhxLhl2pwfHH01Y77Dof4B9A==

GET
H2 200 25.22647a55.chunk.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 32 KB
11 KB 13ms
9ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.22647a55.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ec547a2f9fde5ce8e398da2810828ba3c30c641ce2761f5bf915225efb35f919

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:42:37 GMT
x-amz-version-id: XA_4ua4Mc1QdvybS1pWZjlgaFWs12iw1
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3947354
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 31
last-modified: Fri, 17 Mar 2023 17:38:17 GMT
server: istio-envoy
etag: W/"2ce6c446f71a395ff41647c9ba4b9c19"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: MVlyr_Snaju4m1rWIHcpf-X2qubK34NUgKh6Z19qRxn4bunu1Vlzxw==

GET
H2 200 20.2ffef383.chunk.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 17 KB
6 KB 14ms
9ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.2ffef383.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

f46108976666130f89c43a82ee045f7a3afb264494060ef6b3d9eb6589e49d16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 00:35:31 GMT
x-amz-version-id: 6Bytm8AhFrZOtVi540MCYAzaNTefw5KL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3526580
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 35
last-modified: Wed, 22 Mar 2023 19:45:36 GMT
server: istio-envoy
etag: W/"ec6e94b6cea3a27506634867a8009ded"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: w3ndogIdFguvJNaJS7wI60bW2jN4EDas8NB7FOFFFDCH7_ThdGbPiw==

GET
H2 200 42.67956b13.chunk.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 25 KB
8 KB 14ms
10ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/42.67956b13.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

9d88866c6295ffc0cadaa1ccb951367e196737a413482176d5787b70aae04ef0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 31 Mar 2023 08:47:48 GMT
x-amz-version-id: iy3lhWfWhugpxaPV1Myr6j1VGgCA5HIt
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2892243
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 54
last-modified: Fri, 31 Mar 2023 03:20:38 GMT
server: istio-envoy
etag: W/"d53cdfd4559700cfe085380882a8e897"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: -vK1eZnQYfDuiRqyPdU60bYcjfwo8tFqzkZLQXhonPoIBdeYk6PmlQ==

GET
H2 200 21.b3438b1b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 74 KB
23 KB 16ms
11ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b3438b1b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

3169ab3142fbf3ecf7eee1b5682a4556ed8a3d4ba940befa71c31b5a43991d92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 03 Apr 2023 07:18:02 GMT
x-amz-version-id: UXQvjOaV4cAuEvK3KPgjO_jLHWxz9qS_
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2638429
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 108
last-modified: Fri, 31 Mar 2023 03:20:37 GMT
server: istio-envoy
etag: W/"10e1bfa61646f14df045c581bc9410fd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: cUxKGmFL6092fT722b77aYkXFPwt12ew2J8YQV-O9tz8hhAAvpWKew==

GET
H2 200 27.3951aad8.chunk.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 66 KB
20 KB 16ms
12ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/27.3951aad8.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e8e658c81a7ff92a6e0f9049ee3a8fc42082e8303abb6ed44c73361259cbdbae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 06 Apr 2023 23:37:41 GMT
x-amz-version-id: 26UTh.m4ArSpFKSrN66bvcz3uXZQ9UHl
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2320450
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 54
last-modified: Wed, 05 Apr 2023 19:06:49 GMT
server: istio-envoy
etag: W/"5b2b6d0508fe18c3efb6bcd6249fd4e1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: D_j_bVOV5Hr_IASZsUi3_fwjTpoO4TIjqyfuhUu4Z5U09zkTU6MJRA==

GET
H2 200 15.699b0dc7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 91 KB
28 KB 18ms
13ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/15.699b0dc7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

047d14c117d25e9e0a1a2ba3f4aa23a602d417fc7402294e484d20b19140ecf1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Tue, 28 Mar 2023 13:17:36 GMT
x-amz-version-id: cF.xMpCShLNVO58x3JtnZ0cwl5OG09zq
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3135255
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 78
last-modified: Mon, 27 Mar 2023 17:53:24 GMT
server: istio-envoy
etag: W/"43d1442a9d30453da9eaeb12b9daafff"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: I4ZgYLTvEBHUhscZAvWJ-dSL7jvlDP7_CqThRjbAoeITLyz7EptcWQ==

GET
H2 200 12.d33926cb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 23 KB
7 KB 18ms
14ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/12.d33926cb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

28816769ece0ee343025ff388216c645e175c92cce4db6bd812a321b1ad345c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 19 Mar 2023 03:36:00 GMT
x-amz-version-id: RO4lA8yEDOZtfT2PvBv0Xiq3xw4.OB.v
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3947751
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 27
last-modified: Fri, 17 Mar 2023 17:38:17 GMT
server: istio-envoy
etag: W/"bdcb035523ec144399213aa65a8430ff"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: G07sJp4t8A58LFRL2HOiwt8iKbmTH6gDHTt12FioJcRClTDoMrW9rg==

GET
H2 200 19.8e79a39a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 62 KB
20 KB 19ms
15ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.8e79a39a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b7c5d1d3e03d31b9b450c0aac2972f3aef995be2a69ec5ecfa6200c4a321ef40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 03:37:47 GMT
x-amz-version-id: aUjwhsxVenkczBcI0zYivT4naL6jgMgC
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2478844
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 60
last-modified: Tue, 04 Apr 2023 15:21:34 GMT
server: istio-envoy
etag: W/"c478a5bb4d7885e2b9250c6beeb4fd6d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: e-TrIM-sqSy6j8XJrAXpWVvJR0hVcuj_p0A6q0taer3SqYgv0A82tw==

GET
H2 200 50.de3b5864.chunk.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 105 KB
34 KB 21ms
17ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/50.de3b5864.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c8c302716cf94980a0d77e614d9fb6c430f166b5ef7c42b7c382771955e52ba6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Tue, 21 Mar 2023 02:49:27 GMT
x-amz-version-id: .Jp3H9IwroEnQF4Gakvu11ViwJAtAJzd
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3777743
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 63
last-modified: Mon, 20 Mar 2023 19:06:57 GMT
server: istio-envoy
etag: W/"114785899ceb423273fcc17aaad202e9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ABu4nXv94ZDUBVPwEcZKniWOX84AtZSsMDI2dW3kNcDx4B_6a3emnw==

GET
H2 200 41.a1867ad4.chunk.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 12 KB
4 KB 25ms
21ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.a1867ad4.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d641c13a78017e11f15b152b78082bcd0cf474766f13ba649bfa6378d956c492

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 31 Mar 2023 08:47:49 GMT
x-amz-version-id: JBBoCHQ25QjCrCSsnBK3xXQ0hh61rDKz
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2892242
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 25
last-modified: Fri, 31 Mar 2023 03:20:38 GMT
server: istio-envoy
etag: W/"299dd262bf32831c99dc78a9c5b5ca43"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 7XThbd51e2CMMZIynpL6In_nat8GJeHLj6-6rarMiVLKqP30dD5UhA==

GET
H2 200 30.57dfb56c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 13 KB
6 KB 26ms
22ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/30.57dfb56c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c96b2cd5b57e02ce65ab0a787a6c8ea69efbf424064e15500691847cd879e8ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 06 Apr 2023 04:07:33 GMT
x-amz-version-id: 6i.Q9se5wwt8PhzEnxv9nt9k1hldMqUL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2390658
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 35
last-modified: Wed, 05 Apr 2023 19:06:49 GMT
server: istio-envoy
etag: W/"b8addee34a5cd2241740a2e3094039b3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: E9OwRuzHzEUEIN2u64pPnuCagpTwZMr-FedpuYWhZtkZ8heIUebjmg==

GET
H2 200 22.4cb40074.chunk.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 17 KB
7 KB 26ms
23ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.4cb40074.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

cdeb836f7f77cd2174fa0bb4aa3825963aa64faf657a24f988b82f1c4d28ce69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 01:13:18 GMT
x-amz-version-id: wITkTXOkJrHiVChAuzkmL_98MXQL9dkp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3265113
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 38
last-modified: Fri, 24 Mar 2023 15:27:31 GMT
server: istio-envoy
etag: W/"6cf24f8ea74f43662c776ce6af09d469"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ponGLg8nyNpCu1fo1l2FeHjHeRcYNBxVrPZ8hQUpy_uDEvYmSiqd_A==

GET
H2 200 9.b5c2854f.chunk.css
js.driftt.com/core/assets/css/ Frame A0D5 31 KB
4 KB 21ms
18ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/9.b5c2854f.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sun, 02 Apr 2023 13:04:48 GMT
x-amz-version-id: LhcyJeU2kFf26i1b16YWESXZ4pGeN9QF
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2704023
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 40
last-modified: Wed, 29 Mar 2023 16:46:52 GMT
server: istio-envoy
etag: W/"9ef689f5d4cb5dab3b0e463418857c2f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: D1znTFQkmyAs1FDdWeTdqHoiWMkh_VmFjHrLhcqqK7Boy7LgeaGZlw==

GET
H2 200 9.c3fb736e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 80 KB
25 KB 27ms
24ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.c3fb736e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

97835f51936631312648ce4198cd92c85beae9e09e3cdaff439c57ffccc5c5d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 15:53:54 GMT
x-amz-version-id: yjn0Mr9niEwveuUV6Ps9NwvZvY1Il2ab
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3471476
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 14
last-modified: Fri, 24 Mar 2023 15:27:33 GMT
server: istio-envoy
etag: W/"b4ca5f0ecc404e3c35769971c076a425"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: SvwEQHifvh436faU1JFkl97Koe5HlJ-5a5D1-8a5W3kmmwv18_wGHQ==

GET
H2 200 17.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame A0D5 24 B
696 B 21ms
19ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/17.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Thu, 26 Jan 2023 20:13:51 GMT
x-amz-version-id: eR0JFDWwyA3gsnd_XajqmmtDUbC85CBL
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 8380680
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
content-length: 24
last-modified: Tue, 11 Oct 2022 19:09:27 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: BUkvHLxwG8FujaJsrI1U6y49HVqiehvPiJ9E5crrUvihQcNJZvJ2EQ==

GET
H2 200 17.81f008ad.chunk.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 91 KB
23 KB 27ms
25ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.81f008ad.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ae3f6024712196dff7272f57c522e4048826b484f7336a97cc3e7f6f00d2d443

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 16:01:28 GMT
x-amz-version-id: pq2QZWEko7dMDbeq5q9U3.Qr6wYVodOo
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1311023
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 33
last-modified: Mon, 17 Apr 2023 18:50:41 GMT
server: istio-envoy
etag: W/"2c5463d20bb9c942f4cb26607893067b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: K9O8hUiZfdmROXWGTKqkKTX9Bc7O4tK4iZqKjjxZtI378nVhxCGhVA==

GET
H2 200 26.a55c1f38.chunk.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 50 KB
14 KB 28ms
26ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.a55c1f38.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7616b033adbe366f235d70696b659f554051c0e578508896aab0ff5b169491db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 19:38:51 GMT
x-amz-version-id: CLxBuTmXn3tjxxf_j0OncAOh499FdB3n
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 433979
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 28 Apr 2023 19:33:22 GMT
server: istio-envoy
etag: W/"89bd8cf777e065fa7ca75d777c943155"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 05vXiyvEskYtLbWXMgjZ9R1rqmLGX0UZnpbG3LXupaL5UJGuDZ4ciA==

GET
H2 200 18.12d8d932.chunk.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 40 KB
13 KB 29ms
27ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.12d8d932.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2ff2b9a5434137bda235f2847f5939dcd06977e5437ae82bfa197e00faabc6a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 28 Apr 2023 19:38:51 GMT
x-amz-version-id: 51lzaeDhcNerEWUeOM6e5tRXtG.B7lli
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 433979
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Fri, 28 Apr 2023 19:33:21 GMT
server: istio-envoy
etag: W/"f8d07bd5dd786d7b8a311fde8e1e4859"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: j-zSCBBv7GEMMimI1r1MggHL--bMIJso7BRxTEzlDFyk-6Wz6_fL7Q==

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 9 KB
3 KB 8ms
7ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 25 Mar 2023 07:22:55 GMT
x-amz-version-id: FbY0009UR6SM8SEWGeJjbUjChZiwlwq2
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3415736
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 63
last-modified: Fri, 24 Mar 2023 15:27:29 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8QCwWHzsM4yVm4KdecHIzPD73hr7d5ffhyf6PleM8ue9UAiYNAyiUw==

GET
H2 200 28.01a0fe87.chunk.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 35 KB
10 KB 10ms
9ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/28.01a0fe87.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

fffcc021124d70080ddd0c52562645c46e03ff39c924ced85c1bfd62cb8b8767

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Fri, 24 Mar 2023 00:35:32 GMT
x-amz-version-id: 0rY7ZMxMJr4q1CTa8XKaYut.OrNqYUku
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3526579
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 36
last-modified: Wed, 22 Mar 2023 19:45:37 GMT
server: istio-envoy
etag: W/"0ad089f0617a0fa8014a23c2afa90ddd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 1j4ldoUwEZhtWw0ZyRP-d4Ix8_4kIDgpnEPf5K2mhw_GRKFesJHsng==

GET
H2 200 29.9bf46b67.chunk.css
js.driftt.com/core/assets/css/ Frame A0D5 8 KB
2 KB 9ms
8ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/29.9bf46b67.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

4eda4b5575532ad6a713d3d9bbcde581c519d9b8d0202363925ddc80049eed6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 01:13:18 GMT
x-amz-version-id: popM32jgPZoTCgNMNJLFyK6uoaTcanKd
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3265113
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 60
last-modified: Fri, 24 Mar 2023 15:27:28 GMT
server: istio-envoy
etag: W/"4f21faf2ba450e5fcdf7eda90813e185"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: RA3D8tEpHNQuupB7Y4tlmljbMK8fb1QzcALLWSUa_ZKJLPMLRJjZXw==

GET
H2 200 29.98c2b316.chunk.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 14 KB
6 KB 11ms
11ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/29.98c2b316.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c6b2815294e64eb3d9e30955673ae3b60a486ae5b7dfcc7e48c0e2a4fe7301de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 18:08:56 GMT
x-amz-version-id: aizM0H1Fdw3zzppb3P2Ok7x7JUMOS1IQ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3204175
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 37
last-modified: Mon, 27 Mar 2023 17:53:25 GMT
server: istio-envoy
etag: W/"6526b5009cc642f706e7156982e7429b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 4FrQdOO_oIxswoYU6gGLkIYcHWFGkoNJ5M3AYR3Ea8hvl7uF3sOf_A==

GET
H2 200 23.c695453b.chunk.css
js.driftt.com/core/assets/css/ Frame A0D5 365 B
1 KB 11ms
10ms Stylesheet
text/css 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/23.c695453b.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 27 Mar 2023 01:22:59 GMT
x-amz-version-id: .JKRl3M6v7IUb5gryZ10Srrtp7jvamtG
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 3264532
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 41
content-length: 365
last-modified: Fri, 24 Mar 2023 15:27:28 GMT
server: istio-envoy
etag: "06b2963b029c0824382815165bfea73e"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: NuMHtCgDZTVSA0UnwYDLXizdSuh3u6wwRTGciuAoXaoZGpbdwYYR8Q==

GET
H2 200 23.ed4e6d8f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 91 KB
25 KB 15ms
15ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/23.ed4e6d8f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7c4cddc44e59d49ccbfdaf1b57cca9884b74ee1710671c7d9fa974e3fae6f507

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 26 Apr 2023 16:38:37 GMT
x-amz-version-id: xN70QZOgyKQKNnP0o5N59vnLWimajx0E
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 617594
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Wed, 26 Apr 2023 15:35:22 GMT
server: istio-envoy
etag: W/"697b9f051ece7b5f2c5dbe85f673b6cd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: lSHSmrfXr0xGevr0B_KhecPCfiRsYu2fW7hnY19eEzfkazrtkbPSag==

POST
H2 200 v2 Show response
bootstrap.api.drift.com/widget_bootstrap/ping/ Frame A0D5 196 B
636 B 371ms
118ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping/v2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

bba4d9f81ffc79a81be2bbd64d9e5cff58f12fb91daa1cb82db64afd48568aa8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 03 May 2023 20:11:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 8a22f708fbb6ed1
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 9
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 196

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 461 B
957 B 60ms
45ms Fetch
application/json 18.66.97.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?key=demandbase_UBcrPOQv880H7H03hUjDU1ih1EpeWrsScR1YmUME&page=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&page_title=Royal%20Rumble%3A%20Analysis%20of%20Royal%20Ransomware&referrer=
Requested by: Host: js.driftt.com
URL: https://js.driftt.com/include/1683144900000/zdcd6x8yhg85.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-57.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: 06294245f12818c2d04b2a9f1e1d9d5cadd44667f565cdc6f51c83aaf4dfef28

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:51 GMT
identification-source: CENTRAL
content-encoding: gzip
via: 1.1 2af4ee189e50805a67bd62bbd51ad0dc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
x-cache: Miss from cloudfront
request-id: 0fd3dbc1-8311-4c50-894c-1884afcadc27
pragma: no-cache
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.cybereason.com
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
vary: Accept-Encoding, Origin
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Skb7ARvNV2lJ1z3PBF_zwOIp_Twu2ZGzqhrFnBWlEoxdrNf-z3_y_A==
expires: Tue, 02 May 2023 20:11:51 GMT

POST
H2 200 v2 Show response
customer.api.drift.com/integrations/hubspot/utk/ Frame A0D5 2 B
64 B 155ms
155ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://customer.api.drift.com/integrations/hubspot/utk/v2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 03 May 2023 20:11:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 813281741d1de601
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 47
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 2

OPTIONS
H2 200 v2
customer.api.drift.com/integrations/hubspot/utk/ Frame 0
0 119ms
109ms Preflight
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://customer.api.drift.com/integrations/hubspot/utk/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Wed, 03 May 2023 20:11:51 GMT
requestid: driftc648964462a8847b48640b34cd0
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 2

POST
H2 200 v3 Show response
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame A0D5 25 B
88 B 126ms
120ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v3

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 03 May 2023 20:11:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 4fe11ff0c08fed70
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 12
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

POST
H2 200 widget_bootstrap Show response
bootstrap.api.drift.com/ Frame A0D5 23 KB
7 KB 373ms
373ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

627391144119ed1cf55d977137c1ec023e2bbe01b691a928e6256ab63708ce4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 03 May 2023 20:11:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: cc8e82219a3ed3e6
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 266
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version

POST
H2 200 track Show response
event.api.drift.com/ Frame A0D5 603 B
662 B 109ms
109ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

2f0d919e1a2e5ebe53b9d0d84a34125d8edcd865b2f27cd44ddd30b7f7e9b7b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxODEzNjUzMTc1NyIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEzODEyNzciLCJleHAiOjE3MTQ3NjcxMTIsImlhdCI6MTY4MzE0NDcxMn0.8TvFIA3lIjXYdiIt464dne0k4oDRtU1_VclZwZKeBPYQI8F0NMweYxXgU-eELAiuZoMoTZow9oo8IBygR5igWg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 03 May 2023 20:11:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: bcc125a1288bd3aa
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 603

OPTIONS
H2 200 track
event.api.drift.com/ Frame 0
0 114ms
108ms Preflight
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Wed, 03 May 2023 20:11:52 GMT
requestid: driftd0045084bef854a2b11d030ea40
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 0

POST
H2 200 evaluate_with_log Show response
targeting.api.drift.com/targeting/ Frame A0D5 1 KB
436 B 114ms
113ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/targeting/evaluate_with_log

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f51e2d6cfecd6d29839d2adf631d99965731eda893acb74e71646b6e4eec9df1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxODEzNjUzMTc1NyIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEzODEyNzciLCJleHAiOjE3MTQ3NjcxMTIsImlhdCI6MTY4MzE0NDcxMn0.8TvFIA3lIjXYdiIt464dne0k4oDRtU1_VclZwZKeBPYQI8F0NMweYxXgU-eELAiuZoMoTZow9oo8IBygR5igWg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 03 May 2023 20:11:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: e1d42918cd7da986
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 375

OPTIONS
H2 200 evaluate_with_log
targeting.api.drift.com/targeting/ Frame 0
0 117ms
109ms Preflight
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/targeting/evaluate_with_log

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Wed, 03 May 2023 20:11:52 GMT
requestid: drift495de9d4a8c80fba44de7bbe38e
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

OPTIONS
H2 200 render_initial_v3
flow.api.drift.com/flows/ Frame 0
0 117ms
110ms Preflight
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://flow.api.drift.com/flows/render_initial_v3

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Wed, 03 May 2023 20:11:53 GMT
requestid: driftd3e95f845f58f6755ad82a149ea
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

POST
H2 200 render_initial_v3 Show response
flow.api.drift.com/flows/ Frame A0D5 3 KB
2 KB 132ms
132ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://flow.api.drift.com/flows/render_initial_v3

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

6df4a478f4138e69cf13c80011208eaa9356a1a4c3d416ae7010a04beb8f08a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxODEzNjUzMTc1NyIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEzODEyNzciLCJleHAiOjE3MTQ3NjcxMTIsImlhdCI6MTY4MzE0NDcxMn0.8TvFIA3lIjXYdiIt464dne0k4oDRtU1_VclZwZKeBPYQI8F0NMweYxXgU-eELAiuZoMoTZow9oo8IBygR5igWg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 03 May 2023 20:11:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: 5af270a598b62657
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 24
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 1912

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 38ms
38ms Image
image/gif 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j100&a=1183655933&t=event&ni=1&_s=4&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&ul=en-us&de=UTF-8&dt=Royal%20Rumble%3A%20Analysis%20of%20Royal%20Ransomware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Drift%20Widget&ea=Playbook%20Fired&el=Playbook%20ID%3A%202392604&_u=aDDAAEABAAAAACAAI~&jid=&gjid=&cid=387688827.1683144709&tid=UA-56367941-1&_gid=109901342.1683144710&cd3=(Non-Company%20Visitor)&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=(Non-Company%20Visitor)&cd8=(Non-Company%20Visitor)&cd9=Bot&cd10=(Non-Company%20Visitor)&cd11=(Non-Company%20Visitor)&cd12=Frankfurt%20am%20Main&cd13=HE&cd14=Germany&z=386570287

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 03:07:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 61490
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 58.377a2854.chunk.js Show response
js.driftt.com/core/assets/js/ Frame A0D5 18 KB
7 KB 8ms
7ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/58.377a2854.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

130688f16399fc1980b2900037a220bc182f4b0c320621dc7d70ec721514765e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=zdcd6x8yhg85&eId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=1a7e2c83-d18e-4ff7-9c28-92df2e255bfe&sessionStarted=1683144710.671&campaignRefreshToken=c1445723-a110-419b-b9c9-de09fb58af72&hideController=false&pageLoadStartTime=1683144708791&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 25 Mar 2023 04:47:47 GMT
x-amz-version-id: wE03_MzHXRFIBnvFGdKOLxKaN8SqczPT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3425046
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 43
last-modified: Fri, 24 Mar 2023 15:27:32 GMT
server: istio-envoy
etag: W/"33f417d96bdfff4c4e2ac5468c815f07"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: sKw9-BBoutMKl7gUhBcgrpZ7ez_1nPmIuPJ5rk_tQKDOviSECHGgWQ==

POST
H2 204 widget Show response
targeting.api.drift.com/impressions/ Frame A0D5 0
37 B 116ms
116ms XHR
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/impressions/widget

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxODEzNjUzMTc1NyIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEzODEyNzciLCJleHAiOjE3MTQ3NjcxMTIsImlhdCI6MTY4MzE0NDcxMn0.8TvFIA3lIjXYdiIt464dne0k4oDRtU1_VclZwZKeBPYQI8F0NMweYxXgU-eELAiuZoMoTZow9oo8IBygR5igWg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 03 May 2023 20:11:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 5992ceebba099642
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-credentials: true
x-envoy-upstream-service-time: 7
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version

OPTIONS
H2 200 widget
targeting.api.drift.com/impressions/ Frame 0
0 108ms
108ms Preflight
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/impressions/widget

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Wed, 03 May 2023 20:11:53 GMT
requestid: drift5f283404aa980cbbfcbc8de641e
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

GET
H2 200 58.377a2854.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2EEE 18 KB
7 KB 7ms
7ms Script
application/javascript 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/58.377a2854.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.288ca7cf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

130688f16399fc1980b2900037a220bc182f4b0c320621dc7d70ec721514765e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1683144708791
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Sat, 25 Mar 2023 04:47:47 GMT
x-amz-version-id: wE03_MzHXRFIBnvFGdKOLxKaN8SqczPT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3425046
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 43
last-modified: Fri, 24 Mar 2023 15:27:32 GMT
server: istio-envoy
etag: W/"33f417d96bdfff4c4e2ac5468c815f07"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: pKvlvWqONg3MeanQGp-6mBmX3haz2KB4IGb8fABJdrt9Mt_hM77sXA==

GET
H2 200 https%3A%2F%2Fdriftt.imgix.net%2Fhttps%253A%252F%252Fs3.us-east-1.amazonaws.com%252Fcustomer-api-avatars-prod%252F1950898%252Fcf56b4489febf61acfb6e51be8cf97e6gvyynyxfxveg%3Ffit%3Dmax%26fm%3Dpng%26h...
driftt.imgix.net/ Frame A0D5 17 KB
17 KB 64ms
11ms Image
image/png 2a04:4e42:8e::720
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://driftt.imgix.net/https%3A%2F%2Fdriftt.imgix.net%2Fhttps%253A%252F%252Fs3.us-east-1.amazonaws.com%252Fcustomer-api-avatars-prod%252F1950898%252Fcf56b4489febf61acfb6e51be8cf97e6gvyynyxfxveg%3Ffit%3Dmax%26fm%3Dpng%26h%3D200%26w%3D200%26s%3D6909ce1f471978a1cb09f4ea3e69b067?fit=max&fm=png&h=200&w=200&s=8348ffe42d415a25c067563a7214a99e

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:8e::720 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

imgix /

Resource Hash

08ae602f78ab228a4d85085457280a7a9ac60b2c516e4bbe0304968a3b39ac8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Wed, 03 May 2023 20:11:53 GMT
x-content-type-options: nosniff
age: 1161763
x-cache: HIT, HIT
x-imgix-id: 1360cab64fe29fa5a1bb336a7ee306d95793ec11
cross-origin-resource-policy: cross-origin
content-length: 17432
x-served-by: cache-sjc10032-SJC, cache-fra-etou8220021-FRA
x-imgix-render-farm: 01.9552
last-modified: Thu, 20 Apr 2023 09:29:10 GMT
server: imgix
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2
js.driftt.com/deploy/assets/static/fonts/ Frame A0D5 38 KB
39 KB 7ms
7ms Font
font/woff2 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/deploy/assets/static/fonts/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/css/9.b5c2854f.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

fbeb296c1ecc216a17bda77bf65e833cc0410cfbe1908e121f7a4549cc390675

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/assets/css/9.b5c2854f.chunk.css
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 06 Mar 2023 18:27:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 5017441
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 66
content-length: 39372
last-modified: Fri, 03 Mar 2023 16:21:38 GMT
server: istio-envoy
etag: "40b6965b5cd26213faf61e5ab6765bb9"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/font-woff2,font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 6QKivsIuOVZzvSy6t6-RXkIlwezG74_n2K2qj-ca5pk1dUKNgMyX1g==

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2
js.driftt.com/deploy/assets/static/fonts/ Frame 2EEE 38 KB
39 KB 7ms
7ms Font
font/woff2 18.66.112.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/deploy/assets/static/fonts/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/css/9.b5c2854f.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.118 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-118.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

fbeb296c1ecc216a17bda77bf65e833cc0410cfbe1908e121f7a4549cc390675

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/assets/css/9.b5c2854f.chunk.css
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date: Mon, 06 Mar 2023 18:27:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fb49d852ca52c03c834ce98098b51516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 5017441
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 66
content-length: 39372
last-modified: Fri, 03 Mar 2023 16:21:38 GMT
server: istio-envoy
etag: "40b6965b5cd26213faf61e5ab6765bb9"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/font-woff2,font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Np1-M5Mw2dHuO-2U81tEoGUQSv_KKtFiCNPPapx3ya3_2HiNf9HsJQ==

POST
H2 200 perf Show response
www.cybereason.com/_hcms/ 2 B
1019 B 447ms
447ms XHR
text/plain 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cybereason.com/_hcms/perf

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/royal-ransomware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.64.106 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-type: application/json

Response headers

date: Wed, 03 May 2023 20:11:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 2d93c76f-ce9f-453b-bc10-98d5bb79119e
x-iinfo: 13-11053967-11053971 PNYN RT(1683144707468 5252) q(0 0 0 -1) r(4 4) U6
x-envoy-upstream-service-time: 4
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: dabf89c3-32fa-4a63-b795-9166575cffad
server: cloudflare
x-trace: 2BF3EC196D9B31818DE567AEC7705B8993280860DB000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RTYBXiS8yYnxeCsB3vZsGQfCw%2FrS42Qp9%2Bj1%2BdeKeG5h7cmxb6q6ZHtxgGjKYcBg7nvKt4gSxPlSZJDMaxZEdrL%2FTCzR8t5mkE0OKFQW%2Br59Ktr8zMtz7b3fUcH0%2FfA4no3sTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-evy-trace-served-by-pod: iad02/cms-sl-td/envoy-proxy-764777f889-5drb5
x-evy-trace-virtual-host: all
access-control-allow-credentials: false
cf-ray: 7c1b27dc8d3a6d7d-MUC
x-robots-tag: none

POST
H2 200 bulk Show response
metrics.api.drift.com/monitoring/metrics/event3/ Frame A0D5 25 B
107 B 120ms
119ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event3/bulk

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 03 May 2023 20:11:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: db8f0c46302842d
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 12
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

POST
H2 204 collect
region1.analytics.google.com/g/ 0
45 B 19ms
18ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-PZ3FE06790&gtm=45je3510&_p=1183655933&gcs=G111&gdid=dZTQ1Zm&cid=387688827.1683144709&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=4&sid=1683144709&sct=1&seg=0&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&dt=Royal%20Rumble%3A%20Analysis%20of%20Royal%20Ransomware&en=Demandbase_Event&ep.demandbase_audience=Bot&ep.demandbase_audience_segment=&ep.demandbase_city=Non-Company%20Visitor&ep.demandbase_company_name=Non-Company%20Visitor&ep.demandbase_country_name=Non-Company%20Visitor&ep.demandbase_employee_range=Non-Company%20Visitor&ep.demandbase_industry=Non-Company%20Visitor&ep.demandbase_revenue_range=Non-Company%20Visitor&ep.demandbase_sid=Non-Company%20Visitor&ep.demandbase_state=Non-Company%20Visitor&ep.demandbase_website=Non-Company%20Visitor&_et=612
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PZ3FE06790
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/royal-ransomware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 May 2023 20:11:55 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cybereason.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 10272547.fls.doubleclick.net
URL: https://10272547.fls.doubleclick.net/activityi;src=10272547;type=landing;cat=allsite;ord=2043388878265;gtm=45He3510;gcs=G111;auiddc=1803308819.1683144710;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis?

Domain: 10428681.fls.doubleclick.net
URL: https://10428681.fls.doubleclick.net/activityi;src=10428681;type=cyber0;cat=cyber0;ord=5113950580559;gtm=45He3510;gcs=G111;auiddc=1803308819.1683144710;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis?

Domain: t.co
URL: https://t.co/i/adsct?bci=5&eci=2&event_id=5cce4759-b619-4b99-8019-a0ea592d2dd8&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=6645ddca-29a0-4460-adf0-0e87b5e16ce9&tw_document_href=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=ny0ol&type=javascript&version=2.3.29

Domain: analytics.twitter.com
URL: https://analytics.twitter.com/i/adsct?bci=5&eci=2&event_id=5cce4759-b619-4b99-8019-a0ea592d2dd8&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=6645ddca-29a0-4460-adf0-0e87b5e16ce9&tw_document_href=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=ny0ol&type=javascript&version=2.3.29

Domain: t.co
URL: https://t.co/1/i/adsct?bci=5&eci=3&event=%7B%7D&event_id=dd8e8fa3-c834-4e8d-aa18-ee93673742e8&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=6645ddca-29a0-4460-adf0-0e87b5e16ce9&tw_document_href=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&tw_iframe_status=0&txn_id=o9na6&type=javascript&version=2.3.29

Domain: analytics.twitter.com
URL: https://analytics.twitter.com/1/i/adsct?bci=5&eci=3&event=%7B%7D&event_id=dd8e8fa3-c834-4e8d-aa18-ee93673742e8&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=6645ddca-29a0-4460-adf0-0e87b5e16ce9&tw_document_href=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&tw_iframe_status=0&txn_id=o9na6&type=javascript&version=2.3.29

Verdicts & Comments Add Verdict or Comment

139 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

51 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.cybereason.com/	1970-01-20 11:32:26	Name: __cf_bm Value: C.PIzmNkxQ33xxSDuk46yadYrspsP3pLp9bCphxeSgs-1683144708-0-AZJ3M3h+OHqcP9zVr9g6PiGhwOmV8FeITXFOhp57YiTGuANgQpryG5SR2jGoBc0B6YNBTeyPtpL2Dsn8+oaT1B8=
.www.cybereason.com/	1969-12-31 23:59:59	Name: __cfruid Value: a9668639c54d9d97003c06f2d632a32505db1dae-1683144708
.cybereason.com/	1970-01-20 20:16:42	Name: visid_incap_2710048 Value: 7xh9hAKeSV+nIOsrQbTzCwPAUmQAAAAAQUIPAAAAAACtLH3qRncj8iHlxhY36uZh
.cybereason.com/	1969-12-31 23:59:59	Name: nlbi_2710048 Value: hhy9OIecC24GaP3w2P/mMAAAAAAufvAFaI1ZomnJ2eX+ncMt
.cybereason.com/	1969-12-31 23:59:59	Name: incap_ses_727_2710048 Value: AYlUT/iGC1nIbpHNgNMWCgPAUmQAAAAAzKq4CbNVzwNdH6UdYsI2mg==
.hubspot.com/	1970-01-20 11:32:26	Name: __cf_bm Value: YxhVeQsrTpkP11FGgvTIbk66nIWJ_OFeDzUINBxTUfA-1683144709-0-AWJEtiaZiPnMQtlDC6vs7+bfx0mV0xCalZPKI4GoVgNl6aM7PMciy0gN9qGlPxlA2xrUrLgxADiaVPsxCuV15wI=
.cybereason.com/	1970-01-20 20:18:00	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Wed+May+03+2023+20%3A11%3A49+GMT%2B0000+(GMT)&version=6.38.0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Froyal-ransomware-analysis&groups=C0001%3A1%2CC0004%3A0%2CC0002%3A0%2CC0003%3A0
.cybereason.com/	1970-01-20 13:42:00	Name: _gcl_au Value: 1.1.1803308819.1683144710
.cybereason.com/	1970-01-20 21:08:24	Name: _ga Value: GA1.2.387688827.1683144709
.cybereason.com/	1970-01-20 11:33:51	Name: _gid Value: GA1.2.109901342.1683144710
.cybereason.com/	1970-01-20 11:32:24	Name: _gat Value: 1
.techtarget.com/	1970-01-20 11:32:26	Name: __cf_bm Value: vTAF386CloH1kCxrrZlJPgjeZ_OBm4KDwdLSsFs0tmE-1683144709-0-Aa2O0QpcoSWSMI3b5UUnqyV5X7/9b7MouyfnTqGbdCsuSx4rJ7wqqsRAm/bjZlFK/hM0A+Me/+STPRkiUS2f2Ao=
.cybereason.com/	1970-01-20 11:33:51	Name: _uetsid Value: bcd62e40e9ee11edae7d63b493a77d2f
.cybereason.com/	1970-01-20 20:54:00	Name: _uetvid Value: bcd66320e9ee11eda77dad02ea9c3812
.mathtag.com/	1970-01-20 20:58:19	Name: uuid Value: 857a6452-c005-4400-9d72-bc38abb888e7
www.cybereason.com/	1970-01-20 20:18:00	Name: __pdst Value: 0fb0325e0e6d46568ade1526d5b177fd
.bing.com/	1970-01-20 20:54:00	Name: MUID Value: 1E7ECCF9DB34671C053DDFFFDA346670
.doubleclick.net/	1970-01-20 20:54:00	Name: IDE Value: AHWqTUkEnGsyIDAyV_wxhlAXZz62A4HG3fVvPf0Y-u4UacIqBzmMmrTA-2toRMkg
.cybereason.com/	1970-01-20 20:18:00	Name: _hjSessionUser_704918 Value: eyJpZCI6ImE5NTYzYTUzLTRlZTgtNWQ1NC04NzY3LTVlYTc4N2UyOTkxYSIsImNyZWF0ZWQiOjE2ODMxNDQ3MDk5MTIsImV4aXN0aW5nIjpmYWxzZX0=
.cybereason.com/	1970-01-20 11:32:26	Name: _hjFirstSeen Value: 1
.cybereason.com/	1970-01-20 11:32:24	Name: _hjIncludedInSessionSample_704918 Value: 0
.cybereason.com/	1970-01-20 11:32:26	Name: _hjSession_704918 Value: eyJpZCI6IjY1NGU1NGNiLWE1MTQtNDEzOS04ZTQ3LTRjZDVlOWY4NGQzNSIsImNyZWF0ZWQiOjE2ODMxNDQ3MDk5MjUsImluU2FtcGxlIjpmYWxzZX0=
.cybereason.com/	1970-01-20 11:32:26	Name: _hjAbsoluteSessionInProgress Value: 0
www.cybereason.com/	1970-01-20 11:33:51	Name: ln_or Value: eyIzODg1OTcyLDQwMzA5MjQsNzI1OTYiOiJkIn0%3D
.ws.zoominfo.com/	1970-01-20 20:18:00	Name: visitorId Value: 2af4125fa12a705c39b42d441a2d099a56021c415a7cda247ee49305ebfbecc4
.zoominfo.com/	1970-01-20 11:32:26	Name: __cf_bm Value: 1yL.68cFSKIgp7EL5yLu06fJhcvNUf52CXkj3WudPos-1683144710-0-AW9UF2j5q2w3w++mXv6S23najOTzbT3hBYfUekUn/DpCOfBXh/PD7RCGVExUto0q6j8Flkj9IttM+xugSbPaHaE=
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: pPYCjwd6ewo_uojNwKHONMO9z_mYsskRvG0uTSFNZzA-1683144710003-0-604800000
.company-target.com/	1970-01-20 21:08:24	Name: tuuid Value: fb5dfaa2-f826-4695-a216-47686b466d60
.company-target.com/	1970-01-20 21:08:24	Name: tuuid_lu Value: 1683144709\|ix:0\|mctv:0\|rp:0
.linkedin.com/	1970-01-20 12:15:36	Name: UserMatchHistory Value: AQIEngB3YTAK1gAAAYfjPhc_mJSxVRdL3gD9EqvIB_lhpCxq6GJqt4_gfTH6oE6v1Ya19lPiXSIFsw
.linkedin.com/	1970-01-20 12:15:36	Name: AnalyticsSyncHistory Value: AQLaIzI0YkI4uQAAAYfjPhc_e6Q1Q_K6c9i3qU4LQnBhJKLD5rcbg4Ah0M2jALD2jeKifQGMMzucgZDkAaexLw
.linkedin.com/	1970-01-20 20:18:00	Name: bcookie Value: "v=2&5a3a444c-7fd8-4108-86d6-0e73d0c6ca6e"
.linkedin.com/	1970-01-20 11:33:51	Name: lidc Value: "b=OGST02:s=O:r=O:a=O:p=O:g=2928:u=1:x=1:i=1683144709:t=1683231109:v=2:sig=AQF4JysvblhjeC0PaIR22Mmbzu6oCvap"
.mathtag.com/	1970-01-20 12:15:36	Name: mt_misc Value: mt_bt:1
.cybereason.com/	1970-01-20 21:08:24	Name: _ga_PZ3FE06790 Value: GS1.1.1683144709.1.0.1683144710.59.0.0
.casalemedia.com/	1970-01-20 20:18:00	Name: CMID Value: ZFLABtobD2GIXxxuL.5BtgAA
.casalemedia.com/	1970-01-20 13:42:00	Name: CMPS Value: 3198
.casalemedia.com/	1970-01-20 13:42:00	Name: CMPRO Value: 3198
.linkedin.com/	1970-01-20 15:51:36	Name: li_gc Value: MTswOzE2ODMxNDQ3MTA7MjswMjH8XbA31jQAH/yvp6IsuHEZR2MPmZvc58l6e9RHJWvxvg==
.www.linkedin.com/	1970-01-20 20:18:00	Name: bscookie Value: "v=1&20230503201150ece800f6-196b-45cc-863b-83000cd0353cAQGSAgGOE8e83kKgWBStDSQ-_MXWNuCM"
.tremorhub.com/	1970-01-20 20:18:21	Name: tvid Value: de25b88576214c85972df2cbbc57e643
.tremorhub.com/	1970-01-20 21:08:24	Name: tv_UIDM Value: fb5dfaa2-f826-4695-a216-47686b466d60
www.cybereason.com/	1970-01-20 11:32:26	Name: drift_campaign_refresh Value: c1445723-a110-419b-b9c9-de09fb58af72
.cybereason.com/	1970-01-20 15:51:36	Name: __hstc Value: 85683782.c04627fe8188fd433d2ca2527c704228.1683144710685.1683144710685.1683144710685.1
.cybereason.com/	1970-01-20 15:51:36	Name: hubspotutk Value: c04627fe8188fd433d2ca2527c704228
.cybereason.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.cybereason.com/	1970-01-20 11:32:26	Name: __hssc Value: 85683782.1.1683144710685
dpx.airpr.com/	1970-01-20 11:32:25	Name: an_airpr_recent_visit Value: 1
.adnxs.com/	1970-01-20 13:42:00	Name: uuid2 Value: 8777140370465426193
www.cybereason.com/	1970-01-20 21:08:24	Name: drift_aid Value: 3f62e285-5883-49c3-a8b9-f1f6f9338f33
www.cybereason.com/	1970-01-20 21:08:24	Name: driftt_aid Value: 3f62e285-5883-49c3-a8b9-f1f6f9338f33

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://id.rlcdn.com/464526.gif Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	deny

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10272547.fls.doubleclick.net
10428681.fls.doubleclick.net
ajax.googleapis.com
analytics.twitter.com
api.company-target.com
app.hubspot.com
bat.bing.com
bootstrap.api.drift.com
cdn.cookielaw.org
cdn.linkedin.oribi.io
cdn.pdst.fm
cdn2.hubspot.net
cdnjs.cloudflare.com
connect.facebook.net
customer.api.drift.com
dpx.airpr.com
driftt.imgix.net
dsum-sec.casalemedia.com
event.api.drift.com
fast.wistia.com
flow.api.drift.com
fonts.googleapis.com
fonts.gstatic.com
forms.hubspot.com
geolocation.onetrust.com
googleads.g.doubleclick.net
ibc-flow.techtarget.com
id.rlcdn.com
js.driftt.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsleadflows.net
metrics.api.drift.com
p.typekit.net
partners.tremorhub.com
pixel.mathtag.com
pixel.rubiconproject.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px.airpr.com
px4.ads.linkedin.com
region1.analytics.google.com
region1.google-analytics.com
s.company-target.com
script.hotjar.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
syndication.twitter.com
t.co
tag.demandbase.com
targeting.api.drift.com
track.hubspot.com
trk.techtarget.com
us-central1-adaptive-growth.cloudfunctions.net
use.typekit.net
ws.zoominfo.com
www.cybereason.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
10272547.fls.doubleclick.net
10428681.fls.doubleclick.net
analytics.twitter.com
t.co
104.244.42.136
108.138.7.8
13.107.42.14
13.32.27.69
146.75.116.157
18.66.112.118
18.66.97.49
18.66.97.57
185.80.39.216
185.89.210.180
2.18.233.201
2001:4860:4802:32::36
2001:4860:4802:36::36
2600:1f18:612b:4232:ccf8:7954:61b3:e7d6
2600:9000:20eb:fc00:2:53b2:240:93a1
2606:4700:4400::6812:2b9e
2606:4700::6810:650c
2606:4700::6810:8bce
2606:4700::6811:180e
2606:4700::6811:826e
2606:4700::6812:18c4
2606:4700::6812:883b
2606:4700::6812:ccc9
2606:4700::6812:d9f
2606:4700::6813:9a53
2606:4700::6813:9b53
2606:4700::6813:bc61
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:806::2003
2a00:1450:4001:80e::2003
2a00:1450:4001:811::2002
2a00:1450:4001:812::200e
2a00:1450:4001:829::200a
2a00:1450:4001:830::2004
2a00:1450:4001:830::2008
2a00:1450:4001:830::200a
2a00:1450:400c:c0b::9b
2a02:26f0:3500:16::215:148d
2a02:26f0:3500:16::215:148f
2a02:26f0:3500:16::215:1495
2a03:2880:f01c:8012:face:b00c:0:3
2a04:4e42:200::622
2a04:4e42:8e::720
34.111.208.231
34.96.71.22
35.156.172.173
35.244.142.80
35.244.174.68
45.60.64.106
52.222.236.122
54.147.21.139
69.173.144.165
01376f897e5bf0d6aa4de42e5ea04a97467218a38ef5c9e80573699abded0eca
047d14c117d25e9e0a1a2ba3f4aa23a602d417fc7402294e484d20b19140ecf1
06294245f12818c2d04b2a9f1e1d9d5cadd44667f565cdc6f51c83aaf4dfef28
08ae602f78ab228a4d85085457280a7a9ac60b2c516e4bbe0304968a3b39ac8b
0b281bf2f4179c06ba68f0a427f2341287c41eacc2ce9d534c6f5c513ac633fb
0b454edb897d49bf8a73b07627b670a55f0972988094770495a308e5a5e39d1b
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0c07bf805e857013386ec7ea2d26911aed5c827ee90e71a94188553c6d8ef337
0d1860f248ba17416772d30bab9ae2b2542c4a1f94b9a22957e43ed23fcefaa2
0e38365e416ab6d7967b10fd966b661477d270f50041f0a2552263aa3fb71d3b
0f94c946a13b9ebe43281550b7d0c00edf4694ad06bcb4c8679bee6d48df5115
119bf322a2ce6d2a82422b51404bc54b375c881f12a120205598d1691fa48820
120def079fc4e239098c571e178a9a1b73746f05c6f65a97cd7291b8c13aa401
12127e3110351f54262db955bafe353593dd58c89c7f6b6fc159c10515e93c61
130688f16399fc1980b2900037a220bc182f4b0c320621dc7d70ec721514765e
14e4d1596c6b58896dfce1fc1ec45372bab4d2259ba82828fa3f96cc4f859fc4
16287ef8f3ffc83998985a3db0881e70bb724e48bbb8508795d1bfe7921e2fef
17770d05051a8a4f270ba5bdf049b90cc166ac42bd4513f419308a5804d7a161
178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795
17a31aae550a664382ab9d8085efc03a10a4548985f33ac4e5a533d5ab5e9339
18c545256f2217ee841db63336dddc318198118b706001a05985fc1f9efc6551
18e4e8c5d3c06e0e08460836160288c2a9bfbd6b4b1ede2c3970becee357955f
1ef8b59b832109ecbec2f9ed52e8073e2ab73862fa5e6697e1fe05d1c8358a02
257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4
266d85b7ad351501b8651b0e659d6d74fbe07085d3226cd3f7601f6522fbdf97
2693e158a319fe2c6576e7fdd76ad78ca5e0235cce4418503e5fee2e7426b2d0
277725f80d5c0175c2a996fe1eea07395b87ec1bd0496353409e99e96024816e
28816769ece0ee343025ff388216c645e175c92cce4db6bd812a321b1ad345c6
2a3b923fdb316cd5c440894dbb11a730871fae112ce929602357b872fc9955d5
2aff416ebc64b78c9a8db2771b586167845b362ff431e1ba4257d4e68946fd44
2b14e8397d552f351a4396dec25ec5da1348865683100e94c4ab0faea4a9a254
2ba7f20b1d8990e17a47fe3d88e4c766628aaa2baf1dd30fca0a0db59836f5f9
2ca281bdcd543e2e3559e6505c323c8d64df73f2a594a043780df3007e16d161
2d2c4912162eaa41299aaf5063ecb92a26d76071fe6d1f77742b32c833daab99
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f0d919e1a2e5ebe53b9d0d84a34125d8edcd865b2f27cd44ddd30b7f7e9b7b9
2ff2b9a5434137bda235f2847f5939dcd06977e5437ae82bfa197e00faabc6a9
302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4
3169ab3142fbf3ecf7eee1b5682a4556ed8a3d4ba940befa71c31b5a43991d92
38b5fa249791d286db654d516dfb6173cc332a8d725c41b58d08c642b26bc641
392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b
3a9e725bae41656623ccda8be25cbdd295ee1c73c8d3016023549a83c261a3ab
3d7d0d63194f8f4d3a2ef0847df18aa1ecc078ce2845024b7797870ca7991e80
3ef64e4a0001cd55211fff6bd306290f29c7482a6006d070ee21e52484b7ef22
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf
42b2b9d16fbf8d3c6be72420699360790966e58fe30d8794fd90a71c8aef122d
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4a5fe314e9e087136d7a69df2a5e30cdf87a9f9799a9bdd94b5dcbf2eba3b1e5
4eda4b5575532ad6a713d3d9bbcde581c519d9b8d0202363925ddc80049eed6d
529b9c583e6cf8da02c9cadf8c38b5714198f0fde2dcde01da2d5ee681228738
560abbd7d0555a1eaf630c3487f47ffdc097772b00227e5bfcb85aafcdcb3491
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
599dd661a1d9e0af96d614fab0ea7396bf06de4265029166a265c2b10cc1a1b0
5c8d63abd4075c4ebd692fbd02e35fb72950f214a6486607c1819d4279ad526f
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f
627391144119ed1cf55d977137c1ec023e2bbe01b691a928e6256ab63708ce4f
63ebb6a79c80af87ee400c639c1d203249db156b970705e93077cefa895f913d
65a47caa5183b035bf78d0f93adbe5cea500333410259c54abf2de356740df7e
65a923b747d84787bc4e01270fa29f4314d3d36df432cd3eb801c30f8adfd466
66ba9d76c09ad6dd52135d52c368f6d87ac40b5b4ce418e41a105fb221c7e470
674492bb351bc3c8328b014f9ad016d26361a9da7599de0f0af8dfdbb7b99d48
6bb88418db9a97af411cf0c0263ad03068aeeef2cfcb7675f707c690ab85fcf5
6df4a478f4138e69cf13c80011208eaa9356a1a4c3d416ae7010a04beb8f08a7
7239304bfda1edbdc25f38e13e0c6ed0c40c2aa7bf88e95b9fc8f17ba36a8253
72493a3f42ed0260f03b6ffd3ea131be38a1070845bfae24927f643a3fcf3255
72fe18777ebf37b44d58c82be9b67edceefb88c2c6984c614c72991d6e3b8853
7616b033adbe366f235d70696b659f554051c0e578508896aab0ff5b169491db
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7b5973abd43dd394b2c537ea13659e89608ec51b3c231d9e2d1e2facea81cb45
7c4cddc44e59d49ccbfdaf1b57cca9884b74ee1710671c7d9fa974e3fae6f507
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
7cb58278c8f54a62c0afa6da0c67b3a45aad637a0bf614e9c0dd42b73cee266b
8062b928d1d1fa09dd25a507677b992f5ef61e3ddd3743330b0e3fc2de74f81f
81c836c05ab1f2d37b7aa60d509a656c7a441e2a4fabf035c1b0666a4daa50fa
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83611ba6d05b168984207c7de4c1250357b9f2c8bd27c925dbe454580f553fb5
84b968b853c9239a3ac226c3548f5deeedc6667f4f1287ff89f6130acfc01c07
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
875f8e591b4fbc6567e2b33553bea9ca2d0e18593bd857783a569fe7bf4ba097
8989f87b90cacdbca5875bdfbed7dd3c3f2acee982b9353c04d86e8c123906c0
8d2ac98905612a732e98a0f57b7a72f8ddb8e3700f59ee0dca28f8535d4ba0fa
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8f657cd3617d00d51bbc4dee693b71bde939c80310034a8d82641804d4eb7e16
927b457d66e9bd6e989e851006b4f3f9b6f7ca3aecb8d95434c3d91a3fe71c39
94703eb3b87075caab95ff0cfc7db39b256a86f2981a81f5d31945424ed0c587
95245f488fc923a05392ac8ca5985ac00d44b0603ba7b987d103475181268d88
958a03c833d9116f7ab9a5ee503f7b0360b9291b268bfb77128a8f0e19238613
97835f51936631312648ce4198cd92c85beae9e09e3cdaff439c57ffccc5c5d5
9967a27efc89a8cefe9665100ec51cded3a8c89f95cdca1285bfce207666cd11
99985c50b5c9c935c272df6687cc04da7fa72a790343424fce7c361a4b26c8f9
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
9c15091763db95921143569394192f41a23238617ab6a318090645cd2291439e
9cec59b071d9d61e74c42ac4db8d2815aaace7e51983afe2481c14b97f332258
9d88866c6295ffc0cadaa1ccb951367e196737a413482176d5787b70aae04ef0
9d943fe5fde08d5b742d383b625031f75e3e89035369f2cde2778f4c6cf5c119
9e1cde8163009973e673686a5ad8f79bc91d114d04f1b306547010a84db5b933
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f
a30badc76ee6b46edaf9bf58b7ca82eaeac7f8f1fd8447e7b853ad86fa796854
a3986521f7e895cf3175098026f4471920366f5b3d3d1d0299a3c710a779e2ae
a4803d7bdeb478a5b9238fe74d8aaa98dafe2e8e68fccbd0e3f4dced823f27f0
a6728e3326fe3805e12f697731cbc97f2a5b773533c1cb4be0c56da998a94db6
abb03b2160dd9f75fa8eb557ca242d7cd93f159d53708c58f4d2887bd4f05ead
ac8b5b9335dd32b274d2711eebaf848eba7cc3e3b3cfc84dfc25e840b072c334
ae3f6024712196dff7272f57c522e4048826b484f7336a97cc3e7f6f00d2d443
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b48f9a7031474a0f73f92f2e6cbbfad730b5466cda96d86a4459c06efc986173
b6c9f9a48bd0a163671773a199c876dc64d66947d47ac509c95e29177046c9a3
b7c5d1d3e03d31b9b450c0aac2972f3aef995be2a69ec5ecfa6200c4a321ef40
bb5107eeaea15d6a902d81f5fbe8c897acfc20693378ae598718b7b28a2a9bcf
bba4d9f81ffc79a81be2bbd64d9e5cff58f12fb91daa1cb82db64afd48568aa8
bc0ffd42c2af4f77699a5ff36ec5468938cffa30b9bd27dd59730d78c450a79a
c0c36470d3b6f534495768bdd7ed92dbb0d6d8d1f3b7b69adba7153b68b90f35
c2b7a45d31339f18ed57fd095feca4da1b3fbab75a5afbc053957f6e8e1613a2
c31a94a2a97f5b5fe19d6d4081c9c66400d9483fc65d62d4ef8ca83b5c2fb57a
c39ff1c764099cb118dfa6d18a0e6d31dad39c7748bceb7625878847f5ba8e3b
c3d9e935d7a7c80ab14a7bcf7d39b20a0155f5de73d2cd953a7981ccabb25e64
c6b2815294e64eb3d9e30955673ae3b60a486ae5b7dfcc7e48c0e2a4fe7301de
c8c302716cf94980a0d77e614d9fb6c430f166b5ef7c42b7c382771955e52ba6
c9130ee8c979a74ab038cf5e8a06db5cb94253eab35ea5242f515d605f4781ad
c96b2cd5b57e02ce65ab0a787a6c8ea69efbf424064e15500691847cd879e8ca
cb8d40d1eb7e2dc885affcf0012d9e1a73c270d843e8b890d36538e52d0a0342
cba8e827aa41d50aa3d9c800a287328e1b994bb507055c32a500b3f79397340b
cdeb836f7f77cd2174fa0bb4aa3825963aa64faf657a24f988b82f1c4d28ce69
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42
d3ed94b69049a6046b0472b87a4d1be0a1c9482c9edc3793bf72714c82c7ce0c
d49cad6ca0bfed928157530516a0bd7401a16b4f1153e98b5d9cb7885caa4b13
d641c13a78017e11f15b152b78082bcd0cf474766f13ba649bfa6378d956c492
d82231820461c83d1b0966caae71bd2732bd89e9a910fdb90d193c3dca16dbc7
d82ed8b4da48af2de1835bae3947405cdeb6fee6c561602dcaa1186a337058d4
d8d41783702d7bb7a7a9c548b151903859eb90a32d29eeaa3487a7937611a27f
db07a04add516c031623e008da211da3fd5e7c9817592e296a04e011733df1ae
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
dd8ce52adc4b0ab60f82c29ba12f25e2f6446245fc8c0b5f4bd6dab3146f9ef7
e18234d885ed9a551c15b4a6db8a66f519058a512c928a61e22c9d479203feb5
e2a0c716824375ab3b6ba3d71119d6ea8658ec6d3afbe6efa8e49b07cc1e858b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba
e732af923d9d5d156f2191b7bcc178a1e6e9aa1fdfcfd18bdb4a8f2a50ee7eb9
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
e806ffbc50a4eff3c4316b490ced202d54a67009817f089484260286082364ce
e8e658c81a7ff92a6e0f9049ee3a8fc42082e8303abb6ed44c73361259cbdbae
e90344957225c9e0caa52e2591fd6066740e0650bc100c422435762160fb2e33
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
ec547a2f9fde5ce8e398da2810828ba3c30c641ce2761f5bf915225efb35f919
eec5c0b7f3736c064a5c93fb61f419fe7d3f7c1815c81004312fd349fd43be2c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efe5742eb3f854188a51fb0aeb62d132dc70f0b5504843886c446bdd3ea5f1bb
f12285b24f42a85dce2b8d8a05e7badb1ca05e34eabf96b9bff5965f9ce189b3
f24560f5b81158a42b8d38ffe5795d9959eb2308ee6780ea912a6594bb999d1e
f3342c52eee43a2ea931cae2ee2d6d9a2939432ffcb03bb4f2983ac7e49b26cc
f3f2822ba3d24c1f7f53bff8959801c644b2c1c556eb8c15ca36a86717f1ae7d
f46108976666130f89c43a82ee045f7a3afb264494060ef6b3d9eb6589e49d16
f51e2d6cfecd6d29839d2adf631d99965731eda893acb74e71646b6e4eec9df1
f533e083f3d896349ecf4b75a3b17a2e5155b309318af9dc44965ce50c66a1dd
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
f64368e7be69abe40585911860d83acfa8b14179d3008b2594166ae4c10ec0fd
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b
f9db6465a204cc4186368b72a0ba4f063e64569aa4fc96e0f40c7ac69423121b
fafbdcf0b23118feba3708d9b64058e2acce3976ecd57bd8a49d747ff22529da
fbeb296c1ecc216a17bda77bf65e833cc0410cfbe1908e121f7a4549cc390675
fcba0ef5c17fd435aaa6cfac66375e7bfae52f5116b7a6e126c8b0f38b841613
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
fd6c0f5026c29648ab8887658f23e6c57faedfe7f9d85e702823ae5dfcbdc8f0
fe9ce59aa6f3f2c6d0be658bec3e8515959f544fed27adc4506480cb9ead5157
feff03ca165d052833b3a4dd4913360784cfd4db4f9a9c8bcf63430158fd83e5
fffcc021124d70080ddd0c52562645c46e03ff39c924ced85c1bfd62cb8b8767

www.cybereason.com Open in urlscan Pro 45.60.64.106 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

251 Requests

95 %HTTPS

62 %IPv6

44 Domains

67 Subdomains

52 IPs

4 Countries

5293 kBTransfer

11441 kBSize

51 Cookies

36 Outgoing links

Redirected requests

251 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.cybereason.com Open in urlscan Pro
45.60.64.106 Public Scan

Screenshot
Live screenshot

Full Image

251
Requests

95 %
HTTPS

62 %
IPv6

44
Domains

67
Subdomains

52
IPs

4
Countries

5293 kB
Transfer

11441 kB
Size

51
Cookies

251 HTTP transactions
1 data transactions