www.sentinelone.com Open in urlscan Pro
104.26.2.18 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/
Submission Tags: falconsandbox
Submission: On January 09 via api (January 9th 2023, 10:31:11 pm UTC) from US — Scanned from DE

Summary HTTP 138 Redirects Links 45 Behaviour Indicators

Summary

This website contacted 49 IPs in 7 countries across 38 domains to perform 138 HTTP transactions. The main IP is 104.26.2.18, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.sentinelone.com. The Cisco Umbrella rank of the primary domain is 490580.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 9th 2022. Valid for: a year.

This is the only time www.sentinelone.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
26 29	104.26.2.18 104.26.2.18	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2606:4700::68... 2606:4700::6810:9540	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
2 38	2620:12a:8001::2 2620:12a:8001::2	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:400d:806::200a	15169 (GOOGLE) (GOOGLE)
1 1	104.76.151.226 104.76.151.226	16625 (AKAMAI-AS) (AKAMAI-AS)
7	104.17.70.206 104.17.70.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:1b55	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:11a... 2a02:26f0:11a::217:9a4a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400d:802::2002	15169 (GOOGLE) (GOOGLE)
1	99.86.240.71 99.86.240.71	16509 (AMAZON-02) (AMAZON-02)
1	199.232.16.157 199.232.16.157	54113 (FASTLY) (FASTLY)
1 2	142.250.186.134 142.250.186.134	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	151.101.0.65 151.101.0.65	54113 (FASTLY) (FASTLY)
2	23.45.104.85 23.45.104.85	16625 (AKAMAI-AS) (AKAMAI-AS)
1	65.9.66.114 65.9.66.114	16509 (AMAZON-02) (AMAZON-02)
1	162.159.152.17 162.159.152.17	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:9000:223... 2600:9000:223d:d200:11:8a36:7200:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2600:9000:206... 2600:9000:206f:d800:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	18.214.27.153 18.214.27.153	14618 (AMAZON-AES) (AMAZON-AES)
6 9	34.243.222.134 34.243.222.134	16509 (AMAZON-02) (AMAZON-02)
1	143.204.215.116 143.204.215.116	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
2	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
2	2a00:1450:400... 2a00:1450:400d:80c::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
1	18.171.23.207 18.171.23.207	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1 2	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
1 3	185.89.211.84 185.89.211.84	29990 (ASN-APPNEX) (ASN-APPNEX)
2	3.217.136.129 3.217.136.129	14618 (AMAZON-AES) (AMAZON-AES)
1	52.84.106.37 52.84.106.37	16509 (AMAZON-02) (AMAZON-02)
9	184.30.220.95 184.30.220.95	16625 (AKAMAI-AS) (AKAMAI-AS)
1	143.204.215.65 143.204.215.65	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:11a... 2a02:26f0:11a:39e::1c91	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	54.78.116.173 54.78.116.173	16509 (AMAZON-02) (AMAZON-02)
2	52.59.125.199 52.59.125.199	16509 (AMAZON-02) (AMAZON-02)
5	151.101.66.137 151.101.66.137	54113 (FASTLY) (FASTLY)
1	162.247.241.14 162.247.241.14	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
138	49

29 104.26.2.18 (United States) 26 redirects

ASN13335 (CLOUDFLARENET, US)

www.sentinelone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6810:9540 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 2620:12a:8001::2 (United States) 2 redirects

ASN54113 (FASTLY, US)

de.sentinelone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:806::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.76.151.226 (Vienna, Austria) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-76-151-226.deploy.static.akamaitechnologies.com

cloud.typography.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.17.70.206 (None, )

ASN13335 (CLOUDFLARENET, US)

go.sentinelone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1b55 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:11a::217:9a4a (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:802::2002 (Ireland)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.240.71 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-240-71.vie50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.16.157 (Vienna, Austria)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.134 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f6.1e100.net

10466992.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.0.65 (United States)

ASN54113 (FASTLY, US)

tag.marinsm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.45.104.85 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-104-85.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.66.114 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-114.fra56.r.cloudfront.net

munchkin.brightfunnel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.159.152.17 (None, )

ASN13335 (CLOUDFLARENET, US)

a.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223d:d200:11:8a36:7200:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.abrankings.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:206f:d800:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.214.27.153 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-214-27-153.compute-1.amazonaws.com

q.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 34.243.222.134 (Dublin, Ireland) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-243-222-134.eu-west-1.compute.amazonaws.com

pixel-geo.prfct.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.215.116 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-116.fra53.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:80c::2004 (Ireland)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

327-mnm-087.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.171.23.207 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-171-23-207.eu-west-2.compute.amazonaws.com

ga.clearbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.56.137 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.2 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.89.211.84 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.217.136.129 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-217-136-129.compute-1.amazonaws.com

api.rebrandly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.84.106.37 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-84-106-37.bud50.r.cloudfront.net

api.brightfunnel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 184.30.220.95 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-220-95.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.215.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-65.fra53.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:11a:39e::1c91 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.78.116.173 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-78-116-173.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.59.125.199 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-125-199.eu-central-1.compute.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.66.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.241.14 (Lake Oswego, United States)

ASN23467 (NEWRELIC-AS-1, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
74	sentinelone.com 28 redirects www.sentinelone.com — Cisco Umbrella Rank: 490580 de.sentinelone.com go.sentinelone.com	1 MB
10	6sc.co j.6sc.co — Cisco Umbrella Rank: 13944 c.6sc.co — Cisco Umbrella Rank: 18647 ipv6.6sc.co — Cisco Umbrella Rank: 14890 b.6sc.co — Cisco Umbrella Rank: 8973	14 KB
9	prfct.co 6 redirects pixel-geo.prfct.co — Cisco Umbrella Rank: 24400	4 KB
7	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 682	115 KB
5	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 818	15 KB
5	doubleclick.net 2 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 64 10466992.fls.doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 179 cm.g.doubleclick.net — Cisco Umbrella Rank: 321	4 KB
5	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2124 www.google-analytics.com — Cisco Umbrella Rank: 103	66 KB
5	gstatic.com fonts.gstatic.com	93 KB
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 840 www.linkedin.com — Cisco Umbrella Rank: 712 px4.ads.linkedin.com — Cisco Umbrella Rank: 7528	3 KB
4	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 1787	751 B
4	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 877 script.hotjar.com — Cisco Umbrella Rank: 1181 vars.hotjar.com — Cisco Umbrella Rank: 1235 in.hotjar.com — Cisco Umbrella Rank: 2246	73 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 123	308 KB
3	adnxs.com 1 redirects secure.adnxs.com — Cisco Umbrella Rank: 670	3 KB
3	google.de www.google.de — Cisco Umbrella Rank: 3658 adservice.google.de — Cisco Umbrella Rank: 5450	1 KB
3	google.com www.google.com — Cisco Umbrella Rank: 16 adservice.google.com — Cisco Umbrella Rank: 142	1 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 619	12 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 19108	592 B
2	rebrandly.com api.rebrandly.com	629 B
2	yahoo.com 1 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 405	490 B
2	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 981	630 B
2	abrankings.com cdn.abrankings.com — Cisco Umbrella Rank: 90241	8 KB
2	quora.com a.quora.com — Cisco Umbrella Rank: 10771 q.quora.com — Cisco Umbrella Rank: 4965	15 KB
2	brightfunnel.com munchkin.brightfunnel.com — Cisco Umbrella Rank: 81803 api.brightfunnel.com — Cisco Umbrella Rank: 100057	7 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 6632	7 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1579	5 KB
1	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 473	518 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 452	239 B
1	openx.net us-u.openx.net — Cisco Umbrella Rank: 698	273 B
1	clearbit.com ga.clearbit.com — Cisco Umbrella Rank: 103149	1 KB
1	mktoresp.com 327-mnm-087.mktoresp.com	318 B
1	t.co t.co — Cisco Umbrella Rank: 633	378 B
1	marinsm.com tag.marinsm.com — Cisco Umbrella Rank: 55638	4 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1013	15 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 1036	316 B
1	typography.com 1 redirects cloud.typography.com — Cisco Umbrella Rank: 10144	446 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 127	1 KB
1	googleoptimize.com www.googleoptimize.com — Cisco Umbrella Rank: 1311	44 KB
0	onesignal.com Failed cdn.onesignal.com Failed
138	38

	Domain	Requested by
38	de.sentinelone.com	2 redirects www.sentinelone.com de.sentinelone.com
29	www.sentinelone.com	26 redirects www.sentinelone.com
9	pixel-geo.prfct.co	6 redirects www.sentinelone.com
7	b.6sc.co	www.sentinelone.com
7	go.sentinelone.com	www.sentinelone.com go.sentinelone.com
7	cdn.cookielaw.org	www.sentinelone.com cdn.cookielaw.org
5	js-agent.newrelic.com	www.sentinelone.com
5	fonts.gstatic.com	fonts.googleapis.com
4	cdn.linkedin.oribi.io	snap.licdn.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.sentinelone.com
4	www.googletagmanager.com	www.sentinelone.com www.googleoptimize.com www.googletagmanager.com
3	secure.adnxs.com	1 redirects www.sentinelone.com munchkin.brightfunnel.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.sentinelone.com
2	epsilon.6sense.com	munchkin.brightfunnel.com
2	api.rebrandly.com	www.sentinelone.com
2	ups.analytics.yahoo.com	1 redirects www.sentinelone.com
2	www.google.de	www.sentinelone.com
2	www.google.com	www.sentinelone.com
2	analytics.twitter.com	www.sentinelone.com
2	px.ads.linkedin.com	2 redirects
2	cdn.abrankings.com	www.googletagmanager.com munchkin.brightfunnel.com
2	munchkin.marketo.net	www.sentinelone.com munchkin.marketo.net
2	10466992.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	snap.licdn.com	www.sentinelone.com snap.licdn.com
1	bam.nr-data.net	js-agent.newrelic.com
1	in.hotjar.com	munchkin.brightfunnel.com
1	ipv6.6sc.co	munchkin.brightfunnel.com
1	c.6sc.co	munchkin.brightfunnel.com
1	vars.hotjar.com	static.hotjar.com
1	j.6sc.co	www.sentinelone.com
1	api.brightfunnel.com	munchkin.brightfunnel.com
1	cm.g.doubleclick.net	1 redirects
1	pixel.rubiconproject.com	www.sentinelone.com
1	us-u.openx.net	www.sentinelone.com
1	adservice.google.de	adservice.google.com
1	ga.clearbit.com	www.googletagmanager.com
1	327-mnm-087.mktoresp.com	munchkin.marketo.net
1	adservice.google.com	10466992.fls.doubleclick.net
1	stats.g.doubleclick.net	www.google-analytics.com
1	t.co	www.sentinelone.com
1	script.hotjar.com	static.hotjar.com
1	q.quora.com	www.sentinelone.com
1	px4.ads.linkedin.com	www.sentinelone.com
1	www.linkedin.com	1 redirects
1	a.quora.com	www.sentinelone.com
1	munchkin.brightfunnel.com	www.sentinelone.com
1	tag.marinsm.com	www.sentinelone.com
1	static.ads-twitter.com	www.googletagmanager.com
1	static.hotjar.com	www.googletagmanager.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	region1.google-analytics.com	www.googletagmanager.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	cloud.typography.com	1 redirects
1	fonts.googleapis.com	www.sentinelone.com
1	www.googleoptimize.com	www.sentinelone.com
0	cdn.onesignal.com Failed	www.sentinelone.com
138	56

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.linkedin.com
jp.sentinelone.com
de.sentinelone.com
es.sentinelone.com
fr.sentinelone.com
it.sentinelone.com
nl.sentinelone.com
kr.sentinelone.com
assets.sentinelone.com
research.nccgroup.com
www.trendmicro.com
docs.microsoft.com
upx.github.io
malpedia.caad.fkie.fraunhofer.de
www.mandiant.com
www.accenture.com
www.facebook.com
reddit.com
github.com
cookiepedia.co.uk
www.onetrust.com

Subject Issuer	Validity	Valid
sentinelone.com Cloudflare Inc ECC CA-3	`2022-05-09` - `2023-05-09`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2022-05-01` - `2023-05-01`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
go.sentinelone.com Cloudflare Inc ECC CA-3	`2022-05-22` - `2023-05-22`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-12-13` - `2023-12-13`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
ar.sentinelone.com R3	`2022-12-07` - `2023-03-07`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.hotjar.com Amazon	`2022-10-25` - `2023-11-23`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2022-11-25` - `2023-05-25`	6 months	crt.sh
tag.marinsm.com GlobalSign Atlas R3 DV TLS CA 2022 Q3	`2022-09-27` - `2023-10-29`	a year	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2022-02-06` - `2023-02-07`	a year	crt.sh
*.brightfunnel.com Amazon	`2022-02-13` - `2023-03-14`	a year	crt.sh
quora.com R3	`2022-11-13` - `2023-02-11`	3 months	crt.sh
cdn.abrankings.com Amazon	`2022-04-18` - `2023-05-17`	a year	crt.sh
linkedin.oribi.io Amazon	`2022-07-07` - `2023-08-06`	a year	crt.sh
*.quora.com R3	`2022-12-25` - `2023-03-25`	3 months	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-05` - `2023-11-05`	a year	crt.sh
clearbit.com Amazon RSA 2048 M01	`2022-10-18` - `2023-11-16`	a year	crt.sh
*.prfct.co GlobalSign RSA OV SSL CA 2018	`2022-10-28` - `2023-11-29`	a year	crt.sh
*.rebrandly.com Go Daddy Secure Certificate Authority - G2	`2022-05-11` - `2023-06-12`	a year	crt.sh
*.6sc.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-08` - `2023-03-11`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.6sense.com Amazon	`2022-05-31` - `2023-06-29`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2022 Q2	`2022-07-10` - `2023-08-11`	a year	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-10` - `2023-02-10`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/
Frame ID: 8AA905D061A87A318926C625949576DF
Requests: 140 HTTP requests in this frame

Frame: https://10466992.fls.doubleclick.net/activityi;dc_pre=CJzSz5TFu_wCFYFJkQUdOqwAUg;src=10466992;type=sitew0;cat=sitew0;ord=5730340928924;gtm=2wg120;auiddc=1028553306.1673303464;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F;~oref=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F
Frame ID: 4BED499A51EBC25934323C5DFF6CCBDF
Requests: 1 HTTP requests in this frame

Frame: https://go.sentinelone.com/index.php/form/XDFrame
Frame ID: 62765FD6B3F9A5C5E4818CAB99391766
Requests: 2 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CJzSz5TFu_wCFYFJkQUdOqwAUg;src=10466992;type=sitew0;cat=sitew0;ord=5730340928924;gtm=2wg120;auiddc=1028553306.1673303464;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F;~oref=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F
Frame ID: 100AE0A561D23B8148CD92E3AC5F50EC
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=CJzSz5TFu_wCFYFJkQUdOqwAUg;src=10466992;type=sitew0;cat=sitew0;ord=5730340928924;gtm=2wg120;auiddc=1028553306.1673303464;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F;~oref=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F
Frame ID: 07D7382AD278AEC0186AAFB7211065D9
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-5e66f98b4ee957db209dc6f63e3d59dd.html
Frame ID: 7AB3A13026A15E6497F5CA594769783E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor - SentinelOneBack ButtonSearch IconFilter Icon

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Clipboard.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

clipboard(?:-([\d.]+))?(?:\.min)?\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Optimize (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

googleoptimize\.com/optimize\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

138
Requests

72 %
HTTPS

39 %
IPv6

38
Domains

56
Subdomains

49
IPs

7
Countries

1968 kB
Transfer

4805 kB
Size

46
Cookies

45 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/LabsSentinel

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/sentinelone

Search URL Search Domain Scan URL

URL: https://jp.sentinelone.com//
Title: 日本語

Search URL Search Domain Scan URL

URL: https://de.sentinelone.com//
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://es.sentinelone.com//
Title: Español

Search URL Search Domain Scan URL

URL: https://fr.sentinelone.com//
Title: Français

Search URL Search Domain Scan URL

URL: https://it.sentinelone.com//
Title: Italiano

Search URL Search Domain Scan URL

URL: https://nl.sentinelone.com//
Title: Dutch

Search URL Search Domain Scan URL

URL: https://kr.sentinelone.com//
Title: 한국어

Search URL Search Domain Scan URL

URL: https://assets.sentinelone.com/sentinellabs22/SentinelLabs-BlackBasta?lb-mode=overlay
Title: Read the Full Report

Search URL Search Domain Scan URL

URL: https://research.nccgroup.com/2022/06/06/shining-the-light-on-black-basta/
Title: other researchers

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/en_us/research/22/f/black-basta-ransomware-operators-expand-their-attack-arsenal-wit.html
Title: spider.dll

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware
Title: official documentation

Search URL Search Domain Scan URL

URL: https://upx.github.io/
Title: UPX

Search URL Search Domain Scan URL

URL: https://malpedia.caad.fkie.fraunhofer.de/details/win.socksbot
Title: SocksBot

Search URL Search Domain Scan URL

URL: https://www.mandiant.com/resources/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation
Title: FIN7

Search URL Search Domain Scan URL

URL: https://www.accenture.com/t00010101T000000Z__w__/gb-en/_acnmedia/PDF-83/Accenture-Goldfin-Security-Alert.pdf
Title: group

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://s1.ai/wRFwRR

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://s1.ai/wRFwRR&text=Black%20Basta%20Ransomware%20%7C%20Attacks%20Deploy%20Custom%20EDR%20Evasion%20Tools%20Tied%20to%20FIN7%20Threat%20Actor

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://s1.ai/wRFwRR

Search URL Search Domain Scan URL

URL: https://reddit.com/submit?url=https://s1.ai/wRFwRR

Search URL Search Domain Scan URL

URL: https://github.com/antonioCoco

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/antonio-cocomazzi/

Search URL Search Domain Scan URL

URL: https://twitter.com/splinter_code

Search URL Search Domain Scan URL

URL: https://twitter.com/milenkowski
Title: @milenkowski

Search URL Search Domain Scan URL

URL: https://twitter.com/search?q=backdoor
Title: #backdoor

Search URL Search Domain Scan URL

URL: https://twitter.com/search?q=Metador
Title: #Metador

Search URL Search Domain Scan URL

URL: https://twitter.com/search?q=threat
Title: #threat

Search URL Search Domain Scan URL

URL: https://twitter.com/search?q=encryption
Title: #encryption

Search URL Search Domain Scan URL

URL: https://twitter.com/LabsSentinel/statuses/1598885902306004993
Title: 37 days ago

Search URL Search Domain Scan URL

URL: https://twitter.com/philofishal
Title: @philofishal

Search URL Search Domain Scan URL

URL: https://twitter.com/search?q=IronTiger
Title: #IronTiger

Search URL Search Domain Scan URL

URL: https://twitter.com/search?q=SysJoker
Title: #SysJoker

Search URL Search Domain Scan URL

URL: https://twitter.com/search?q=apple
Title: #apple

Search URL Search Domain Scan URL

URL: https://twitter.com/search?q=macos
Title: #macos

Search URL Search Domain Scan URL

URL: https://twitter.com/search?q=malware
Title: #malware

Search URL Search Domain Scan URL

URL: https://twitter.com/LabsSentinel/statuses/1601976965375741952
Title: 29 days ago

Search URL Search Domain Scan URL

URL: https://twitter.com/search?q=macOS
Title: #macOS

Search URL Search Domain Scan URL

URL: https://twitter.com/search?q=mac
Title: #mac

Search URL Search Domain Scan URL

URL: https://twitter.com/search?q=secur
Title: #secur

Search URL Search Domain Scan URL

URL: https://twitter.com/LabsSentinel/statuses/1601976902746796032
Title: 29 days ago

Search URL Search Domain Scan URL

URL: https://twitter.com/search?q=CrateDepression
Title: #CrateDepression

Search URL Search Domain Scan URL

URL: https://twitter.com/LabsSentinel/statuses/1601976874044780544
Title: 29 days ago

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://www.sentinelone.com/wp-includes/css/classic-themes.min.css?ver=1 HTTP 302
https://de.sentinelone.com/wp-includes/css/classic-themes.min.css?ver=1

Request Chain 3

https://www.sentinelone.com/wp-content/plugins/recent-tweets-widget/tp_twitter_plugin.css?ver=1.0 HTTP 302
https://de.sentinelone.com/wp-content/plugins/recent-tweets-widget/tp_twitter_plugin.css?ver=1.0

Request Chain 5

https://cloud.typography.com/7197018/6979812/css/fonts.css HTTP 302
https://www.sentinelone.com/fonts/804059/2EC96BA1F5C4837D6.css HTTP 302
https://de.sentinelone.com/fonts/804059/2EC96BA1F5C4837D6.css

Request Chain 6

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308 HTTP 302
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308

Request Chain 7

https://www.sentinelone.com/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=310158bdd1af84d475fdfad436b9d61d HTTP 302
https://de.sentinelone.com/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=310158bdd1af84d475fdfad436b9d61d

Request Chain 8

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/jquery-3.5.1.min.js HTTP 302
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/jquery-3.5.1.min.js

Request Chain 10

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/header.min.js?ver=1673301309 HTTP 302
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/header.min.js?ver=1673301309

Request Chain 12

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon-white.svg HTTP 302
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon-white.svg

Request Chain 13

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon.svg HTTP 302
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon.svg

Request Chain 14

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close.svg HTTP 302
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close.svg

Request Chain 15

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close-dark.svg HTTP 302
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close-dark.svg

Request Chain 16

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/img/SentinelLabs_Logo_RGB_WhitePurp.png HTTP 302
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/img/SentinelLabs_Logo_RGB_WhitePurp.png

Request Chain 17

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-arrow-left.svg HTTP 302
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-arrow-left.svg

Request Chain 18

https://www.sentinelone.com/wp-content/uploads/2022/11/Black-Basta-Feature.jpg HTTP 302
https://de.sentinelone.com/wp-content/uploads/2022/11/Black-Basta-Feature.jpg

Request Chain 19

https://www.sentinelone.com/wp-content/uploads/2022/11/BlackBasta_FIN7_4.jpg HTTP 302
https://de.sentinelone.com/wp-content/uploads/2022/11/BlackBasta_FIN7_4.jpg

Request Chain 21

https://www.sentinelone.com/wp-content/uploads/2022/12/Custom-Branded-Ransomware-The-Vice-Society-Group-and-the-Threat-of-Outsourced-Development-3-300x157.jpg HTTP 302
https://de.sentinelone.com/wp-content/uploads/2022/12/Custom-Branded-Ransomware-The-Vice-Society-Group-and-the-Threat-of-Outsourced-Development-3-300x157.jpg

Request Chain 22

https://www.sentinelone.com/wp-content/uploads/2022/11/SocGholish-Diversifies-and-Expands-Its-Malware-Staging-Infrastructure-To-Counter-Defenders-2-300x157.jpg HTTP 302
https://de.sentinelone.com/wp-content/uploads/2022/11/SocGholish-Diversifies-and-Expands-Its-Malware-Staging-Infrastructure-To-Counter-Defenders-2-300x157.jpg

Request Chain 23

https://www.sentinelone.com/wp-content/uploads/2022/09/Intermittent-Encryption-For-Speed-and-Evasion-on-the-Rise-A-Trending-Feature-on-the-Ransomware-Scene-By-Aleksandar-Milenkoski-Jim-Walter-5-300x157.jpg HTTP 302
https://de.sentinelone.com/wp-content/uploads/2022/09/Intermittent-Encryption-For-Speed-and-Evasion-on-the-Rise-A-Trending-Feature-on-the-Ransomware-Scene-By-Aleksandar-Milenkoski-Jim-Walter-5-300x157.jpg

Request Chain 24

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/testimonial_icon_close.svg HTTP 302
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/testimonial_icon_close.svg

Request Chain 25

https://www.sentinelone.com/wp-includes/js/clipboard.min.js?ver=2.0.11 HTTP 302
https://de.sentinelone.com/wp-includes/js/clipboard.min.js?ver=2.0.11

Request Chain 26

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/footer.min.js?ver=1673301309 HTTP 302
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/footer.min.js?ver=1673301309

Request Chain 44

https://www.sentinelone.com/wp-content/uploads/2022/11/BlackBasta_FIN7_6.jpg HTTP 302
https://de.sentinelone.com/wp-content/uploads/2022/11/BlackBasta_FIN7_6.jpg

Request Chain 45

https://www.sentinelone.com/wp-content/uploads/2022/11/BlackBasta_FIN7_1.jpg HTTP 302
https://de.sentinelone.com/wp-content/uploads/2022/11/BlackBasta_FIN7_1.jpg

Request Chain 53

https://www.sentinelone.com/wp-content/uploads/2023/01/InkySquid-The-Missing-Arsenal-1-150x150.jpg HTTP 302
https://de.sentinelone.com/wp-content/uploads/2023/01/InkySquid-The-Missing-Arsenal-1-150x150.jpg

Request Chain 54

https://www.sentinelone.com/wp-content/uploads/2022/12/Breaking-Firmware-Trust-From-The-Other-Side-Exploiting-Early-Boot-Phases-Pre-EFI-1-150x150.jpg HTTP 302
https://de.sentinelone.com/wp-content/uploads/2022/12/Breaking-Firmware-Trust-From-The-Other-Side-Exploiting-Early-Boot-Phases-Pre-EFI-1-150x150.jpg

Request Chain 55

https://www.sentinelone.com/wp-content/uploads/2022/12/Custom-Branded-Ransomware-The-Vice-Society-Group-and-the-Threat-of-Outsourced-Development-3-150x150.jpg HTTP 302
https://de.sentinelone.com/wp-content/uploads/2022/12/Custom-Branded-Ransomware-The-Vice-Society-Group-and-the-Threat-of-Outsourced-Development-3-150x150.jpg

Request Chain 59

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-twitter-white.svg; HTTP 301
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-twitter-white.svg

Request Chain 60

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-linkedin-white.svg; HTTP 301
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-linkedin-white.svg

Request Chain 78

https://10466992.fls.doubleclick.net/activityi;src=10466992;type=sitew0;cat=sitew0;ord=5730340928924;gtm=2wg120;auiddc=1028553306.1673303464;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F;~oref=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F HTTP 302
https://10466992.fls.doubleclick.net/activityi;dc_pre=CJzSz5TFu_wCFYFJkQUdOqwAUg;src=10466992;type=sitew0;cat=sitew0;ord=5730340928924;gtm=2wg120;auiddc=1028553306.1673303464;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F;~oref=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F

Request Chain 91

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=432890&time=1673303464043&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D432890%26time%3D1673303464043%26url%3Dhttps%253A%252F%252Fwww.sentinelone.com%252Flabs%252Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=432890&time=1673303464043&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=432890&time=1673303464043&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&liSync=true&e_ipv6=AQKljZn1KXnKKAAAAYWYqJpqi3dM-WfHb9WUJ3n2xP4jFV3FxSP2ZUVzn_x3XlchrXOOeO2FSb7Aow

Request Chain 97

https://pixel-geo.prfct.co/tagjs?a_id=56252&source=js_tag HTTP 302
https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=56252&source=js_tag

Request Chain 113

https://pixel-geo.prfct.co/cs/?partnerId=twtr HTTP 302
https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_aEyzvAyEtf32tPa1t

Request Chain 114

https://pixel-geo.prfct.co/cs/?partnerId=yah HTTP 302
https://ups.analytics.yahoo.com/ups/58288/sync?uid=pa_aEyzvAyEtf32tPa1t&_origin=1 HTTP 302
https://ups.analytics.yahoo.com/ups/58288/sync?uid=pa_aEyzvAyEtf32tPa1t&_origin=1&verify=true

Request Chain 115

https://pixel-geo.prfct.co/cs/?partnerId=opx HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537114372&val=pa_aEyzvAyEtf32tPa1t

Request Chain 116

https://pixel-geo.prfct.co/cs/?partnerId=rbcn HTTP 302
https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_aEyzvAyEtf32tPa1t

Request Chain 117

https://pixel-geo.prfct.co/cs/?partnerId=goo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=nowspots_bidder&google_hm=cGFfYUV5enZBeUV0ZjMydFBhMXQ HTTP 302
https://pixel-geo.prfct.co/cb?partnerId=goo

Request Chain 119

https://secure.adnxs.com/seg?t=2&add=4530935 HTTP 307
https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D4530935

138 HTTP transactions
12 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/ 104 KB
33 KB 1218ms
1182ms Document
text/html 104.26.2.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.2.18 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3168426c11618154286c149c3fd10842ec5785c180c193de80b2fcece300eddb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://sentinelone.lookbookhq.com https://sentinelone.lookbookhq.com http://sentinelone.pathfactory.com https://sentinelone.pathfactory.com http://assets.sentinelone.com https://assets.sentinelone.com https://app.scalyr.com https://app.eu.scalyr.com localhost;
Strict-Transport-Security	max-age=15768000;, max-age=300
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=60
cf-cache-status: EXPIRED
cf-ray: 78709ee379129b61-FRA
content-encoding: br
content-security-policy: frame-ancestors 'self' http://sentinelone.lookbookhq.com https://sentinelone.lookbookhq.com http://sentinelone.pathfactory.com https://sentinelone.pathfactory.com http://assets.sentinelone.com https://assets.sentinelone.com https://app.scalyr.com https://app.eu.scalyr.com localhost;
content-type: text/html; charset=UTF-8
date: Mon, 09 Jan 2023 22:31:01 GMT
expect-ct: enforce; max-age=2592000;
last-modified: Mon, 09 Jan 2023 10:18:22 GMT
link: <https://www.sentinelone.com/wp-json/>; rel="https://api.w.org/", <https://www.sentinelone.com/wp-json/wp/v2/labs/72977>; rel="alternate"; type="application/json", <https://www.sentinelone.com/?p=72977>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tqs6V0wSl5c0EWusRmBPQB5sHqvD0EZq%2BxsnVumw%2B3lM7jmbVYCd3phPDZnmsiyAbWvmpx%2FWBXpay2sFWTGHDttjG05G0rHgG6CZseLMwHyRi0YcsTZaORwXEBxctEUHIth7MnU%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15768000;, max-age=300
vary: Accept-Encoding, Cookie, Cookie
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-pantheon-styx-hostname: styx-fe2-b-7b54449884-tqg8g
x-served-by: cache-chi-kigq8000103-CHI, cache-fra-eddf8230081-FRA
x-styx-req-id: 4b75545b-906d-11ed-8dac-aaa440d8a5d4
x-timer: S1673303461.953942,VS0,VE612
x-xss-protection: 1; mode=block

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 24 KB
8 KB 44ms
27ms Script
application/javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d277a90920d78efa3d6e473d67240beb26100591c7b02a34bd444aa78ee5d5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 09 Jan 2023 22:31:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: WdCEPqU1pnnoNr/cT9hHyQ==
age: 69043
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 8053
x-ms-lease-status: unlocked
last-modified: Fri, 06 Jan 2023 16:07:56 GMT
server: cloudflare
etag: 0x8DAF0002C908A6C
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 98f26f26-d01e-013d-372c-222b95000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 78709eeb38342c33-FRA

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 111 KB
44 KB 72ms
23ms Script
application/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=OPT-W2VRGSJ

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7a03a996827ae51fa30beda81cc22982256a33bb38cbe949f4ccb19748c2b942

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:01 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44581
x-xss-protection: 0
last-modified: Mon, 09 Jan 2023 22:09:32 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 09 Jan 2023 22:31:01 GMT

GET
H2

200

classic-themes.min.css
de.sentinelone.com/wp-includes/css/
Redirect Chain

https://www.sentinelone.com/wp-includes/css/classic-themes.min.css?ver=1
https://de.sentinelone.com/wp-includes/css/classic-themes.min.css?ver=1

217 B
574 B

1271ms
754ms

Stylesheet
text/css

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://de.sentinelone.com/wp-includes/css/classic-themes.min.css?ver=1

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 10 Jan 2024 21:58:01 GMT
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Mon, 09 Jan 2023 22:31:02 GMT
age: 1982
x-cache: HIT, MISS
x-pantheon-styx-hostname: styx-fe2-b-7b54449884-tqg8g
content-length: 189
x-served-by: cache-chi-kigq8000179-CHI, cache-maa10228-MAA
last-modified: Mon, 09 Jan 2023 21:55:10 GMT
server: nginx
x-timer: S1673303462.333428,VS0,VE503
etag: W/"63bc8d3e-d9"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: af634ff4-9068-11ed-8dac-aaa440d8a5d4
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 4, 0

Redirect headers

date: Mon, 09 Jan 2023 22:31:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z3RLUOJZ2Gx0ykxYVJVlbfM0Qxa9O41V2X5vxuy9UIzrgMjd7kI1SaBv92CwHzPRdbhFcseFuZoBwKt2zo4IY95C%2BsNnFl9bls526BoIElsBbYHYNjqF2eHExjBDZp1OGSaNN0M%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-includes/css/classic-themes.min.css?ver=1
cf-ray: 78709eeb0cc69b61-FRA
content-length: 0

GET
H2

200

tp_twitter_plugin.css
de.sentinelone.com/wp-content/plugins/recent-tweets-widget/
Redirect Chain

https://www.sentinelone.com/wp-content/plugins/recent-tweets-widget/tp_twitter_plugin.css?ver=1.0
https://de.sentinelone.com/wp-content/plugins/recent-tweets-widget/tp_twitter_plugin.css?ver=1.0

529 B
451 B

1264ms
758ms

Stylesheet
text/css

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://de.sentinelone.com/wp-content/plugins/recent-tweets-widget/tp_twitter_plugin.css?ver=1.0

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3109fef8b2a9ab71fca698483d2bae36d8fed772517c259dacce872e739bb690

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 10 Jan 2024 21:58:01 GMT
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Mon, 09 Jan 2023 22:31:02 GMT
age: 1982
x-cache: HIT, MISS
x-pantheon-styx-hostname: styx-fe2-a-cf859446b-ktg57
content-length: 286
x-served-by: cache-chi-klot8100145-CHI, cache-maa10228-MAA
last-modified: Mon, 09 Jan 2023 21:55:07 GMT
server: nginx
x-timer: S1673303462.333772,VS0,VE505
etag: W/"63bc8d3b-211"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: af6526f2-9068-11ed-a60c-82a8695d64be
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 4, 0

Redirect headers

date: Mon, 09 Jan 2023 22:31:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wzeGRHOHVs7t1UUB7NJcK5KvQqkLP%2F5hY5%2FGmrQpmsvJl44GNeqmul1yXLUs5nOQ0CAw%2FN4DcIK4CUjR2Ly%2FIV89JVstO4PHeJ1edCEm2aaKh3ZAYuaRF47DTWqVGHskarJli7U%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/plugins/recent-tweets-widget/tp_twitter_plugin.css?ver=1.0
cf-ray: 78709eeb0cc79b61-FRA
content-length: 0

GET
H2 200 css
fonts.googleapis.com/ 11 KB
1 KB 131ms
51ms Stylesheet
text/css 2a00:1450:400d:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=IBM+Plex+Sans:300,300i,400,400i,700,700i

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

72b8e81a5582a445d21a0399e1dd970cdd496eeb8482223acccffc3e27773221

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 09 Jan 2023 22:31:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 09 Jan 2023 22:31:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 09 Jan 2023 22:31:01 GMT

GET
H2

200

2EC96BA1F5C4837D6.css
de.sentinelone.com/fonts/804059/
Redirect Chain

https://cloud.typography.com/7197018/6979812/css/fonts.css
https://www.sentinelone.com/fonts/804059/2EC96BA1F5C4837D6.css
https://de.sentinelone.com/fonts/804059/2EC96BA1F5C4837D6.css

104 KB
80 KB

563ms
563ms

Stylesheet
text/css

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://de.sentinelone.com/fonts/804059/2EC96BA1F5C4837D6.css

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

ba0429c39149c85d1a9b6d03e40a59de57367d1fd22bbab68bee7e0b17c05f2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 10 Jan 2024 22:04:07 GMT
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Mon, 09 Jan 2023 22:31:03 GMT
age: 1616
x-cache: HIT, MISS
x-pantheon-styx-hostname: styx-fe2-a-cf859446b-gk4ch
content-length: 81369
x-served-by: cache-chi-kigq8000044-CHI, cache-maa10228-MAA
last-modified: Mon, 09 Jan 2023 21:55:06 GMT
server: nginx
x-timer: S1673303463.778875,VS0,VE243
etag: W/"63bc8d3a-1a12c"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 897bf4d8-9069-11ed-ac83-3e540027c9d7
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 2, 0

Redirect headers

date: Mon, 09 Jan 2023 22:31:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T4Q%2BEwMPT7uOZ6eEdQ5SRvHuaKheOpTV1h8Dgz8mp%2FY8Z0H39wL%2B6dehEPAjCXeCBB6as7En0M%2BhCwNg4cAe0K8U5GdngBT9m1VsriD00q1w0s3XGvUvFB0GC9nyB9uWIcfKxPI%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/fonts/804059/2EC96BA1F5C4837D6.css
cf-ray: 78709ef10dd19b61-FRA
content-length: 0

GET
H2

200

style.min.css
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/
Redirect Chain

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308

740 KB
118 KB

1271ms
760ms

Stylesheet
text/css

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

6b51a1a094b7dcbf4845a48d1353a9efdae95922cc8c000c7c66e152d5082399

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 10 Jan 2024 22:05:57 GMT
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Mon, 09 Jan 2023 22:31:02 GMT
age: 1506
x-cache: HIT, MISS
x-pantheon-styx-hostname: styx-fe2-b-7b54449884-pnklk
content-length: 120438
x-served-by: cache-chi-klot8100087-CHI, cache-maa10228-MAA
last-modified: Mon, 09 Jan 2023 21:55:08 GMT
server: nginx
x-timer: S1673303462.333786,VS0,VE507
etag: W/"63bc8d3c-b9096"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: cb05e6be-9069-11ed-ad91-1afd55f6a034
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 3, 0

Redirect headers

date: Mon, 09 Jan 2023 22:31:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JDnmnUAMwqQfpw3fSTHl%2BdfQZBlyPNep2odno4bnRt7Qr3A2Q7LGQjfXswc3T03aDtKL2IYJ%2BjzEv7GSFI1Te1vYdzMqozTqdNAgSYqgST%2ByBTl%2BE6Ej2uzQdgzdpIHDoT5xAcY%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308
cf-ray: 78709eeb0cc89b61-FRA
content-length: 0

GET
H2

200

wpp.min.js Show response
de.sentinelone.com/wp-content/plugins/wordpress-popular-posts/assets/js/
Redirect Chain

https://www.sentinelone.com/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=310158bdd1af84d475fdfad436b9d61d
https://de.sentinelone.com/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=310158bdd1af84d475fdfad436b9d61d

3 KB
2 KB

1273ms
756ms

Script
application/x-javascript

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://de.sentinelone.com/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=310158bdd1af84d475fdfad436b9d61d

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

9a3d1f5824ad4bd991a67acab64088920e43d25545ca6b4cb78736dc35b696a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 10 Jan 2024 21:58:01 GMT
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Mon, 09 Jan 2023 22:31:02 GMT
age: 1981
x-cache: HIT, MISS
x-pantheon-styx-hostname: styx-fe2-a-cf859446b-9fs28
content-length: 1423
x-served-by: cache-chi-klot8100021-CHI, cache-maa10228-MAA
last-modified: Mon, 09 Jan 2023 21:55:07 GMT
server: nginx
x-timer: S1673303462.333725,VS0,VE503
etag: W/"63bc8d3b-bd7"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: af66c297-9068-11ed-9a48-160f20372db7
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 4, 0

Redirect headers

date: Mon, 09 Jan 2023 22:31:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6LcrmTm1L%2BApK45CjX9QdG9FgkQ0PLBoHXgXqTlfMvv7UvwS2bqWc4px4WjTC2Fptp9rvZmNATWYbsUpIIsH7JQ3N8KRkHC7JXLsEb7v7UEUFfqIkSTWDtmVwITuuCBfUsW8Fok%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=310158bdd1af84d475fdfad436b9d61d
cf-ray: 78709eeb0cc99b61-FRA
content-length: 0

GET
H2

200

jquery-3.5.1.min.js Show response
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/
Redirect Chain

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/jquery-3.5.1.min.js
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/jquery-3.5.1.min.js

87 KB
36 KB

1514ms
1008ms

Script
application/x-javascript

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/jquery-3.5.1.min.js

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 10 Jan 2024 21:58:01 GMT
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Mon, 09 Jan 2023 22:31:02 GMT
age: 1981
x-cache: HIT, MISS
x-pantheon-styx-hostname: styx-fe2-b-7b54449884-vrgr5
content-length: 36067
x-served-by: cache-chi-kigq8000120-CHI, cache-maa10228-MAA
last-modified: Mon, 09 Jan 2023 21:55:08 GMT
server: nginx
x-timer: S1673303462.333755,VS0,VE530
etag: W/"63bc8d3c-15d84"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: af692d48-9068-11ed-b2ac-426a1a3dbfaf
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 5, 0

Redirect headers

date: Mon, 09 Jan 2023 22:31:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qJPE42K%2FpCiqmWa2wjs%2F38kGed21S9oZasHXuU96sYtMWBmRDMiDQAXJUVLKKQY7u5k%2B5zaDpabNgDNM%2Ff6VD3%2Bhvc8afCZeChUhRGlhG2xZ7NtTO%2ByM%2FpvndJYoPz2VXnztuxU%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/jquery-3.5.1.min.js
cf-ray: 78709eeb0ccc9b61-FRA
content-length: 0

GET
H2 200 forms2.min.js Show response
go.sentinelone.com/js/forms2/js/ 208 KB
69 KB 374ms
113ms Script
application/x-javascript 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/js/forms2/js/forms2.min.js

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Tue, 04 Oct 2022 18:03:49 GMT
server: cloudflare
etag: "16c02fe-33e51-5ea394834ab40"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 78709eecaea19a0c-FRA
expires: Tue, 10 Jan 2023 02:31:01 GMT

GET
H2

200

header.min.js Show response
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/
Redirect Chain

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/header.min.js?ver=1673301309
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/header.min.js?ver=1673301309

158 KB
50 KB

1523ms
1008ms

Script
application/x-javascript

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/header.min.js?ver=1673301309

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

ed65a2ee564a45f9542821212c663182e3832ac3483e597aa67388e9b48fb52d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 10 Jan 2024 21:58:01 GMT
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Mon, 09 Jan 2023 22:31:02 GMT
age: 1981
x-cache: HIT, MISS
x-pantheon-styx-hostname: styx-fe2-a-cf859446b-ktg57
content-length: 50693
x-served-by: cache-chi-klot8100112-CHI, cache-maa10228-MAA
last-modified: Mon, 09 Jan 2023 21:55:09 GMT
server: nginx
x-timer: S1673303462.333738,VS0,VE549
etag: W/"63bc8d3d-27878"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: af67597a-9068-11ed-a60c-82a8695d64be
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 6, 0

Redirect headers

date: Mon, 09 Jan 2023 22:31:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v41p8UgtsVQrRTRac47KXtwKmbqEmxujU1KYi0GiKYrnZcfID8Fd6opFoD79ZTu5kdUS7ekDVkPs4JvnYqldki%2FVwYjQQ%2FkY9Jg5NMxlnwRVe4k9fhWMwOzQJfPPXe2K0gnZKaY%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/header.min.js?ver=1673301309
cf-ray: 78709eeb0ccd9b61-FRA
content-length: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 219 KB
77 KB 87ms
49ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-KJPGLC9EVP

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bf2bfa6f48358382c7eb5c52079df532bae3d1d041cefe81530ddc9a4ec5eb29

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 78663
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 09 Jan 2023 22:31:03 GMT

GET
H2

200

search-icon-white.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/
Redirect Chain

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon-white.svg
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon-white.svg

681 B
578 B

487ms
487ms

Image
image/svg+xml

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon-white.svg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5466092ef0deb16007dc2e8e61eb345b380ab6663bd3ef41808ffb7360abd61a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 10 Jan 2024 21:58:01 GMT
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Mon, 09 Jan 2023 22:31:04 GMT
age: 1983
x-cache: HIT, MISS
x-pantheon-styx-hostname: styx-fe2-a-cf859446b-cg5nm
content-length: 385
x-served-by: cache-chi-kigq8000120-CHI, cache-maa10228-MAA
last-modified: Mon, 09 Jan 2023 21:55:09 GMT
server: nginx
x-timer: S1673303464.988045,VS0,VE236
etag: W/"63bc8d3d-2a9"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: af82b801-9068-11ed-a449-b6138f069fe8
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 3, 0

Redirect headers

date: Mon, 09 Jan 2023 22:31:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hVgULQvA2h%2BPhWQoaC%2BDIf2ZsT8SkbLWm61a0zI1VdhXbjh7rAm51OSL1AeGf3kdDvE59FrvLbz1LAfCv7RkPrHbuf9CdYMmQnU%2B1Q%2BWQ7E%2Flfd0a%2BNRW%2FAvVPSzkRVEivf8bkE%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon-white.svg
cf-ray: 78709ef889109b61-FRA
content-length: 0

GET
H2

200

search-icon.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/
Redirect Chain

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon.svg
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon.svg

681 B
566 B

495ms
495ms

Image
image/svg+xml

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon.svg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

516cbc569d4e8f15ac7917f186a911d85fd0aaca2d0ca074a6583e95486af856

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 10 Jan 2024 21:58:01 GMT
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Mon, 09 Jan 2023 22:31:04 GMT
age: 1983
x-cache: HIT, MISS
x-pantheon-styx-hostname: styx-fe2-b-7b54449884-4zmls
content-length: 385
x-served-by: cache-chi-klot8100085-CHI, cache-maa10228-MAA
last-modified: Mon, 09 Jan 2023 21:55:09 GMT
server: nginx
x-timer: S1673303464.984301,VS0,VE245
etag: W/"63bc8d3d-2a9"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: af8c6b62-9068-11ed-82ab-161480ee7ce8
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 4, 0

Redirect headers

date: Mon, 09 Jan 2023 22:31:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YuhfpvXKGt0VLiV37SnrxNaxKwBnmzfO31FYXKJbWRBNJKMNZhLhE466iwK24uki2iBOupCEes%2FeslogCKTEKm6JO6XZIKegc4K%2BFXuvO6Jyl3cS3wZUOQq%2FKVdMWLPH3nukVUw%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon.svg
cf-ray: 78709ef889119b61-FRA
content-length: 0

GET
H2

200

navigation-close.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/
Redirect Chain

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close.svg
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close.svg

667 B
631 B

682ms
682ms

Image
image/svg+xml

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close.svg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

dd7ec90bdddc830689a2a4e0b9d3864cd99aa688309ce12c36c625bb5c154398

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 10 Jan 2024 21:58:01 GMT
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Mon, 09 Jan 2023 22:31:04 GMT
age: 1983
x-cache: HIT, MISS
x-pantheon-styx-hostname: styx-fe2-a-cf859446b-cg5nm
content-length: 339
x-served-by: cache-chi-klot8100133-CHI, cache-maa10228-MAA
last-modified: Mon, 09 Jan 2023 21:55:08 GMT
server: nginx
x-timer: S1673303464.198037,VS0,VE244
etag: W/"63bc8d3c-29b"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: af979567-9068-11ed-a449-b6138f069fe8
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 3, 0

Redirect headers

date: Mon, 09 Jan 2023 22:31:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nXSPV8zwCxjbgaROWyfJEp2kigILCQBjD33e5MkmdDosD2MX5u9%2BqGqA%2FEnUOlSkKx%2F9ZJuTQsg%2BdFPlUqXmOTcz8%2Bk7guMN9HPafJYDTaVCM2C3%2FlCXDpBmxc%2Bh8iyAd5qFr1Q%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close.svg
cf-ray: 78709ef889129b61-FRA
content-length: 0

GET
H2

200

navigation-close-dark.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/
Redirect Chain

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close-dark.svg
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close-dark.svg

667 B
570 B

493ms
492ms

Image
image/svg+xml

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close-dark.svg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

de02e745c51299417a1126c3707d033de02baef0f9be8fed07185c1a6b74eac1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 10 Jan 2024 21:58:01 GMT
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Mon, 09 Jan 2023 22:31:04 GMT
age: 1982
x-cache: HIT, MISS
x-pantheon-styx-hostname: styx-fe2-a-cf859446b-ktg57
content-length: 339
x-served-by: cache-chi-kigq8000142-CHI, cache-maa10228-MAA
last-modified: Mon, 09 Jan 2023 21:55:10 GMT
server: nginx
x-timer: S1673303464.987801,VS0,VE241
etag: W/"63bc8d3e-29b"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: afa41ad4-9068-11ed-a60c-82a8695d64be
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 4, 0

Redirect headers

date: Mon, 09 Jan 2023 22:31:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iD%2FkaKzg4WX8SMx6WyV%2FWhmt0s%2FGgChJqwXaOK5BUdyn4DjSzK%2BCS3%2Fda6Q%2FZqWCChhMPIh2aOrws1G%2FKBdZMoPCoL7LcUnP4lZYxnZKSP%2Fmk9YkMLoXXVhf%2FyRsyOIu%2BtfI6kA%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close-dark.svg
cf-ray: 78709ef889139b61-FRA
content-length: 0

GET
H2

200

SentinelLabs_Logo_RGB_WhitePurp.png
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/img/
Redirect Chain

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/img/SentinelLabs_Logo_RGB_WhitePurp.png
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/img/SentinelLabs_Logo_RGB_WhitePurp.png

5 KB
6 KB

597ms
597ms

Image
image/png

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/img/SentinelLabs_Logo_RGB_WhitePurp.png

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

72fc1a57801612f9e297e1c1954410ff840c40e713a6b4b40b2596e80338c2ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-7b54449884-wx4t7
strict-transport-security: max-age=300
date: Mon, 09 Jan 2023 22:31:04 GMT
via: 1.1 varnish, 1.1 varnish
expires: Wed, 10 Jan 2024 22:05:57 GMT
age: 1507
x-cache: HIT, MISS
content-length: 5631
x-served-by: cache-chi-klot8100088-CHI, cache-maa10228-MAA
last-modified: Mon, 09 Jan 2023 21:55:09 GMT
server: nginx
x-timer: S1673303464.198460,VS0,VE248
etag: "63bc8d3d-15ff"
content-type: image/png
x-styx-req-id: cb097bf3-9069-11ed-b027-c26287b0e544
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 2, 0

Redirect headers

date: Mon, 09 Jan 2023 22:31:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nroWJkeqkPUt0sa0B1N1WlNvCdivNstyTLdFDp%2BrmVZIRQl6SZLuqgul7EroPp9MTguhNNiIt6kBHlerdKBeFL10vsyDy0ajUCcg7iY1FMTjPTCw6LGOoGuUVseN6xZKw7bRG84%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/img/SentinelLabs_Logo_RGB_WhitePurp.png
cf-ray: 78709ef889149b61-FRA
content-length: 0

GET
H2

200

navigation-arrow-left.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/
Redirect Chain

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-arrow-left.svg
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-arrow-left.svg

566 B
580 B

686ms
685ms

Image
image/svg+xml

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-arrow-left.svg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

adedd0befd73ee02e5480f500d1c8518bc6ab5ec39f4f06024102f53e8c0a683

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 10 Jan 2024 21:58:01 GMT
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Mon, 09 Jan 2023 22:31:04 GMT
age: 1982
x-cache: HIT, MISS
x-pantheon-styx-hostname: styx-fe2-b-7b54449884-wx4t7
content-length: 326
x-served-by: cache-chi-kigq8000162-CHI, cache-maa10228-MAA
last-modified: Mon, 09 Jan 2023 21:55:09 GMT
server: nginx
x-timer: S1673303464.198055,VS0,VE245
etag: W/"63bc8d3d-236"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: afc3e30f-9068-11ed-b027-c26287b0e544
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 3, 0

Redirect headers

date: Mon, 09 Jan 2023 22:31:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m2LQIytMmt3dknOF8p8bwAM9EkEH5IVbgRQvAOjEt8yA3Baw8S8Zw1ZNNkfWZH12DOlOcvJJv6ckJvVHRlxu%2BC%2BCrMp9oX9E6W%2BGIVWCEXG78OeFDhhw5ffJTTj%2BaV6zFpbjHQw%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-arrow-left.svg
cf-ray: 78709ef889169b61-FRA
content-length: 0

GET
H2

200

Black-Basta-Feature.jpg
de.sentinelone.com/wp-content/uploads/2022/11/
Redirect Chain

https://www.sentinelone.com/wp-content/uploads/2022/11/Black-Basta-Feature.jpg
https://de.sentinelone.com/wp-content/uploads/2022/11/Black-Basta-Feature.jpg

151 KB
152 KB

566ms
566ms

Image
image/jpeg

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/uploads/2022/11/Black-Basta-Feature.jpg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

7a573e16342f6fa34d336eb60df65489d8f7761c4936384810c1eae75bca723d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-7b54449884-m5ff9
strict-transport-security: max-age=300
date: Mon, 09 Jan 2023 22:31:04 GMT
via: 1.1 varnish, 1.1 varnish
expires: Sat, 06 Jan 2024 08:34:42 GMT
age: 0
x-cache: HIT, MISS
content-length: 154951
x-served-by: cache-chi-klot8100113-CHI, cache-maa10228-MAA
last-modified: Wed, 02 Nov 2022 22:56:21 GMT
server: nginx
x-timer: S1673303464.198425,VS0,VE260
etag: "6362f595-25d47"
content-type: image/jpeg
x-styx-req-id: ccd4122c-8cd3-11ed-bd83-ae00ccc1d246
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 2, 0

Redirect headers

date: Mon, 09 Jan 2023 22:31:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1uWv0L17mBzIdzA5gcPnlQE1Ay7ByQlp0c9cFeGPQ0R1F%2BC9rvk9VzPgOVpib7E3Fv2%2Fv1y1IbbcTwgwBZPovJQpK0vFRjiZl%2FpiqkTiwjvTeGKP3sAGvnASWpUf%2FbjJ7ZahVLA%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/uploads/2022/11/Black-Basta-Feature.jpg
cf-ray: 78709ef889179b61-FRA
content-length: 0

GET
H2

200

BlackBasta_FIN7_4.jpg
de.sentinelone.com/wp-content/uploads/2022/11/
Redirect Chain

https://www.sentinelone.com/wp-content/uploads/2022/11/BlackBasta_FIN7_4.jpg
https://de.sentinelone.com/wp-content/uploads/2022/11/BlackBasta_FIN7_4.jpg

104 KB
105 KB

523ms
523ms

Image
image/jpeg

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/uploads/2022/11/BlackBasta_FIN7_4.jpg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c485fb4fc68dde813205e42fbf0aba1a9bb9986b1bcacd4b8d981df8702aa1f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-xlw6w
strict-transport-security: max-age=300
date: Mon, 09 Jan 2023 22:31:04 GMT
via: 1.1 varnish, 1.1 varnish
expires: Sun, 07 Jan 2024 01:27:41 GMT
age: 0
x-cache: HIT, MISS
content-length: 106806
x-served-by: cache-chi-kigq8000152-CHI, cache-maa10228-MAA
last-modified: Wed, 02 Nov 2022 23:09:53 GMT
server: nginx
x-timer: S1673303464.198444,VS0,VE251
etag: "6362f8c1-1a136"
content-type: image/jpeg
x-styx-req-id: 5075ef10-8d61-11ed-bf81-4ae8a6fe8aaa
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 2, 0

Redirect headers

date: Mon, 09 Jan 2023 22:31:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JhT10DoNQfUjPtgK69nJL2dIw4wt5X0D4xhC5oQHLsOPKQu3e223LREyUCe1HiTQcruPXFPlbT7Z1sARi7jnO0%2BkIS%2BB6%2FXThHPzhyp7CGLT65VpfKaVfN8%2Byat8Lf%2BxZVsMOMM%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/uploads/2022/11/BlackBasta_FIN7_4.jpg
cf-ray: 78709ef889189b61-FRA
content-length: 0

GET
H2 200 email-decode.min.js Show response
www.sentinelone.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 16ms
13ms Script
application/javascript 104.26.2.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sentinelone.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.2.18 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 05 Jan 2023 11:26:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"63b6b3d5-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e2hLxpaACfHpzio744%2FJboKocrPFz6l1OCfgW4CIHqxvrtzK2uEhVo26JGw3Xu2ZVSIMm0XtUZ37BorJIuqTIDpIhOfIC4H15w6iUUylZe4Zndx2aUABHFkYmwryr%2FuOovJTjTw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 78709ef818909b61-FRA
expires: Wed, 11 Jan 2023 22:31:03 GMT

GET
H2

200

Custom-Branded-Ransomware-The-Vice-Society-Group-and-the-Threat-of-Outsourced-Development-3-300x157.jpg
de.sentinelone.com/wp-content/uploads/2022/12/
Redirect Chain

https://www.sentinelone.com/wp-content/uploads/2022/12/Custom-Branded-Ransomware-The-Vice-Society-Group-and-the-Threat-of-Outsourced-Development-3-300x157.jpg
https://de.sentinelone.com/wp-content/uploads/2022/12/Custom-Branded-Ransomware-The-Vice-Society-Group-and-the-Threat-of-Outsourced-Development-3-300x157.jpg

12 KB
12 KB

573ms
573ms

Image
image/jpeg

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/uploads/2022/12/Custom-Branded-Ransomware-The-Vice-Society-Group-and-the-Threat-of-Outsourced-Development-3-300x157.jpg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

745e4ec5e982d8150fcfb3fe3a6d04c6e6be34c3fd5785c76ac6ae4d370736b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-7b54449884-4n5qj
strict-transport-security: max-age=300
date: Mon, 09 Jan 2023 22:31:04 GMT
via: 1.1 varnish, 1.1 varnish
expires: Fri, 05 Jan 2024 08:40:41 GMT
age: 0
x-cache: HIT, MISS
content-length: 12036
x-served-by: cache-chi-klot8100152-CHI, cache-maa10228-MAA
last-modified: Thu, 22 Dec 2022 10:05:05 GMT
server: nginx
x-timer: S1673303464.220331,VS0,VE244
etag: "63a42bd1-2f04"
content-type: image/jpeg
x-styx-req-id: 78a6e76d-8c0b-11ed-be55-fa21d3c51cb4
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 2, 0

Redirect headers

date: Mon, 09 Jan 2023 22:31:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zR7glzOo3dJGtLPfD3qi0sr0p8BS2KKzq%2B1Krq45YGLD1w4Mag1t44hr8wR7owhRlsyTqdplYqZaIcc57mDVdpxyVH5AhpIQuixIkYbBMBd39aoEXWo9hRFGTxkHmHIbMitZUaQ%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/uploads/2022/12/Custom-Branded-Ransomware-The-Vice-Society-Group-and-the-Threat-of-Outsourced-Development-3-300x157.jpg
cf-ray: 78709ef889219b61-FRA
content-length: 0

GET
H2

200

SocGholish-Diversifies-and-Expands-Its-Malware-Staging-Infrastructure-To-Counter-Defenders-2-300x157.jpg
de.sentinelone.com/wp-content/uploads/2022/11/
Redirect Chain

https://www.sentinelone.com/wp-content/uploads/2022/11/SocGholish-Diversifies-and-Expands-Its-Malware-Staging-Infrastructure-To-Counter-Defenders-2-300x157.jpg
https://de.sentinelone.com/wp-content/uploads/2022/11/SocGholish-Diversifies-and-Expands-Its-Malware-Staging-Infrastructure-To-Counter-Defenders-2-300x157.jpg

13 KB
13 KB

714ms
713ms

Image
image/jpeg

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/uploads/2022/11/SocGholish-Diversifies-and-Expands-Its-Malware-Staging-Infrastructure-To-Counter-Defenders-2-300x157.jpg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

9a5b709b5064f9f009289f9c9bc810c35502cbcc0bf41b1347599b640e8220d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-749969788b-2dkjx
strict-transport-security: max-age=300
date: Mon, 09 Jan 2023 22:31:04 GMT
via: 1.1 varnish, 1.1 varnish
expires: Mon, 04 Dec 2023 00:35:51 GMT
age: 1507
x-cache: HIT, MISS
content-length: 12942
x-served-by: cache-chi-klot8100090-CHI, cache-maa10228-MAA
last-modified: Mon, 07 Nov 2022 11:12:53 GMT
server: nginx
x-timer: S1673303464.198117,VS0,VE246
etag: "6368e835-328e"
content-type: image/jpeg
x-styx-req-id: 709994ec-72a2-11ed-bf66-aa8b1052f87a
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 2, 0

Redirect headers

date: Mon, 09 Jan 2023 22:31:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ohUNb64cFpHmeKKwkj5er9yUMZWXCMm3ivtppHrxupbcE5maathUB2fB%2B1TLiRYu%2F5PyJ9xuA92Aao80jUVi6qQ77dBQsbqhU2%2BMjZuBWvG7V6%2FKCmg1GUnMJbcgIVUGe74NNtY%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/uploads/2022/11/SocGholish-Diversifies-and-Expands-Its-Malware-Staging-Infrastructure-To-Counter-Defenders-2-300x157.jpg
cf-ray: 78709ef889239b61-FRA
content-length: 0

GET
H2

200

Intermittent-Encryption-For-Speed-and-Evasion-on-the-Rise-A-Trending-Feature-on-the-Ransomware-Scene-By-Aleksandar-Milenkoski-Jim-Walter-5-300x157.jpg
de.sentinelone.com/wp-content/uploads/2022/09/
Redirect Chain

https://www.sentinelone.com/wp-content/uploads/2022/09/Intermittent-Encryption-For-Speed-and-Evasion-on-the-Rise-A-Trending-Feature-on-the-Ransomware-Scene-By-Aleksandar-Milenkoski-Jim-Walter-5-300...
https://de.sentinelone.com/wp-content/uploads/2022/09/Intermittent-Encryption-For-Speed-and-Evasion-on-the-Rise-A-Trending-Feature-on-the-Ransomware-Scene-By-Aleksandar-Milenkoski-Jim-Walter-5-300x...

14 KB
14 KB

493ms
492ms

Image
image/jpeg

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/uploads/2022/09/Intermittent-Encryption-For-Speed-and-Evasion-on-the-Rise-A-Trending-Feature-on-the-Ransomware-Scene-By-Aleksandar-Milenkoski-Jim-Walter-5-300x157.jpg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c2ab5254855742aebaefe6be648c2b6ab7717dfe88c06daecfd7ae1980d3ce26

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-86d8b58f4d-896g4
strict-transport-security: max-age=300
date: Mon, 09 Jan 2023 22:31:04 GMT
via: 1.1 varnish, 1.1 varnish
expires: Thu, 07 Dec 2023 16:29:46 GMT
age: 1507
x-cache: HIT, HIT
content-length: 13991
x-served-by: cache-chi-klot8100161-CHI, cache-maa10228-MAA
last-modified: Thu, 08 Sep 2022 11:16:52 GMT
server: nginx
x-timer: S1673303464.988124,VS0,VE241
etag: "6319cf24-36a7"
content-type: image/jpeg
x-styx-req-id: 3221fe27-7583-11ed-b9b4-2aedfd9bf012
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 4, 1

Redirect headers

date: Mon, 09 Jan 2023 22:31:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BHJeIHmqpockIsJBoMno8GLRWdyGZQVV82lof%2B7l9IgV71nBtOmRUC%2Bk3U4zq31vGmHM2o0vApyHCVeS31DJ2qXV5xaddXfCyYtM%2BLN1xqLmW7GWGtMZryds8mJlTIlr4sQq1mU%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/uploads/2022/09/Intermittent-Encryption-For-Speed-and-Evasion-on-the-Rise-A-Trending-Feature-on-the-Ransomware-Scene-By-Aleksandar-Milenkoski-Jim-Walter-5-300x157.jpg
cf-ray: 78709ef889269b61-FRA
content-length: 0

GET
H2

200

testimonial_icon_close.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/
Redirect Chain

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/testimonial_icon_close.svg
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/testimonial_icon_close.svg

658 B
602 B

679ms
678ms

Image
image/svg+xml

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/testimonial_icon_close.svg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c66c8be72f0f2c0a85d3693ebd2e5a480c5b1d4e705c065cd7117dddfe3f6957

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 10 Jan 2024 22:04:05 GMT
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Mon, 09 Jan 2023 22:31:04 GMT
age: 1618
x-cache: HIT, MISS
x-pantheon-styx-hostname: styx-fe2-b-7b54449884-tqg8g
content-length: 334
x-served-by: cache-chi-klot8100098-CHI, cache-maa10228-MAA
last-modified: Mon, 09 Jan 2023 21:55:09 GMT
server: nginx
x-timer: S1673303464.198017,VS0,VE247
etag: W/"63bc8d3d-292"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 88bf4fec-9069-11ed-8dac-aaa440d8a5d4
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 3, 0

Redirect headers

date: Mon, 09 Jan 2023 22:31:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GdWcWK2V2CJgDYKPwBWP8ZsBChCfq5IIFll6q9MR6hJYTWgjcXn%2F33iiF8rR5YA7DcWnMZLLImx8U6eg3NCPS2BbeRdy2UUvRUQLIJ4e1O1cRTx6LXdgX7rxn4C6Nyy5dYMPBp0%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/testimonial_icon_close.svg
cf-ray: 78709ef889299b61-FRA
content-length: 0

GET
H2

200

clipboard.min.js Show response
de.sentinelone.com/wp-includes/js/
Redirect Chain

https://www.sentinelone.com/wp-includes/js/clipboard.min.js?ver=2.0.11
https://de.sentinelone.com/wp-includes/js/clipboard.min.js?ver=2.0.11

9 KB
4 KB

492ms
492ms

Script
application/x-javascript

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://de.sentinelone.com/wp-includes/js/clipboard.min.js?ver=2.0.11

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

700c8bd73d93522ca53cdc35e2a71e96caf7c344bc7a8391f3af90c10b917033

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 10 Jan 2024 22:04:05 GMT
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Mon, 09 Jan 2023 22:31:04 GMT
age: 1618
x-cache: HIT, MISS
x-pantheon-styx-hostname: styx-fe2-a-cf859446b-cg5nm
content-length: 3466
x-served-by: cache-chi-klot8100072-CHI, cache-maa10228-MAA
last-modified: Mon, 09 Jan 2023 21:55:11 GMT
server: nginx
x-timer: S1673303464.983938,VS0,VE241
etag: W/"63bc8d3f-2331"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 88c11b49-9069-11ed-a449-b6138f069fe8
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 3, 0

Redirect headers

date: Mon, 09 Jan 2023 22:31:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cey%2ByjZVPy2pCYyBAcs6nJTSa1MQarDcQbz0boLBu4M7Low91kJFJKaPf8pPb2lh74eWih5H50QRwkJz3SM%2F7Y3KJRPtfN2cx5kz3pLccKh1ZquDG8Bnkgli3eOsDDSGkxkH8RE%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-includes/js/clipboard.min.js?ver=2.0.11
cf-ray: 78709ef8890b9b61-FRA
content-length: 0

GET
H2

200

footer.min.js Show response
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/
Redirect Chain

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/footer.min.js?ver=1673301309
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/footer.min.js?ver=1673301309

116 KB
46 KB

1026ms
1026ms

Script
application/x-javascript

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/footer.min.js?ver=1673301309

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

8239c9d2df4e5e7eef079789133d9c6a158b6605664d6149551bc6e6e8547392

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 10 Jan 2024 21:55:43 GMT
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Mon, 09 Jan 2023 22:31:04 GMT
age: 1983
x-cache: HIT, MISS
x-pantheon-styx-hostname: styx-fe2-a-cf859446b-cg5nm
content-length: 46667
x-served-by: cache-chi-klot8100079-CHI, cache-maa10228-MAA
last-modified: Mon, 09 Jan 2023 21:55:09 GMT
server: nginx
x-timer: S1673303464.988217,VS0,VE772
etag: W/"63bc8d3d-1d0ca"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 5d485d82-9068-11ed-a449-b6138f069fe8
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 8, 0

Redirect headers

date: Mon, 09 Jan 2023 22:31:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kjn1nZ55Uau3%2FUtyFb%2BQuM3tNXThiAKmB59E49XJcfPL0Zvm9sFKTvLIF3NLUVReQcaJGRVu1YWHLnKKQXD9Vm3yi%2B%2FbpldEwkBRo4RyJnCWKSBv2RAkM7HauRoRoRdpTPKaFHw%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/footer.min.js?ver=1673301309
cf-ray: 78709ef8890f9b61-FRA
content-length: 0

GET OneSignalSDK.js
cdn.onesignal.com/sdks/ 0
0

GET
H2 200 02ad5672-6494-4b20-a5ae-7d131a0f4f9c.json Show response
cdn.cookielaw.org/consent/02ad5672-6494-4b20-a5ae-7d131a0f4f9c/ 4 KB
2 KB 37ms
23ms XHR
application/x-javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/02ad5672-6494-4b20-a5ae-7d131a0f4f9c/02ad5672-6494-4b20-a5ae-7d131a0f4f9c.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

95f35e1959ce4156ff0c8342109ccbf64e6bbe029221053fed01d0e54e66be92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 09 Jan 2023 22:31:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: CqPSDQgRayZT5/dw1EENjQ==
age: 20593
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1450
x-ms-lease-status: unlocked
last-modified: Fri, 10 Sep 2021 19:25:19 GMT
server: cloudflare
etag: 0x8D97490BA2F1567
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 3644ea83-d01e-0093-51e2-294ead000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 78709eeb6cf19a05-FRA
expires: Tue, 10 Jan 2023 22:31:01 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 78 B
316 B 60ms
30ms XHR
application/json 2606:4700::6812:1b55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1b55 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

792074561f2d94442c8648916f41fc6016817b61d554daa9c67301aeecca14bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.sentinelone.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 78709eebc8629b2d-FRA
access-control-allow-headers: Content-Type

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.23.0/ 312 KB
75 KB 21ms
19ms Script
application/javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99ac0e388250281fe8851ef71799b3222bab0db5612c2c17deba3962626e0ec1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 09 Jan 2023 22:31:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: joMckLq8BtEunD8NH/4XVA==
age: 69011
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 76366
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:58 GMT
server: cloudflare
etag: 0x8D96DBF6CBEE741
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 86ee2344-c01e-0100-7f6c-c49eb3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 78709ef88baf2c33-FRA

POST
H2 500 popular-posts Show response
www.sentinelone.com/wp-json/wordpress-popular-posts/v1/ 4 KB
4 KB 400ms
392ms XHR
text/html 104.26.2.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sentinelone.com/wp-json/wordpress-popular-posts/v1/popular-posts

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=310158bdd1af84d475fdfad436b9d61d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.2.18 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

30590015a27861fd93b46d6eecac613beb0d8a6570d3619fca8e1d8c9d258e45

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 09 Jan 2023 22:31:04 GMT
referrer-policy: same-origin
server: cloudflare
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 78709ef828a19b61-FRA
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 zYXgKVElMYYaJe8bpLHnCwDKhdHeFQ.woff2
fonts.gstatic.com/s/ibmplexsans/v14/ 18 KB
18 KB 82ms
25ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsans/v14/zYXgKVElMYYaJe8bpLHnCwDKhdHeFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=IBM+Plex+Sans:300,300i,400,400i,700,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fcecb97c12786d7a9387a81e74e4179790fd84425c9c75be1aec3aed645bf6e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.sentinelone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 05 Jan 2023 23:14:01 GMT
x-content-type-options: nosniff
age: 343022
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18000
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:46:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 05 Jan 2024 23:14:01 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 219 KB
77 KB 64ms
28ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-KJPGLC9EVP&l=dataLayer&cx=c

Requested by

Host: www.googleoptimize.com
URL: https://www.googleoptimize.com/optimize.js?id=OPT-W2VRGSJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

157bf3443291b2ce103e03db40917ba47696a6a5d6626df4d996d260d09eb990

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 78744
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 09 Jan 2023 22:31:03 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 410 KB
109 KB 99ms
63ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

96a1d0071b990a791f9b2e1cd7d99ca4b41d798833e98279f22e00720ce45365

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 111598
x-xss-protection: 0
last-modified: Mon, 09 Jan 2023 22:09:32 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 09 Jan 2023 22:31:03 GMT

GET
H2 200 labs-bg-light.png
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/img/ 75 KB
76 KB 544ms
544ms Image
image/png 2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/img/labs-bg-light.png

Requested by

Host: de.sentinelone.com
URL: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

9bcdb94ad74931ea092ec31ed6aa7b1d7addd5cf819e8d374cd57883db25204a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-62m64
strict-transport-security: max-age=300
date: Mon, 09 Jan 2023 22:31:04 GMT
via: 1.1 varnish, 1.1 varnish
expires: Wed, 10 Jan 2024 22:31:04 GMT
age: 0
x-cache: MISS, MISS
content-length: 77240
x-served-by: cache-chi-klot8100152-CHI, cache-maa10228-MAA
last-modified: Mon, 09 Jan 2023 21:55:08 GMT
server: nginx
x-timer: S1673303464.947458,VS0,VE287
etag: "63bc8d3c-12db8"
content-type: image/png
x-styx-req-id: 4d479472-906d-11ed-9d39-2a3f230e02dc
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 0

GET
DATA 200
OK truncated
/ 11 KB
11 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04e86fcf247e2d9809596331db17a2a0d3efe9c9bf1d8d9babd04645286ee68c

Request headers

Referer
Origin: https://www.sentinelone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f7b78ab3994d3f6de37b359cc3d243d44caca23578c342b6f3966dda1cb9fd70

Request headers

Referer
Origin: https://www.sentinelone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

GET
H2 200 user-icon.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 1 KB
1 KB 512ms
512ms Image
image/svg+xml 2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/user-icon.svg

Requested by

Host: de.sentinelone.com
URL: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

ca8e60ba9a281ae41f019d64c681ba7b523d7b9c839db4d41eb042dcbaad8b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 10 Jan 2024 22:31:04 GMT
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Mon, 09 Jan 2023 22:31:04 GMT
age: 0
x-cache: MISS, MISS
x-pantheon-styx-hostname: styx-fe2-a-cf859446b-cg5nm
content-length: 775
x-served-by: cache-chi-kigq8000178-CHI, cache-maa10228-MAA
last-modified: Mon, 09 Jan 2023 21:55:09 GMT
server: nginx
x-timer: S1673303464.956490,VS0,VE261
etag: W/"63bc8d3d-556"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 4d4931da-906d-11ed-a449-b6138f069fe8
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 0

GET
H2 200 calendar-icon.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 2 KB
1 KB 513ms
512ms Image
image/svg+xml 2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/calendar-icon.svg

Requested by

Host: de.sentinelone.com
URL: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

0cfc74f37470c666d6ac10d4d7a933b923c13b29879134c0866c7de7dcee0310

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 10 Jan 2024 22:31:04 GMT
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Mon, 09 Jan 2023 22:31:04 GMT
age: 0
x-cache: MISS, MISS
x-pantheon-styx-hostname: styx-fe2-b-7b54449884-tqg8g
content-length: 847
x-served-by: cache-chi-klot8100128-CHI, cache-maa10228-MAA
last-modified: Mon, 09 Jan 2023 21:55:09 GMT
server: nginx
x-timer: S1673303464.956583,VS0,VE262
etag: W/"63bc8d3d-7ae"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 4d495f6a-906d-11ed-8dac-aaa440d8a5d4
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 0

GET
DATA 200
OK truncated
/ 11 KB
11 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d0d937b32b0a1fa6bbdcc5389f695a36147c1b3ba869ecc507b765adf0300393

Request headers

Referer
Origin: https://www.sentinelone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

GET
H2 200 zYX9KVElMYYaJe8bpLHnCwDKjWr7AIFsdA.woff2
fonts.gstatic.com/s/ibmplexsans/v14/ 18 KB
18 KB 47ms
25ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsans/v14/zYX9KVElMYYaJe8bpLHnCwDKjWr7AIFsdA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=IBM+Plex+Sans:300,300i,400,400i,700,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ea18ca3fe3ae4d94d21bb36a2912258193fb4f257be81be3dabe0e3809a312e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.sentinelone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 03:42:19 GMT
x-content-type-options: nosniff
age: 67724
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18232
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 16:45:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Jan 2024 03:42:19 GMT

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b66e62306d1b6f738c7095c9577957ff21f80d62ed611768eee45d1cf833512c

Request headers

Referer
Origin: https://www.sentinelone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

GET
H2 200 zYX-KVElMYYaJe8bpLHnCwDKhdTuF6ZJ.woff2
fonts.gstatic.com/s/ibmplexsans/v14/ 19 KB
19 KB 46ms
35ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsans/v14/zYX-KVElMYYaJe8bpLHnCwDKhdTuF6ZJ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=IBM+Plex+Sans:300,300i,400,400i,700,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3ebf3641230e5352e553afa3f4f378f8e621017899a99d0c6de417fdeaba3958

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.sentinelone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 03 Jan 2023 18:08:51 GMT
x-content-type-options: nosniff
age: 534132
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19516
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:51:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Jan 2024 18:08:51 GMT

GET
H2

200

BlackBasta_FIN7_6.jpg
de.sentinelone.com/wp-content/uploads/2022/11/
Redirect Chain

https://www.sentinelone.com/wp-content/uploads/2022/11/BlackBasta_FIN7_6.jpg
https://de.sentinelone.com/wp-content/uploads/2022/11/BlackBasta_FIN7_6.jpg

101 KB
101 KB

580ms
580ms

Image
image/jpeg

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/uploads/2022/11/BlackBasta_FIN7_6.jpg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

6076a1df63a6d3c892634a3486eff4a37b59b7479dbff70adaaee5fda5074b88

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-749969788b-zq82t
strict-transport-security: max-age=300
date: Mon, 09 Jan 2023 22:31:04 GMT
via: 1.1 varnish, 1.1 varnish
expires: Fri, 08 Dec 2023 07:01:25 GMT
age: 0
x-cache: HIT, MISS
content-length: 102954
x-served-by: cache-chi-klot8100090-CHI, cache-maa10228-MAA
last-modified: Wed, 02 Nov 2022 23:09:49 GMT
server: nginx
x-timer: S1673303464.220425,VS0,VE323
etag: "6362f8bd-1922a"
content-type: image/jpeg
x-styx-req-id: f729f51b-75fc-11ed-b71a-7678b06c1548
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 2, 0

Redirect headers

date: Mon, 09 Jan 2023 22:31:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AmUO8yYRCCGcRY7sDAewpeuzNI%2B%2Fii%2FRJWfe17jS8snncDXDcpjFuGYKm%2B85%2By74g6F9P88A7kPBgsgNFC23NJgHP1itjQ225dc0vt%2Bj1G9f6%2Fe%2BWaIqSPumlDjEaIjOBCx%2Fi3s%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/uploads/2022/11/BlackBasta_FIN7_6.jpg
cf-ray: 78709ef8c9859b61-FRA
content-length: 0

GET
H2

200

BlackBasta_FIN7_1.jpg
de.sentinelone.com/wp-content/uploads/2022/11/
Redirect Chain

https://www.sentinelone.com/wp-content/uploads/2022/11/BlackBasta_FIN7_1.jpg
https://de.sentinelone.com/wp-content/uploads/2022/11/BlackBasta_FIN7_1.jpg

26 KB
26 KB

660ms
659ms

Image
image/jpeg

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/uploads/2022/11/BlackBasta_FIN7_1.jpg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

ebd778095a50233e4ece49f4a059c402c752962ea7535922000e7204d393a94e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-7b54449884-vrgr5
strict-transport-security: max-age=300
date: Mon, 09 Jan 2023 22:31:04 GMT
via: 1.1 varnish, 1.1 varnish
expires: Tue, 09 Jan 2024 18:27:54 GMT
age: 0
x-cache: HIT, MISS
content-length: 26171
x-served-by: cache-chi-kigq8000086-CHI, cache-maa10228-MAA
last-modified: Wed, 02 Nov 2022 23:10:02 GMT
server: nginx
x-timer: S1673303464.282762,VS0,VE279
etag: "6362f8ca-663b"
content-type: image/jpeg
x-styx-req-id: 2aa35048-8f82-11ed-b241-426a1a3dbfaf
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 2, 0

Redirect headers

date: Mon, 09 Jan 2023 22:31:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ahbr08OqeGMebm9bU7PulOTQstzeeMZpbtEuEL6J%2FUFOySHsV4U5QrVfkvDgdVAg7p2oUxxI3yiH7CmYji%2B33Ob9YNw3LsIuheQIwtF4Zmnlp465W3FVwLz9l8Mcpy87BtzerzE%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/uploads/2022/11/BlackBasta_FIN7_1.jpg
cf-ray: 78709ef8c98c9b61-FRA
content-length: 0

GET
H2 200 arrow-left-dark.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 835 B
825 B 804ms
804ms Image
image/svg+xml 2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/arrow-left-dark.svg

Requested by

Host: de.sentinelone.com
URL: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

adc0e2dacc10d6d2acec5ffc5b5346f30a3424ea0bfccff7b902b6a594878a18

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 10 Jan 2024 22:31:04 GMT
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Mon, 09 Jan 2023 22:31:04 GMT
age: 0
x-cache: MISS, MISS
x-pantheon-styx-hostname: styx-fe2-a-cf859446b-gk4ch
content-length: 489
x-served-by: cache-chi-klot8100114-CHI, cache-maa10228-MAA
last-modified: Mon, 09 Jan 2023 21:55:08 GMT
server: nginx
x-timer: S1673303464.198102,VS0,VE270
etag: W/"63bc8d3c-343"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 4d6f3e3c-906d-11ed-ac83-3e540027c9d7
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 0

GET
H2 200 arrow-right-dark.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 920 B
704 B 800ms
800ms Image
image/svg+xml 2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/arrow-right-dark.svg

Requested by

Host: de.sentinelone.com
URL: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

444c83e95470e69f7355fcdb3a370c872025ae298b139090ff9f194ce28dea5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 10 Jan 2024 22:31:04 GMT
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Mon, 09 Jan 2023 22:31:04 GMT
age: 0
x-cache: MISS, MISS
x-pantheon-styx-hostname: styx-fe2-a-cf859446b-9fs28
content-length: 513
x-served-by: cache-chi-kigq8000025-CHI, cache-maa10228-MAA
last-modified: Mon, 09 Jan 2023 21:55:10 GMT
server: nginx
x-timer: S1673303464.198085,VS0,VE262
etag: W/"63bc8d3e-398"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 4d6e724a-906d-11ed-9a48-160f20372db7
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 0

GET
H2 200 search-icon-white.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 681 B
504 B 485ms
485ms Image
image/svg+xml 2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon-white.svg

Requested by

Host: de.sentinelone.com
URL: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5466092ef0deb16007dc2e8e61eb345b380ab6663bd3ef41808ffb7360abd61a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 10 Jan 2024 21:58:01 GMT
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Mon, 09 Jan 2023 22:31:04 GMT
age: 1983
x-cache: HIT, HIT
x-pantheon-styx-hostname: styx-fe2-a-cf859446b-cg5nm
content-length: 385
x-served-by: cache-chi-kigq8000120-CHI, cache-maa10228-MAA
last-modified: Mon, 09 Jan 2023 21:55:09 GMT
server: nginx
x-timer: S1673303464.198067,VS0,VE26
etag: W/"63bc8d3d-2a9"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: af82b801-9068-11ed-a449-b6138f069fe8
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 3, 1

GET
H2 200 Socicon.woff2
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/fonts/ 63 KB
63 KB 1025ms
512ms Font
font/woff2 2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/fonts/Socicon.woff2?87visu

Requested by

Host: de.sentinelone.com
URL: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c254279147099e0b696b281d62b436b8aed42fb0f3abf1ba17abc398ca6c90e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308
Origin: https://www.sentinelone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 10 Jan 2024 22:04:07 GMT
strict-transport-security: max-age=300
date: Mon, 09 Jan 2023 22:31:04 GMT
via: 1.1 varnish, 1.1 varnish
x-pantheon-styx-hostname: styx-fe2-a-cf859446b-62m64
age: 1617
x-cache: HIT, MISS
content-length: 64512
x-served-by: cache-chi-klot8100177-CHI, cache-maa10249-MAA
last-modified: Mon, 09 Jan 2023 21:55:10 GMT
server: nginx
x-timer: S1673303465.506856,VS0,VE257
etag: "63bc8d3e-fc00"
content-type: font/woff2
access-control-allow-origin: *
x-styx-req-id: 89c4dd51-9069-11ed-9d39-2a3f230e02dc
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 1, 0

GET
H2 200 zYX7KVElMYYaJe8bpLHnCwDKhdTmrINcdvfu.woff2
fonts.gstatic.com/s/ibmplexsans/v14/ 19 KB
19 KB 32ms
32ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsans/v14/zYX7KVElMYYaJe8bpLHnCwDKhdTmrINcdvfu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=IBM+Plex+Sans:300,300i,400,400i,700,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dc78454a6c5b509cb705feac59bcd550340250905a9af37d74c3bbf57ccc9425

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.sentinelone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 13:43:22 GMT
x-content-type-options: nosniff
age: 204461
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19612
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:48:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Jan 2024 13:43:22 GMT

GET
H2 200 getForm Show response
go.sentinelone.com/index.php/form/ 6 KB
2 KB 71ms
71ms Script
application/javascript 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.sentinelone.com/index.php/form/getForm?munchkinId=327-MNM-087&form=1985&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&callback=jQuery112408958911760041108_1673303463734&_=1673303463735
Requested by: Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 95039f1bf174bcbff2eb5d161e9ab5d4c9cb95e726af94efba4f79a907aa1a47

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:03 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 78709ef8ef1b9a0c-FRA
cached: true
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/02ad5672-6494-4b20-a5ae-7d131a0f4f9c/8559fb5f-d020-41f3-b4af-073a54697ce8/ 54 KB
11 KB 18ms
18ms Fetch
application/x-javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/02ad5672-6494-4b20-a5ae-7d131a0f4f9c/8559fb5f-d020-41f3-b4af-073a54697ce8/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a164c7c15f8197903a11533e5fe6894fc3e75abf931897d86d039d0661e4bfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 09 Jan 2023 22:31:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: g3u/cB4L4tfTQx7Hp+ONEQ==
age: 23957
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 11065
x-ms-lease-status: unlocked
last-modified: Fri, 10 Sep 2021 19:25:24 GMT
server: cloudflare
etag: 0x8D97490BD2F4CA7
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: f8ce545a-101e-00ac-0342-caf971000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 78709ef8f8839a05-FRA
expires: Tue, 10 Jan 2023 22:31:03 GMT

GET
H2

200

InkySquid-The-Missing-Arsenal-1-150x150.jpg
de.sentinelone.com/wp-content/uploads/2023/01/
Redirect Chain

https://www.sentinelone.com/wp-content/uploads/2023/01/InkySquid-The-Missing-Arsenal-1-150x150.jpg
https://de.sentinelone.com/wp-content/uploads/2023/01/InkySquid-The-Missing-Arsenal-1-150x150.jpg

7 KB
7 KB

603ms
603ms

Image
image/jpeg

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/uploads/2023/01/InkySquid-The-Missing-Arsenal-1-150x150.jpg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

13cbbb338296f5381fc4557ac240e43d375fbe34b875cbde78200fd8e6826fca

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-7b54449884-4zmls
strict-transport-security: max-age=300
date: Mon, 09 Jan 2023 22:31:04 GMT
via: 1.1 varnish, 1.1 varnish
expires: Wed, 10 Jan 2024 22:05:58 GMT
age: 1505
x-cache: HIT, MISS
content-length: 6997
x-served-by: cache-chi-klot8100062-CHI, cache-maa10228-MAA
last-modified: Wed, 04 Jan 2023 13:01:06 GMT
server: nginx
x-timer: S1673303464.198476,VS0,VE245
etag: "63b57892-1b55"
content-type: image/jpeg
x-styx-req-id: cc18f411-9069-11ed-82ab-161480ee7ce8
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 1, 0

Redirect headers

date: Mon, 09 Jan 2023 22:31:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bvVykqk3Khonfrgj%2B2smy9YYePvLsEfmy45fREQJX%2FCdvispGk9Vy2wRqmY2erAeNBI9WvVX%2FuPkNEEIvTDBX213991TLeggPQxUgALPU0JBwEZg2TLQsFaY5uTkX87D6LDtqSI%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/uploads/2023/01/InkySquid-The-Missing-Arsenal-1-150x150.jpg
cf-ray: 78709ef909df9b61-FRA
content-length: 0

GET
H2

200

Breaking-Firmware-Trust-From-The-Other-Side-Exploiting-Early-Boot-Phases-Pre-EFI-1-150x150.jpg
de.sentinelone.com/wp-content/uploads/2022/12/
Redirect Chain

https://www.sentinelone.com/wp-content/uploads/2022/12/Breaking-Firmware-Trust-From-The-Other-Side-Exploiting-Early-Boot-Phases-Pre-EFI-1-150x150.jpg
https://de.sentinelone.com/wp-content/uploads/2022/12/Breaking-Firmware-Trust-From-The-Other-Side-Exploiting-Early-Boot-Phases-Pre-EFI-1-150x150.jpg

7 KB
7 KB

600ms
600ms

Image
image/jpeg

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/uploads/2022/12/Breaking-Firmware-Trust-From-The-Other-Side-Exploiting-Early-Boot-Phases-Pre-EFI-1-150x150.jpg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

f9b186212bf7ea8fcf0a7a0df9ea09ebc2b1fa4e49126c24c79e992b40d7fa48

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-9fs28
strict-transport-security: max-age=300
date: Mon, 09 Jan 2023 22:31:04 GMT
via: 1.1 varnish, 1.1 varnish
expires: Sat, 30 Dec 2023 12:40:42 GMT
age: 1505
x-cache: HIT, HIT
content-length: 6795
x-served-by: cache-chi-klot8100023-CHI, cache-maa10228-MAA
last-modified: Thu, 22 Dec 2022 15:52:31 GMT
server: nginx
x-timer: S1673303464.198493,VS0,VE242
etag: "63a47d3f-1a8b"
content-type: image/jpeg
x-styx-req-id: 01afe6e2-8776-11ed-a0b1-160f20372db7
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 3, 1

Redirect headers

date: Mon, 09 Jan 2023 22:31:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8M3Kq3O74g5wuurFqVtBmX3YpxP8OLjoovFS7Syf9ucmuvFzFI3pfzCPIY0PGIlJlPn%2BIjfWfZOKVWBtWWD8uCkjaavRYhY66M85bQvTW%2BQj6jFK6WcuYUnJZc0Y%2BzYeIoT7ikE%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/uploads/2022/12/Breaking-Firmware-Trust-From-The-Other-Side-Exploiting-Early-Boot-Phases-Pre-EFI-1-150x150.jpg
cf-ray: 78709ef909e09b61-FRA
content-length: 0

GET
H2

200

Custom-Branded-Ransomware-The-Vice-Society-Group-and-the-Threat-of-Outsourced-Development-3-150x150.jpg
de.sentinelone.com/wp-content/uploads/2022/12/
Redirect Chain

https://www.sentinelone.com/wp-content/uploads/2022/12/Custom-Branded-Ransomware-The-Vice-Society-Group-and-the-Threat-of-Outsourced-Development-3-150x150.jpg
https://de.sentinelone.com/wp-content/uploads/2022/12/Custom-Branded-Ransomware-The-Vice-Society-Group-and-the-Threat-of-Outsourced-Development-3-150x150.jpg

8 KB
9 KB

558ms
558ms

Image
image/jpeg

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/uploads/2022/12/Custom-Branded-Ransomware-The-Vice-Society-Group-and-the-Threat-of-Outsourced-Development-3-150x150.jpg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

85ef29f5b0dc32924443c0574809da5c9881ecd615159b38e5f756ce2d5aa2c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-cf859446b-vg9w5
strict-transport-security: max-age=300
date: Mon, 09 Jan 2023 22:31:04 GMT
via: 1.1 varnish, 1.1 varnish
expires: Sat, 23 Dec 2023 14:33:45 GMT
age: 0
x-cache: HIT, HIT
content-length: 8480
x-served-by: cache-chi-klot8100177-CHI, cache-maa10228-MAA
last-modified: Thu, 22 Dec 2022 10:05:06 GMT
server: nginx
x-timer: S1673303464.236877,VS0,VE242
etag: "63a42bd2-2120"
content-type: image/jpeg
x-styx-req-id: a4223c63-8205-11ed-abd2-961de87e72df
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 1, 1

Redirect headers

date: Mon, 09 Jan 2023 22:31:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OHovBRJYH9R21OaICJWlqtfpM39O2vJyhjqMWmtt2UlO7XppPV305fk9NUsf8DPFoMpEOaDreBjLMOx81es%2BmTXwwnZtXKVOGFTdyeqCd6qGTcCFWqU683RCWJuNvUqftxSlrBQ%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/uploads/2022/12/Custom-Branded-Ransomware-The-Vice-Society-Group-and-the-Threat-of-Outsourced-Development-3-150x150.jpg
cf-ray: 78709ef909e29b61-FRA
content-length: 0

GET
H2 200 getForm Show response
go.sentinelone.com/index.php/form/ 6 KB
2 KB 576ms
575ms Script
application/javascript 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.sentinelone.com/index.php/form/getForm?munchkinId=327-MNM-087&form=2673&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&callback=jQuery112408958911760041108_1673303463736&_=1673303463737
Requested by: Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 72044fff34fd2acb43fd24102aab743138feee44f2ecbba56ada534b61d4724c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:04 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-form-service-request-id: d9c#18598a89831
x-marketo-source: Form Service
cf-ray: 78709ef90f4c9a0c-FRA
cached: false

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 1007 B
650 B 79ms
18ms Script
application/x-javascript 2a02:26f0:11a::217:9a4a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a::217:9a4a Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: bf9a0c280ee8c722e9754fb796c271e6edf87dec1af693bfc8cfedd8b8e6aff0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:03 GMT
content-encoding: gzip
last-modified: Mon, 09 Jan 2023 14:52:33 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=58963
accept-ranges: bytes
content-length: 482

GET
H2 200 calendar-icon-light.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 2 KB
1 KB 763ms
762ms Image
image/svg+xml 2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/calendar-icon-light.svg

Requested by

Host: de.sentinelone.com
URL: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

de51ba53b38ba54ff68c8d8446802ae1a917d5c456494d88e3bb9d488dc605b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 10 Jan 2024 22:31:04 GMT
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Mon, 09 Jan 2023 22:31:04 GMT
age: 0
x-cache: MISS, MISS
x-pantheon-styx-hostname: styx-fe2-b-7b54449884-4zmls
content-length: 842
x-served-by: cache-chi-klot8100021-CHI, cache-maa10228-MAA
last-modified: Mon, 09 Jan 2023 21:55:08 GMT
server: nginx
x-timer: S1673303464.198019,VS0,VE261
etag: W/"63bc8d3c-798"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 4d6e3069-906d-11ed-82ab-161480ee7ce8
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 0

GET
H2

200

social-twitter-white.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/
Redirect Chain

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-twitter-white.svg;
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-twitter-white.svg

2 KB
1 KB

495ms
494ms

Image
image/svg+xml

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-twitter-white.svg

Requested by

Host: de.sentinelone.com
URL: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

7a5d0f939c5224a8efb5b96759dd0509360b5d071774bb702f788f37a00a8426

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 10 Jan 2024 21:58:02 GMT
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Mon, 09 Jan 2023 22:31:04 GMT
age: 1983
x-cache: HIT, MISS
x-pantheon-styx-hostname: styx-fe2-a-cf859446b-cg5nm
content-length: 1036
x-served-by: cache-chi-kigq8000162-CHI, cache-maa10228-MAA
last-modified: Mon, 09 Jan 2023 21:55:09 GMT
server: nginx
x-timer: S1673303465.694460,VS0,VE244
etag: W/"63bc8d3d-7e1"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: b007a549-9068-11ed-a449-b6138f069fe8
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 3, 0

Redirect headers

x-cache-hits: 1, 0
content-security-policy: frame-ancestors 'self' http://sentinelone.lookbookhq.com https://sentinelone.lookbookhq.com http://sentinelone.pathfactory.com https://sentinelone.pathfactory.com http://assets.sentinelone.com https://assets.sentinelone.com;
strict-transport-security: max-age=15768000;, max-age=300
x-content-type-options: nosniff
date: Mon, 09 Jan 2023 22:31:04 GMT
via: 1.1 varnish, 1.1 varnish
age: 1505
x-redirect-by: WordPress
x-cache: HIT, MISS
x-pantheon-styx-hostname: styx-fe2-a-cf859446b-gk4ch
content-length: 0
x-xss-protection: 1; mode=block
x-served-by: cache-chi-klot8100133-CHI, cache-maa10228-MAA
referrer-policy: origin-when-cross-origin
server: nginx
x-timer: S1673303464.197984,VS0,VE244
expect-ct: enforce; max-age=2592000;
x-frame-options: ALLOW-FROM SAMEORIGIN, sentinelone.pathfactory.com, sentinelone.lookbookhq.com, assets.pathfactory.com, go.sentinelone.com, www.sentinelone.com
vary: Cookie, Cookie
content-type: text/html; charset=UTF-8
location: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-twitter-white.svg
x-styx-req-id: cbfa7b76-9069-11ed-ac83-3e540027c9d7
cache-control: max-age=3600
accept-ranges: bytes
expires: Mon, 09 Jan 2023 23:05:58 GMT

GET
H2

200

social-linkedin-white.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/
Redirect Chain

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-linkedin-white.svg;
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-linkedin-white.svg

2 KB
1 KB

495ms
495ms

Image
image/svg+xml

2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-linkedin-white.svg

Requested by

Host: de.sentinelone.com
URL: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308

Protocol

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

eae2c34014a512a5bebe4a87261c00c87807d4d185dfe1bc0cc09eae0592e6ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1673301308
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Wed, 10 Jan 2024 21:58:02 GMT
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Mon, 09 Jan 2023 22:31:04 GMT
age: 1983
x-cache: HIT, MISS
x-pantheon-styx-hostname: styx-fe2-a-cf859446b-cg5nm
content-length: 993
x-served-by: cache-chi-klot8100042-CHI, cache-maa10228-MAA
last-modified: Mon, 09 Jan 2023 21:55:08 GMT
server: nginx
x-timer: S1673303465.695286,VS0,VE244
etag: W/"63bc8d3c-90f"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: b0073254-9068-11ed-a449-b6138f069fe8
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 3, 0

Redirect headers

x-cache-hits: 1, 0
content-security-policy: frame-ancestors 'self' http://sentinelone.lookbookhq.com https://sentinelone.lookbookhq.com http://sentinelone.pathfactory.com https://sentinelone.pathfactory.com http://assets.sentinelone.com https://assets.sentinelone.com;
strict-transport-security: max-age=15768000;, max-age=300
x-content-type-options: nosniff
date: Mon, 09 Jan 2023 22:31:04 GMT
via: 1.1 varnish, 1.1 varnish
age: 1505
x-redirect-by: WordPress
x-cache: HIT, MISS
x-pantheon-styx-hostname: styx-fe2-b-7b54449884-vrgr5
content-length: 0
x-xss-protection: 1; mode=block
x-served-by: cache-chi-klot8100131-CHI, cache-maa10228-MAA
referrer-policy: origin-when-cross-origin
server: nginx
x-timer: S1673303464.197965,VS0,VE245
expect-ct: enforce; max-age=2592000;
x-frame-options: ALLOW-FROM SAMEORIGIN, sentinelone.pathfactory.com, sentinelone.lookbookhq.com, assets.pathfactory.com, go.sentinelone.com, www.sentinelone.com
vary: Cookie, Cookie
content-type: text/html; charset=UTF-8
location: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-linkedin-white.svg
x-styx-req-id: cbfe914b-9069-11ed-b2ac-426a1a3dbfaf
cache-control: max-age=3600
accept-ranges: bytes
expires: Mon, 09 Jan 2023 23:05:58 GMT

GET
DATA 200
OK truncated
/ 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 380 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 717f6bb5f6cc69c444f54376a72dee0ca7968b2a12e7c9475247ec85c0e75a53

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 zYX9KVElMYYaJe8bpLHnCwDKjXr8AIFsdA.woff2
fonts.gstatic.com/s/ibmplexsans/v14/ 19 KB
19 KB 14ms
14ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsans/v14/zYX9KVElMYYaJe8bpLHnCwDKjXr8AIFsdA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=IBM+Plex+Sans:300,300i,400,400i,700,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca9b10dd6f91b1495f2f5afb055e060c55a5cc89e12c435e383cc1998741a739

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.sentinelone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 03 Jan 2023 18:07:13 GMT
x-content-type-options: nosniff
age: 534230
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19200
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:50:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 03 Jan 2024 18:07:13 GMT

GET
DATA 200
OK truncated
/ 547 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb14baeac955bb11e33cd7fd3fd2f698cf20db1b450325f45ea843b6cdc82366

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 552 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 62f3f809487194fcc55a3ebd88811a604ae496027bb425d4ebd15d9ae1921945

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 177 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d692a67352a3dfa80010c86a62761cfff05c0b1086618106a8576cc45a6a8115

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 351 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 145287b36883dd3061ca7aa9229a8fa9ace2cccd50e0382b4b6201f3916b57c5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 242 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f4513a435d6a3047d20a50c1e7d4263de42146c74be227f774b5e82e6357e75

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H2 204 collect
region1.google-analytics.com/g/ 0
341 B 57ms
16ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-KJPGLC9EVP&gtm=2oe120&_p=414664578&cid=422762468.1673303464&ul=en-us&sr=1600x1200&_s=1&sid=1673303463&sct=1&seg=0&dl=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&dt=Black%20Basta%20Ransomware%20%7C%20Attacks%20Deploy%20Custom%20EDR%20Evasion%20Tools%20Tied%20to%20FIN7%20Threat%20Actor%20-%20SentinelOne&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-KJPGLC9EVP&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 22:31:03 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.sentinelone.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/ 13 KB
3 KB 16ms
16ms Fetch
application/json 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72562f00bd821b6edc0368065bf009468955ba01f8ead742d8bbc2470c4358c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 09 Jan 2023 22:31:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: r7t3xbAZ3QK/7lQuu5X7ww==
age: 7239
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2950
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:51 GMT
server: cloudflare
etag: 0x8D96DBF68EC8D5B
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 0526822e-501e-0163-7ac1-11d896000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 78709ef9894b9a05-FRA

GET
H2 200 otPcPanel.json Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/v2/ 47 KB
11 KB 25ms
25ms Fetch
application/json 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/v2/otPcPanel.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49f1fe168324ed0f76fbbab536b991c992296cd48da5ce9dd8bc8ea55e2ef946

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 09 Jan 2023 22:31:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 57AUyP21eMxOiwzpGGh99A==
age: 7239
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 11457
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:53 GMT
server: cloudflare
etag: 0x8D96DBF6A0C163B
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 34b2a80d-701e-00b7-79e2-29d7e3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 78709ef9894d9a05-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/ 20 KB
4 KB 21ms
21ms Fetch
text/css 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 09 Jan 2023 22:31:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Ye6OeZcNyuFoWog7CYs00A==
age: 7239
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:12:05 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 73f76b39-101e-0146-686c-c44025000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 78709ef989509a05-FRA

GET
H2 200 optimize.js Show response
www.google-analytics.com/gtm/ 117 KB
46 KB 63ms
26ms Script
application/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/optimize.js?id=GTM-K9ZDGR4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

93b12b09303e15dfcf3b0db83c50891de208da0af7ce76233baed85160941b25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 46850
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 09 Jan 2023 22:31:04 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 47ms
13ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 09 Jan 2023 21:50:37 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 2426
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Mon, 09 Jan 2023 23:50:37 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/970186784/ 2 KB
2 KB 182ms
88ms Script
text/javascript 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/970186784/?random=1673303463952&cv=11&fst=1673303463952&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&tiba=Black%20Basta%20Ransomware%20%7C%20Attacks%20Deploy%20Custom%20EDR%20Evasion%20Tools%20Tied%20to%20FIN7%20Threat%20Actor%20-%20SentinelOne&auid=1028553306.1673303464&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3b65bf8781a1a5df9a6dfa12398a526ee429ea56ab9e32e3be8de48ebdd8caca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 22:31:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 986
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 hotjar-2714452.js Show response
static.hotjar.com/c/ 8 KB
4 KB 131ms
59ms Script
application/javascript 99.86.240.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2714452.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.240.71 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-240-71.vie50.r.cloudfront.net

Software

Resource Hash

ac4de418f56efb62be153e101f32d8fca408447af165aa5dc0244df6db6bab3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:04 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 89325178f4430fe7d65a260b33ed0234.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C1
etag: W/041afea2a6c544dcadc9fbf2200e5064
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=60
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-id: VdsP9Q_VwbuHbIucWePxeOBKJFHC6KiWcUSPkOP959Q_wsF0yE5LAw==

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 102ms
18ms Script
application/javascript 199.232.16.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.16.157 Vienna, Austria, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:04 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-vie6382-VIE

GET
H3

200

activityi;dc_pre=CJzSz5TFu_wCFYFJkQUdOqwAUg;src=10466992;type=sitew0;cat=sitew0;ord=5730340928924;gtm=2wg120;auiddc=1028553306.1673303464;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-r... Show response
10466992.fls.doubleclick.net/ Frame 4BED
Redirect Chain

https://10466992.fls.doubleclick.net/activityi;src=10466992;type=sitew0;cat=sitew0;ord=5730340928924;gtm=2wg120;auiddc=1028553306.1673303464;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-bast...
https://10466992.fls.doubleclick.net/activityi;dc_pre=CJzSz5TFu_wCFYFJkQUdOqwAUg;src=10466992;type=sitew0;cat=sitew0;ord=5730340928924;gtm=2wg120;auiddc=1028553306.1673303464;u1=https%3A%2F%2Fwww.s...

721 B
359 B

82ms
51ms

Document
text/html

142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10466992.fls.doubleclick.net/activityi;dc_pre=CJzSz5TFu_wCFYFJkQUdOqwAUg;src=10466992;type=sitew0;cat=sitew0;ord=5730340928924;gtm=2wg120;auiddc=1028553306.1673303464;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F;~oref=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

cafe /

Resource Hash

2da4a62da9a64946cd02ac4477322b686b6a3699287546b09e511dbf001c2699

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sentinelone.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 334
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 09 Jan 2023 22:31:04 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 09 Jan 2023 22:31:04 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://10466992.fls.doubleclick.net/activityi;dc_pre=CJzSz5TFu_wCFYFJkQUdOqwAUg;src=10466992;type=sitew0;cat=sitew0;ord=5730340928924;gtm=2wg120;auiddc=1028553306.1673303464;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F;~oref=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 81ms
36ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

f2c4b7d20ff42a433d0c76631c460cd75128f8f0436d052ce2cf79dc4fa6a244

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Mon, 09 Jan 2023 22:31:03 GMT
last-modified: Mon, 05 Dec 2022 17:15:50 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B84ED449F9FB48F7A9A2EE93984591EA Ref B: FRAEDGE1411 Ref C: 2023-01-09T22:31:04Z
etag: "027e538cd8d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11460

GET
H/1.1 200
OK 56a667965d8d21035d00000d.js Show response
tag.marinsm.com/serve/ 12 KB
4 KB 69ms
8ms Script
text/javascript 151.101.0.65
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.marinsm.com/serve/56a667965d8d21035d00000d.js

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.0.65 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Cowboy /

Resource Hash

f0dbd5ad7b0ead52f6375610e738f5727261715f392d0892047e160f50138f5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 09 Jan 2023 22:31:04 GMT
Via: 1.1 vegur, 1.1 varnish
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Age: 730
X-Cache: HIT
Connection: keep-alive
Content-Length: 3894
X-Served-By: cache-fra-eddf8230032-FRA
Server: Cowboy
X-Timer: S1673303464.043716,VS0,VE1
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=1800
Accept-Ranges: bytes
X-Cache-Hits: 1

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
2 KB 257ms
14ms Script
application/x-javascript 23.45.104.85
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.104.85 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-104-85.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 91a50850c517899e1c975079158949f7a500ddf5a7307fe36bf50092926beedc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 09 Jan 2023 22:31:04 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Sep 2022 01:18:39 GMT
Server: AkamaiNetStorage
ETag: "92b41a298690c047b0c4602dd843cba4:1662686319.691662"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 728

GET
H/1.1 200
OK bf-munchkin.min.js Show response
munchkin.brightfunnel.com/js/build/ 20 KB
7 KB 79ms
9ms Script
application/javascript 65.9.66.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-114.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 012743d9f8e3a8cb9fd4a9466aa2eb026a53d446d530d60440463e555ad0fc87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id: null
Content-Encoding: gzip
Via: 1.1 72e8bbddfffeeec486003f867d631024.cloudfront.net (CloudFront)
Date: Mon, 09 Jan 2023 22:29:46 GMT
X-Amz-Cf-Pop: FRA56-C1
Age: 127
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Wed, 16 Jun 2021 18:10:10 GMT
Server: AmazonS3
ETag: W/"20317c42053d4a6e5ba388544778b12a"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=300
X-Amz-Cf-Id: sgYAXNhBsYn0S8K6AuD6xopu7r5cOixmTX-hiASAr38A5N6XgPgl8A==

GET
H2 200 qevents.js Show response
a.quora.com/ 40 KB
14 KB 43ms
16ms Script
text/plain 162.159.152.17
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.quora.com/qevents.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.159.152.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a15bef5551f730c8269a1cba57c370099d559defd996193c80a477c411081ca2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:04 GMT
x-amz-version-id: vyBstMTGyA6m5sV66zq8xsypUg.tAOk.
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: 55N7600P8GCTEEBQ
age: 501038
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: qlbSRDw0REl7Z7WhYXb/DzKtCI7sCFyRvea80VRl8gSo12aSrZd1nh3NiETnc0ypGwuK32cnllI=
last-modified: Fri, 18 Mar 2022 00:16:52 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1647562609/ctime:1647562609/gid:150037/gname:ezhang/md5:47078e63380c6b0cbbfb6d8508b25ee7/mode:33204/mtime:1647562609/uid:150037/uname:ezhang
etag: W/"47078e63380c6b0cbbfb6d8508b25ee7"
vary: Accept-Encoding
content-type: text/plain
cache-control: public, max-age=14400
cf-ray: 78709efa18a42c29-FRA
expires: Tue, 10 Jan 2023 02:31:04 GMT

GET
H2 200 client.js Show response
cdn.abrankings.com/js/ 35 KB
8 KB 55ms
7ms Script
application/javascript 2600:9000:223d:d200:11:8a36:7200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.abrankings.com/js/client.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:d200:11:8a36:7200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 6782c26e66d8abbe5816cd0222f41c431399582ce9b59805bffda7572e7ba288

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: public
date: Wed, 21 Dec 2022 01:13:30 GMT
content-encoding: gzip
via: 1.1 5c79308f72e53cdf81a950b478a7e144.cloudfront.net (CloudFront)
last-modified: Tue, 14 Jun 2022 17:44:33 GMT
server: nginx/1.20.1
x-amz-cf-pop: FRA56-P3
age: 1718254
etag: W/"62a8c901-8d68"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: max-age=15552000, public
x-amz-cf-id: KMuJ-U-a2mWzSdmbY2GNnc9Sdhreu_WbI8jjvrgf2MT3lLChCHcB-g==
expires: Mon, 19 Jun 2023 01:13:30 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 114 KB
45 KB 54ms
26ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-10604934

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ccd548e752c5194c21a3d83711ae71990d66ea1a932bb37db82c0209c602329f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45912
x-xss-protection: 0
last-modified: Mon, 09 Jan 2023 21:19:16 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 09 Jan 2023 22:31:04 GMT

GET
H2 200 forms2.css
go.sentinelone.com/js/forms2/css/ 13 KB
3 KB 20ms
19ms Stylesheet
text/css 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/js/forms2/css/forms2.css

Requested by

Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 04 Oct 2022 18:03:49 GMT
server: cloudflare
age: 6871
etag: "16c02f5-3437-5ea394834ab40"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 78709ef9e8b49a0c-FRA
content-length: 2623
expires: Tue, 10 Jan 2023 02:31:04 GMT

GET
H2 200 forms2-theme-plain.css
go.sentinelone.com/js/forms2/css/ 828 B
399 B 18ms
17ms Stylesheet
text/css 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/js/forms2/css/forms2-theme-plain.css

Requested by

Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 04 Oct 2022 18:03:49 GMT
server: cloudflare
age: 6870
etag: "16c02f7-33c-5ea394834ab40"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 78709ef9e8b79a0c-FRA
content-length: 246
expires: Tue, 10 Jan 2023 02:31:03 GMT

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 23ms
23ms Script
application/x-javascript 2a02:26f0:11a::217:9a4a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a::217:9a4a Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 3fe29b8c78990a7b9438b55099db5603e79ad1438a8c3efab09cedf8eb415b66

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:04 GMT
content-encoding: gzip
last-modified: Sun, 08 Jan 2023 11:26:39 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=84421
accept-ranges: bytes
content-length: 4773

OPTIONS
H2 200 token
cdn.linkedin.oribi.io/partner/432890/domain/sentinelone.com/ Frame 0
0 75ms
7ms Preflight 2600:9000:206f:d800:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/432890/domain/sentinelone.com/token
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:d800:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.sentinelone.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 1800
age: 56111
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length: 0
date: Mon, 09 Jan 2023 06:55:52 GMT
via: 1.1 a618edcb8ddcdae59a3a61a6c82ff54c.cloudfront.net (CloudFront)
x-amz-cf-id: idWsXVnWEUpWzqY-6LjDYIDwkzcRgeAPY69wCSeV47UkpM_wyRXDUw==
x-amz-cf-pop: FRA56-C1
x-cache: Hit from cloudfront

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/432890/domain/sentinelone.com/ 36 B
375 B 23ms
23ms XHR
application/json 2600:9000:206f:d800:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/432890/domain/sentinelone.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:d800:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.sentinelone.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 09 Jan 2023 21:32:36 GMT
content-encoding: gzip
via: 1.1 a618edcb8ddcdae59a3a61a6c82ff54c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 3508
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: PFTe2xXOIL5CowK6Wpha9nsBnwKFFUW-EsOGU9MatyTD_Cc7uu2qAQ==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=432890&time=1673303464043&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fi...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D432890%26time%3D1673303464043%26url%3Dhttps%253A%252F%252Fwww.sentinelone.com%252...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=432890&time=1673303464043&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fi...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=432890&time=1673303464043&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-f...

0
265 B

337ms
153ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=432890&time=1673303464043&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&liSync=true&e_ipv6=AQKljZn1KXnKKAAAAYWYqJpqi3dM-WfHb9WUJ3n2xP4jFV3FxSP2ZUVzn_x3XlchrXOOeO2FSb7Aow
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:04 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 4BA374F166A64EBF87BE0A920F9AE071 Ref B: FRAEDGE1406 Ref C: 2023-01-09T22:31:04Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXx3FKgJAGdYEOA1mfFSQ==

Redirect headers

date: Mon, 09 Jan 2023 22:31:04 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: CFD6CA590DB14E21993FA5DC3800C573 Ref B: FRAEDGE1818 Ref C: 2023-01-09T22:31:04Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=432890&time=1673303464043&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&liSync=true&e_ipv6=AQKljZn1KXnKKAAAAYWYqJpqi3dM-WfHb9WUJ3n2xP4jFV3FxSP2ZUVzn_x3XlchrXOOeO2FSb7Aow
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXx3FKbAamJRSSXEwydXg==

OPTIONS
H2 200 token
cdn.linkedin.oribi.io/partner/432890/domain/sentinelone.com/ Frame 0
0 75ms
8ms Preflight 2600:9000:206f:d800:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/432890/domain/sentinelone.com/token
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:d800:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.sentinelone.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 1800
age: 56111
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length: 0
date: Mon, 09 Jan 2023 06:55:52 GMT
via: 1.1 a618edcb8ddcdae59a3a61a6c82ff54c.cloudfront.net (CloudFront)
x-amz-cf-id: lvWgizQFPAnVF9l86EgzwxgucogCkL4UpM0993trqjL6X7kFQa8hUw==
x-amz-cf-pop: FRA56-C1
x-cache: Hit from cloudfront

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/432890/domain/sentinelone.com/ 36 B
376 B 21ms
21ms XHR
application/json 2600:9000:206f:d800:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/432890/domain/sentinelone.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:d800:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.sentinelone.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 09 Jan 2023 21:32:36 GMT
content-encoding: gzip
via: 1.1 a618edcb8ddcdae59a3a61a6c82ff54c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 3508
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: HjW1qmvtS4OZL6skHWHG7xEgS05m7dH-uWwv59xcN3NVLt3XTsJQWg==

GET
H2 200 XDFrame Show response
go.sentinelone.com/index.php/form/ Frame 6276 2 KB
864 B 128ms
128ms Document
text/html 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/index.php/form/XDFrame

Requested by

Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

64d117a5cdaf7b8aa3bc5ff1abeec0e1d98b834782d49f34260c4e1ecc7ec4c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sentinelone.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 78709efa595c9a0c-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 09 Jan 2023 22:31:04 GMT
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H/1.1 200
OK pixel
q.quora.com/_/ad/ea333f827b114f8cb49ce787666ea90b/ 43 B
422 B 387ms
97ms Image
image/gif 18.214.27.153
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q.quora.com/_/ad/ea333f827b114f8cb49ce787666ea90b/pixel?j=1&u=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&tag=ViewContent&ts=1673303464065

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.214.27.153 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-214-27-153.compute-1.amazonaws.com

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 09 Jan 2023 22:31:04 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Server: nginx
Connection: keep-alive
Content-Length: 43
X-Q-Stat: ,cf5c4b113e686caa1a96d3f4ecb3252b,10.0.0.97,8494,178.162.209.132,,92151615890,1,1673303464.399,0.002,,.,0,0,0.000,0.004,-,0,0,197,224,112,10,35796,,,,,,-,
Content-Type: image/gif

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 50ms
20ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=414664578&t=pageview&_s=1&dl=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&ul=en-us&de=UTF-8&dt=Black%20Basta%20Ransomware%20%7C%20Attacks%20Deploy%20Custom%20EDR%20Evasion%20Tools%20Tied%20to%20FIN7%20Threat%20Actor%20-%20SentinelOne&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aADAAEABQAAAACAAI~&jid=295448578&gjid=585799600&cid=422762468.1673303464&tid=UA-38175129-1&_gid=1782668282.1673303464&_r=1&gtm=2wg120KGGXSJ&z=1091818555

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sentinelone.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 22:31:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.sentinelone.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

tagjs Show response
pixel-geo.prfct.co/
Redirect Chain

https://pixel-geo.prfct.co/tagjs?a_id=56252&source=js_tag
https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=56252&source=js_tag

125 B
454 B

30ms
29ms

Script
text/javascript

34.243.222.134
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=56252&source=js_tag
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/
Protocol: HTTP/1.1
Server: 34.243.222.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-243-222-134.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: d39dbcbab2612e0517746e01444d3eff25e08911bee4941263c89d6c5df78fac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 125
Content-Type: text/javascript

Redirect headers

Location: https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=56252&source=js_tag
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2 200 modules.563beb7d4ef2e22dbb74.js Show response
script.hotjar.com/ 264 KB
68 KB 58ms
10ms Script
application/javascript 143.204.215.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.563beb7d4ef2e22dbb74.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2714452.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.116 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-116.fra53.r.cloudfront.net

Software

Resource Hash

d02e464ddf2e31d6f1a2c2be6d4fe08d472be421fdd5990fb6b45a4a9b32169f

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 10:54:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 15d3b4db3728feaae1780610a1bac86e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 41818
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 68844
last-modified: Mon, 09 Jan 2023 10:53:14 GMT
etag: "c7ec806fc012fea99e86e2b314268f81"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: bsncL92HYiB9DNGLPbfiNMIdkNEsONKS7GW3pMi_wvJqovAKFvIgeQ==

GET
H2 200 adsct
t.co/i/ 43 B
378 B 133ms
112ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=8d84cd4a-dc48-43d3-9f04-5411de774d6c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=10952a67-07a5-42a7-8a63-b0f0f1f7f4d1&tw_document_href=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nv1yw&type=javascript&version=2.3.29

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-response-time: 106
date: Mon, 09 Jan 2023 22:31:03 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 1f391f42ca763665
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: bc1331a576bea1d303c49f194ee0750868fff0e95ab7e6763f4774bd96cc6a9f
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
237 B 426ms
115ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=8d84cd4a-dc48-43d3-9f04-5411de774d6c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=10952a67-07a5-42a7-8a63-b0f0f1f7f4d1&tw_document_href=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nv1yw&type=javascript&version=2.3.29

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-response-time: 109
date: Mon, 09 Jan 2023 22:31:04 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 9104cb2fd25b31bc
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: eb7f81626562d423fefea73a2b8674a5324dbd7d62540f897a142ab315f5a3f7
content-length: 43

GET
H2 204 134618848.js Show response
bat.bing.com/p/action/ 0
117 B 312ms
312ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/134618848.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Mon, 09 Jan 2023 22:31:03 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3317AA49E0B14B59A40B7D9DE691D95B Ref B: FRAEDGE1411 Ref C: 2023-01-09T22:31:04Z
x-cache: CONFIG_NOCACHE

GET
H2 200 /
www.google.com/pagead/1p-user-list/970186784/ 42 B
548 B 136ms
56ms Image
image/gif 2a00:1450:400d:80c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/970186784/?random=1673303463952&cv=11&fst=1673301600000&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&tiba=Black%20Basta%20Ransomware%20%7C%20Attacks%20Deploy%20Custom%20EDR%20Evasion%20Tools%20Tied%20to%20FIN7%20Threat%20Actor%20-%20SentinelOne&fmt=3&is_vtc=1&random=2217671029&rmt_tld=0&ipr=y

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 22:31:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/970186784/ 42 B
548 B 75ms
26ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/970186784/?random=1673303463952&cv=11&fst=1673301600000&bg=ffffff&guid=ON&async=1&gtm=2wg120&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&tiba=Black%20Basta%20Ransomware%20%7C%20Attacks%20Deploy%20Custom%20EDR%20Evasion%20Tools%20Tied%20to%20FIN7%20Threat%20Actor%20-%20SentinelOne&fmt=3&is_vtc=1&random=2217671029&rmt_tld=1&ipr=y

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 22:31:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
445 B 57ms
19ms XHR
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-38175129-1&cid=422762468.1673303464&jid=295448578&gjid=585799600&_gid=1782668282.1673303464&_u=aADAAEAAQAAAACAAI~&z=132806761

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sentinelone.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 09 Jan 2023 22:31:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.sentinelone.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 forms2.min.js Show response
go.sentinelone.com/js/forms2/js/ Frame 6276 208 KB
69 KB 24ms
23ms Script
application/x-javascript 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/js/forms2/js/forms2.min.js

Requested by

Host: go.sentinelone.com
URL: https://go.sentinelone.com/index.php/form/XDFrame

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.sentinelone.com/index.php/form/XDFrame
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 04 Oct 2022 18:03:49 GMT
server: cloudflare
age: 3
etag: "16c02fe-33e51-5ea394834ab40"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 78709efb4ac69a0c-FRA
expires: Tue, 10 Jan 2023 02:31:04 GMT

GET
H2 200 dc_pre=CJzSz5TFu_wCFYFJkQUdOqwAUg;src=10466992;type=sitew0;cat=sitew0;ord=5730340928924;gtm=2wg120;auiddc=1028553306.1673303464;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-... Show response
adservice.google.com/ddm/fls/i/ Frame 100A 720 B
803 B 106ms
53ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CJzSz5TFu_wCFYFJkQUdOqwAUg;src=10466992;type=sitew0;cat=sitew0;ord=5730340928924;gtm=2wg120;auiddc=1028553306.1673303464;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F;~oref=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F

Requested by

Host: 10466992.fls.doubleclick.net
URL: https://10466992.fls.doubleclick.net/activityi;dc_pre=CJzSz5TFu_wCFYFJkQUdOqwAUg;src=10466992;type=sitew0;cat=sitew0;ord=5730340928924;gtm=2wg120;auiddc=1028553306.1673303464;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F;~oref=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9bb89cb08ac1c1b96dd4325b9abf1bf7c70f45e7aec1f7b1f5005fda87af572f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10466992.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 335
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 09 Jan 2023 22:31:04 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 55ms
54ms Image
image/gif 2a00:1450:400d:80c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-38175129-1&cid=422762468.1673303464&jid=295448578&_u=aADAAEAAQAAAACAAI~&z=579976719

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 22:31:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 51ms
23ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-38175129-1&cid=422762468.1673303464&jid=295448578&_u=aADAAEAAQAAAACAAI~&z=579976719

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 22:31:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/162/ 11 KB
5 KB 11ms
11ms Script
application/x-javascript 23.45.104.85
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/162/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.104.85 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-104-85.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 09 Jan 2023 22:31:04 GMT
Content-Encoding: gzip
Last-Modified: Fri, 01 Jul 2022 00:59:12 GMT
Server: AkamaiNetStorage
ETag: "75daf56f6191efe42577301908659c29:1656637152.894482"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4677
Expires: Wed, 19 Apr 2023 22:31:04 GMT

POST
H/1.1 200
OK visitWebPage
327-mnm-087.mktoresp.com/webevents/ 2 B
318 B 614ms
95ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://327-mnm-087.mktoresp.com/webevents/visitWebPage?_mchNc=1673303464267&_mchCn=&_mchId=327-MNM-087&_mchTk=_mch-sentinelone.com-1673303464267-29435&_mchHo=www.sentinelone.com&_mchPo=&_mchRu=%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&_mchPc=https%3A&_mchVr=162&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/162/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 09 Jan 2023 22:31:04 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 25dace0a-4221-446e-b717-e4c3dc8f9589

GET
H2 200 ga.js Show response
ga.clearbit.com/v1/ 4 KB
1 KB 270ms
192ms Script
application/javascript 18.171.23.207
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ga.clearbit.com/v1/ga.js?authorization=pk_ed7b4bbadb390cf24ef37a1223019246

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.171.23.207 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-171-23-207.eu-west-2.compute.amazonaws.com

Software

envoy /

Resource Hash

3b3c7778ba4e247b97d37e9559528c0f1524faf72de80d4312a322e5e2420d65

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
server: envoy
x-api-version: 2018-03-28
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
x-account-id: 330680ff-f4de-4d19-81d4-375af65453c9

GET
H2 200 dc_pre=CJzSz5TFu_wCFYFJkQUdOqwAUg;src=10466992;type=sitew0;cat=sitew0;ord=5730340928924;gtm=2wg120;auiddc=1028553306.1673303464;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-... Show response
adservice.google.de/ddm/fls/i/ Frame 07D7 194 B
776 B 86ms
51ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/dc_pre=CJzSz5TFu_wCFYFJkQUdOqwAUg;src=10466992;type=sitew0;cat=sitew0;ord=5730340928924;gtm=2wg120;auiddc=1028553306.1673303464;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F;~oref=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CJzSz5TFu_wCFYFJkQUdOqwAUg;src=10466992;type=sitew0;cat=sitew0;ord=5730340928924;gtm=2wg120;auiddc=1028553306.1673303464;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F;~oref=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: br
content-length: 85
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 09 Jan 2023 22:31:04 GMT
expires: Mon, 09 Jan 2023 22:31:04 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

adsct
analytics.twitter.com/i/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=twtr
https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_aEyzvAyEtf32tPa1t

43 B
393 B

167ms
112ms

Image
image/gif

104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_aEyzvAyEtf32tPa1t

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-response-time: 106
date: Mon, 09 Jan 2023 22:31:03 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: a77dabe250f06ee6
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: eb7f81626562d423fefea73a2b8674a5324dbd7d62540f897a142ab315f5a3f7
content-length: 43

Redirect headers

Location: https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_aEyzvAyEtf32tPa1t
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2

204

sync
ups.analytics.yahoo.com/ups/58288/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=yah
https://ups.analytics.yahoo.com/ups/58288/sync?uid=pa_aEyzvAyEtf32tPa1t&_origin=1
https://ups.analytics.yahoo.com/ups/58288/sync?uid=pa_aEyzvAyEtf32tPa1t&_origin=1&verify=true

0
121 B

13ms
13ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58288/sync?uid=pa_aEyzvAyEtf32tPa1t&_origin=1&verify=true

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.25 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:04 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/58288/sync?uid=pa_aEyzvAyEtf32tPa1t&_origin=1&verify=true
date: Mon, 09 Jan 2023 22:31:04 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=opx
https://us-u.openx.net/w/1.0/sd?id=537114372&val=pa_aEyzvAyEtf32tPa1t

43 B
273 B

81ms
17ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537114372&val=pa_aEyzvAyEtf32tPa1t
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 22:31:04 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://us-u.openx.net/w/1.0/sd?id=537114372&val=pa_aEyzvAyEtf32tPa1t
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=rbcn
https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_aEyzvAyEtf32tPa1t

0
239 B

89ms
7ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_aEyzvAyEtf32tPa1t
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/
Protocol: HTTP/1.1
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

Location: https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_aEyzvAyEtf32tPa1t
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H/1.1

200
OK

cb
pixel-geo.prfct.co/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=goo
https://cm.g.doubleclick.net/pixel?google_nid=nowspots_bidder&google_hm=cGFfYUV5enZBeUV0ZjMydFBhMXQ
https://pixel-geo.prfct.co/cb?partnerId=goo

43 B
365 B

29ms
28ms

Image
image/gif

34.243.222.134
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-geo.prfct.co/cb?partnerId=goo
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/
Protocol: HTTP/1.1
Server: 34.243.222.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-243-222-134.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 09 Jan 2023 22:31:04 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pixel-geo.prfct.co/cb?partnerId=goo
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 240
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK /
pixel-geo.prfct.co/seg/ 43 B
365 B 108ms
108ms Image
image/gif 34.243.222.134
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-geo.prfct.co/seg/?add=4530935&source=js_tag&a_id=56252
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.243.222.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-243-222-134.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1

200
OK

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/seg?t=2&add=4530935
https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D4530935

43 B
1 KB

15ms
14ms

Image
image/gif

185.89.211.84
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D4530935

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

HTTP/1.1

Server

185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Jan 2023 22:31:04 GMT
AN-X-Request-Uuid: 04fb3aac-3ec7-47ea-bc96-de3dbe8b76e4
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 178.162.209.132; 178.162.209.132; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Date: Mon, 09 Jan 2023 22:31:04 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 178.162.209.132; 178.162.209.132; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 3cfccc34-999d-4005-91cc-2d4c7ee29fb7
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D4530935
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

OPTIONS
H2 200 links
api.rebrandly.com/v1/ Frame 0
0 590ms
96ms Preflight 3.217.136.129
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.rebrandly.com/v1/links
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.217.136.129 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-217-136-129.compute-1.amazonaws.com
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: apikey,content-type
Access-Control-Request-Method: POST
Origin: https://www.sentinelone.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,Accept,X-Access-Token,X-Key,apikey,Authorization,Workspace,x-http-verb,x-rebrandly-internal
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
access-control-allow-origin: *
access-control-max-age: 3600
date: Mon, 09 Jan 2023 22:31:05 GMT
x-powered-by: Express

POST
H2 403 links Show response
api.rebrandly.com/v1/ 152 B
629 B 205ms
205ms XHR
application/json 3.217.136.129
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.rebrandly.com/v1/links
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/jquery-3.5.1.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.217.136.129 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-217-136-129.compute-1.amazonaws.com
Software: / Express
Resource Hash: 03f94ea8844e57c376e7fa137ca45fedfd4282be27aaa3d3ce25afe79dd7e375

Request headers

Accept: */*
Referer: https://www.sentinelone.com/
apikey: 499c8e7548a643f090e8263994728de3
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 09 Jan 2023 22:31:05 GMT
x-rate-limit-reset-peak-ip: 1673303466537
x-powered-by: Express
x-rate-limit-first-expire-peak: 1673303466572
x-rate-limit-reset-peak: 1673303466572
x-rate-limit-remaining-peak-ip: 99
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
access-control-allow-origin: *
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-rate-limit-remaining-peak: 24
access-control-allow-headers: Content-Type,Accept,X-Access-Token,X-Key,apikey,Authorization,Workspace,x-http-verb,x-rebrandly-internal
content-length: 152
x-rate-limit-first-expire-peak-ip: 1673303466537

POST
H/1.1 200
OK sd Show response
api.brightfunnel.com/v1/ 4 B
523 B 731ms
575ms XHR
application/json 52.84.106.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.brightfunnel.com/v1/sd
Requested by: Host: munchkin.brightfunnel.com
URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.106.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-106-37.bud50.r.cloudfront.net
Software: /
Resource Hash: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Request headers

accept: application/json
Referer: https://www.sentinelone.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
content-type: application/x-www-form-urlencoded

Response headers

Date: Mon, 09 Jan 2023 22:31:05 GMT
Via: 1.1 4549c7f1695f03beb32f60cd903ff6c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: BUD50-C1
X-Amzn-Trace-Id: Root=1-63bc95a9-453441573fff7df17dac1f5a;Sampled=0
x-amzn-RequestId: 96117133-73f9-41d1-a7d4-e958c8bea646
X-Cache: Miss from cloudfront
Content-Type: application/json
Access-Control-Allow-Origin: *
Connection: keep-alive
x-amz-apigw-id: efxSdHrtIAMFz5Q=
Content-Length: 4
X-Amz-Cf-Id: cdnqXck5iLalCntiWEXPyez-Fok5UrkmZf9d9fqu6qYkyYq306GsfA==

GET
DATA 200
OK truncated
/ 817 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 6si.min.js Show response
j.6sc.co/ 31 KB
10 KB 73ms
8ms Script
application/javascript 184.30.220.95
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.220.95 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-220-95.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

eea93734d5f0032479fa252394415d53cbcd4e7bd6d54764543eaa8b7c9fd10c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 22:31:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 01 Dec 2022 20:20:43 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63890c9b-7ad6"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 10143
expires: Mon, 09 Jan 2023 22:31:05 GMT

GET
H2 204 0
bat.bing.com/action/ 0
175 B 30ms
29ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=134618848&tm=gtm002&Ver=2&mid=1fdbb25e-3532-44ad-8d26-95c14f11c4ba&sid=4dd72fc0906d11edbb99a9909b0c3113&vid=4dd74870906d11eda84ee5e4a52ec4db&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Black%20Basta%20Ransomware%20%7C%20Attacks%20Deploy%20Custom%20EDR%20Evasion%20Tools%20Tied%20to%20FIN7%20Threat%20Actor%20-%20SentinelOne&p=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&r=&lt=4596&evt=pageLoad&sv=1&rn=732809

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 09 Jan 2023 22:31:04 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8DC59D37D9CE45489943F7A1F1BB8D72 Ref B: FRAEDGE1411 Ref C: 2023-01-09T22:31:05Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 box-5e66f98b4ee957db209dc6f63e3d59dd.html Show response
vars.hotjar.com/ Frame 7AB3 2 KB
1 KB 35ms
8ms Document
text/html 143.204.215.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://vars.hotjar.com/box-5e66f98b4ee957db209dc6f63e3d59dd.html

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2714452.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.65 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-65.fra53.r.cloudfront.net

Software

Resource Hash

cbffce6f8642619af7ed7335e32750f7f2933765d32c113115da0710aa7deadc

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Referer: https://www.sentinelone.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3260943
cache-control: max-age=31536000
content-encoding: br
content-length: 1035
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 03 Dec 2022 04:42:02 GMT
etag: "e0652b84b7b3b650769c759fc520c3f8"
last-modified: Thu, 01 Dec 2022 13:36:28 GMT
strict-transport-security: max-age=2592000; includeSubDomains
vary: Accept-Encoding
via: 1.1 8d31bbd9d6638cdacab37047b8045da4.cloudfront.net (CloudFront)
x-amz-cf-id: R8mCzOKMRlYVqLeb6WGWsme-YhBrb1kimafQrI472Z3jweng0IJjhQ==
x-amz-cf-pop: FRA53-C1
x-cache: Hit from cloudfront
x-robots-tag: none

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 29 B
998 B 13ms
13ms XHR
application/json 185.89.211.84
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: munchkin.brightfunnel.com
URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

fbd24a6f8c65cb9b0f542091680c640c8c53dc88387a390b6b1f520455758bfd

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 09 Jan 2023 22:31:05 GMT
AN-X-Request-Uuid: b7942162-4011-46fd-a4b4-d4a92149c650
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.sentinelone.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 178.162.209.132; 178.162.209.132; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 29
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
205 B 105ms
53ms XHR
text/html 184.30.220.95
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: munchkin.brightfunnel.com
URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.220.95 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-220-95.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:05 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.sentinelone.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 24 B
264 B 365ms
18ms XHR
text/html 2a02:26f0:11a:39e::1c91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: munchkin.brightfunnel.com
URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a:39e::1c91 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: ea3936c658514ceedc75f1a29737460ae3b5857ee35ac58fa8510edf471548f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 22:31:05 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.sentinelone.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a00:c98:2050:a007:2::12
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 24
expires: Mon, 09 Jan 2023 22:31:05 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 352ms
300ms Image
image/gif 184.30.220.95
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=3576c97e67a9b7f8553a44ff1cc54791&svisitor=null&visitor=43f3504c-5d4c-4359-83e3-0703731e5ed0&session=374bb682-39ed-4b85-86ae-46e550561c36&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2009%20Jan%202023%2022%3A31%3A05%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Black%20Basta%20operational%20TTPs%20are%20described%20here%20in%20full%20detail%2C%20revealing%20previously%20unknown%20tools%20and%20techniques%20and%20a%20link%20to%20FIN7.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Black%20Basta%20Ransomware%20%7C%20Attacks%20Deploy%20Custom%20EDR%20Evasion%20Tools%20Tied%20to%20FIN7%20Threat%20Actor%20-%20SentinelOne%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&pageViewId=4f7b0d3d-052c-44a6-819d-6a8342fa1454&an_uid=6356309733316463134

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.220.95 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-220-95.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:05 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/2714452/ 148 B
322 B 349ms
34ms XHR
application/json 54.78.116.173
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/2714452/visit-data?sv=7
Requested by: Host: munchkin.brightfunnel.com
URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.78.116.173 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-116-173.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 7f8a5022df3199d1c0cfdc94abc6b80b1227adfbd5b36ebce0507a9e8a6df4e5

Request headers

Referer: https://www.sentinelone.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Mon, 09 Jan 2023 22:31:05 GMT
content-encoding: br
vary: Accept-Encoding
access-control-max-age: 86400
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, no-store
access-control-allow-credentials: true

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 756 B
592 B 24ms
10ms XHR
application/json 52.59.125.199
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: munchkin.brightfunnel.com
URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.59.125.199 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-59-125-199.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d96ac3de06de0a5a49356221469a414db632cd4486a405940cd839f8e23c1f83

Request headers

Referer: https://www.sentinelone.com/
accept-language: de-DE,de;q=0.9
Authorization: Token 8ba4c5a3fa178cfadac2b61291295db2874be830
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:05 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.sentinelone.com
access-control-allow-credentials: true
content-length: 404

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 206ms
8ms Preflight 52.59.125.199
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.59.125.199 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-59-125-199.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Origin: https://www.sentinelone.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.sentinelone.com
access-control-max-age: 1800
date: Mon, 09 Jan 2023 22:31:05 GMT
server: nginx

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 206ms
205ms Image
image/gif 184.30.220.95
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=3576c97e67a9b7f8553a44ff1cc54791&svisitor=null&visitor=43f3504c-5d4c-4359-83e3-0703731e5ed0&session=374bb682-39ed-4b85-86ae-46e550561c36&event=ipv6&q=%7B%22address%22%3A%222a00%3Ac98%3A2050%3Aa007%3A2%3A%3A12%22%7D&isIframe=false&m=%7B%22description%22%3A%22Black%20Basta%20operational%20TTPs%20are%20described%20here%20in%20full%20detail%2C%20revealing%20previously%20unknown%20tools%20and%20techniques%20and%20a%20link%20to%20FIN7.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Black%20Basta%20Ransomware%20%7C%20Attacks%20Deploy%20Custom%20EDR%20Evasion%20Tools%20Tied%20to%20FIN7%20Threat%20Actor%20-%20SentinelOne%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&pageViewId=4f7b0d3d-052c-44a6-819d-6a8342fa1454&an_uid=6356309733316463134

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.220.95 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-220-95.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:05 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 13ms
13ms Image
image/gif 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=414664578&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&ul=en-us&de=UTF-8&dt=Black%20Basta%20Ransomware%20%7C%20Attacks%20Deploy%20Custom%20EDR%20Evasion%20Tools%20Tied%20to%20FIN7%20Threat%20Actor%20-%20SentinelOne&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=6si_company_details&ea=6si_data_loaded&_u=aDDAAEADQAAAACAAI~&jid=&gjid=&cid=422762468.1673303464&tid=UA-38175129-1&_gid=1782668282.1673303464&gtm=2wg120KGGXSJ&cd1=&cd2=&cd3=&cd4=Germany&cd5=&z=1216927144

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 18:07:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 15815
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 552.2d6a2503-1220.js Show response
js-agent.newrelic.com/ 21 KB
6 KB 23ms
6ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/552.2d6a2503-1220.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2b2f88606e0e67ca512cb458ab89f1c48a1ea9109e28c7be9f925b59e478bafc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id: 7EjqUQ3uiXAFqO0VnIOp2ymSTJq3JZwD
content-encoding: gzip
via: 1.1 varnish
date: Mon, 09 Jan 2023 22:31:05 GMT
x-amz-request-id: VK0QWM2VRTJY8V95
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 5890
x-amz-id-2: wmuzrvcg6YDcsoba6NA9OyOy+IMSqIHwGz6dkv+/Gy8J8UbJbkXJEEtCHEgsPe5ERChb1CEDYUg=
x-served-by: cache-fra-eddf8230124-FRA
last-modified: Wed, 05 Oct 2022 14:53:43 GMT
server: AmazonS3
x-timer: S1673303466.637585,VS0,VE0
etag: "777ac0df4dba632ad1b2955c88dd51ac"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 72

GET
H2 200 290.2d6a2503-1220.js Show response
js-agent.newrelic.com/ 8 KB
4 KB 7ms
6ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/290.2d6a2503-1220.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e0a26a1ea9be40cca40ba8fa9085fc9114e14171022777b7e9010638cbde935b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id: C4hj6k9j4I7xXuTBZvcbX78Bf.Ep8KMk
content-encoding: gzip
via: 1.1 varnish
date: Mon, 09 Jan 2023 22:31:05 GMT
x-amz-request-id: VK0V74PZFC1H08GD
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 3424
x-amz-id-2: Br3+yjSpbP554tp3fNctHZ+rDEgP401do0/VqFhO9wo/n3omCdoH57ZypIAE+o6s0suipU18rLA=
x-served-by: cache-fra-eddf8230124-FRA
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
server: AmazonS3
x-timer: S1673303466.648125,VS0,VE0
etag: "13898fbb4d7a1f83fc6722c4c12faf40"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 113444

GET
H2 200 368.2d6a2503-1220.js Show response
js-agent.newrelic.com/ 3 KB
2 KB 7ms
6ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/368.2d6a2503-1220.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b82a7e3de0f28545976b6ea127ed6d815e1e675322e869f21532184a7244fc56

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id: zC.KoTaM7bjdFj.W4KQMilxtjXXSNPks
content-encoding: gzip
via: 1.1 varnish
date: Mon, 09 Jan 2023 22:31:05 GMT
x-amz-request-id: VK0PS4VF484S4RAC
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 1443
x-amz-id-2: PSCivvRPxkdDKWEJw7Px8+/FPjzxHb7BAbSROboqSjlvuPN9gnXmDyZRktDCyk//a8ix5Rt2Eus=
x-served-by: cache-fra-eddf8230124-FRA
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
server: AmazonS3
x-timer: S1673303466.648390,VS0,VE0
etag: "16b4f3676c3859e1378a2ccdebbad675"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 72

GET
H2 200 768.2d6a2503-1220.js Show response
js-agent.newrelic.com/ 5 KB
3 KB 8ms
7ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/768.2d6a2503-1220.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2e0409a5c07795fdd2e472e5fc8a723cf7076de849d5050966b5e2cc58741df5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id: 0CJw6LdyBdZcjhOiVrtC0pLcOFtA3d5G
content-encoding: gzip
via: 1.1 varnish
date: Mon, 09 Jan 2023 22:31:05 GMT
x-amz-request-id: VK0KD1R02SHSA4EE
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 2225
x-amz-id-2: vnofQ4ylgtcd2UjNej3ZgmC8pT2y9G4JM7cQWy4vHfhK0yKmgipEtl74leZF4Mb+9kRjfxq/Mg0=
x-served-by: cache-fra-eddf8230124-FRA
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
server: AmazonS3
x-timer: S1673303466.648650,VS0,VE0
etag: "d6cc8b42eda6fd7734014b03b87b5787"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 74

GET
H2 200 775.2d6a2503-1220.js Show response
js-agent.newrelic.com/ 1 KB
833 B 7ms
7ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/775.2d6a2503-1220.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 321caf3b5deae5f4be6261374b509b793eacc09762074aa1ae7471f7ad6369a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id: y1AQ2bnjUbwuFOuSS5MP1vew1dGw.1iz
content-encoding: gzip
via: 1.1 varnish
date: Mon, 09 Jan 2023 22:31:05 GMT
x-amz-request-id: VK0M3MBT3CPYM3Y3
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 632
x-amz-id-2: umGSDg9uFqpHGW9R43CySquaMXI42dLmo7YorM75J1lrJXGOwl3LBp8fCAsKzIPU6Ixvp/wqzr8=
x-served-by: cache-fra-eddf8230124-FRA
last-modified: Wed, 05 Oct 2022 14:53:42 GMT
server: AmazonS3
x-timer: S1673303466.648621,VS0,VE0
etag: "1dfdb74c0491489bf04c6deadb56add2"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 72

GET
H/1.1 200
OK NRJS-7f7a0b93139dcf56f90 Show response
bam.nr-data.net/1/ 49 B
518 B 603ms
573ms Script
text/javascript 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/NRJS-7f7a0b93139dcf56f90?a=773889139&v=1220.PROD&to=ZlwDMkMCWxJQUkdYXF8WIAVFCloPHkJaX1RdXA%3D%3D&rst=5298&ck=0&s=2745922ec0e6428c&ref=https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/&ap=453&be=1250&fe=4008&dc=3321&perf=%7B%22timing%22:%7B%22of%22:1673303460360,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:16,%22c%22:16,%22s%22:23,%22ce%22:36,%22rq%22:36,%22rp%22:1218,%22rpe%22:1226,%22dl%22:1221,%22di%22:4565,%22ds%22:4571,%22de%22:4596,%22dc%22:5258,%22l%22:5258,%22le%22:5260%7D,%22navigation%22:%7B%7D%7D&fp=3440&fcp=3440&at=ShsARAsYSBw%3D&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/552.2d6a2503-1220.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 Lake Oswego, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b91234b576455d66e12dd661a2539eb2418a831078ecef9ebc7f4bbd4e580d9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 09 Jan 2023 22:31:06 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Transfer-Encoding: chunked
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
access-control-allow-credentials: true
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
CF-Ray: 78709f048e449164-FRA

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 256ms
256ms Image
image/gif 184.30.220.95
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=3576c97e67a9b7f8553a44ff1cc54791&svisitor=null&visitor=43f3504c-5d4c-4359-83e3-0703731e5ed0&session=374bb682-39ed-4b85-86ae-46e550561c36&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2009%20Jan%202023%2022%3A31%3A06%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2009%20Jan%202023%2022%3A31%3A05%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Black%20Basta%20operational%20TTPs%20are%20described%20here%20in%20full%20detail%2C%20revealing%20previously%20unknown%20tools%20and%20techniques%20and%20a%20link%20to%20FIN7.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Black%20Basta%20Ransomware%20%7C%20Attacks%20Deploy%20Custom%20EDR%20Evasion%20Tools%20Tied%20to%20FIN7%20Threat%20Actor%20-%20SentinelOne%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&pageViewId=4f7b0d3d-052c-44a6-819d-6a8342fa1454&an_uid=6356309733316463134

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.220.95 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-220-95.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:06 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 test Show response
cdn.abrankings.com/ 2 B
419 B 71ms
55ms XHR
application/json 2600:9000:223d:d200:11:8a36:7200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.abrankings.com/test?url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&abr_id=1280
Requested by: Host: munchkin.brightfunnel.com
URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:d200:11:8a36:7200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-my-header: my-header-content
date: Mon, 09 Jan 2023 22:31:06 GMT
content-encoding: gzip
via: 1.1 d9523e44e96d2539081596bb1d268d44.cloudfront.net (CloudFront)
server: nginx/1.20.1
x-amz-cf-pop: FRA56-P3
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: *
x-cache: Miss from cloudfront
cache-control: max-age=60, public
x-amz-cf-id: wat-6h4FJhQn7BR74EYa49cfJxItaqe6Zup0zgOAMJyxoc3LXiTC1w==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 243ms
243ms Image
image/gif 184.30.220.95
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=3576c97e67a9b7f8553a44ff1cc54791&svisitor=null&visitor=43f3504c-5d4c-4359-83e3-0703731e5ed0&session=374bb682-39ed-4b85-86ae-46e550561c36&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2009%20Jan%202023%2022%3A31%3A07%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2009%20Jan%202023%2022%3A31%3A06%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Black%20Basta%20operational%20TTPs%20are%20described%20here%20in%20full%20detail%2C%20revealing%20previously%20unknown%20tools%20and%20techniques%20and%20a%20link%20to%20FIN7.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Black%20Basta%20Ransomware%20%7C%20Attacks%20Deploy%20Custom%20EDR%20Evasion%20Tools%20Tied%20to%20FIN7%20Threat%20Actor%20-%20SentinelOne%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&pageViewId=4f7b0d3d-052c-44a6-819d-6a8342fa1454&an_uid=6356309733316463134

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.220.95 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-220-95.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:07 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 267ms
266ms Image
image/gif 184.30.220.95
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=3576c97e67a9b7f8553a44ff1cc54791&svisitor=null&visitor=43f3504c-5d4c-4359-83e3-0703731e5ed0&session=374bb682-39ed-4b85-86ae-46e550561c36&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2009%20Jan%202023%2022%3A31%3A08%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2009%20Jan%202023%2022%3A31%3A07%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%223006%22%7D&isIframe=false&m=%7B%22description%22%3A%22Black%20Basta%20operational%20TTPs%20are%20described%20here%20in%20full%20detail%2C%20revealing%20previously%20unknown%20tools%20and%20techniques%20and%20a%20link%20to%20FIN7.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Black%20Basta%20Ransomware%20%7C%20Attacks%20Deploy%20Custom%20EDR%20Evasion%20Tools%20Tied%20to%20FIN7%20Threat%20Actor%20-%20SentinelOne%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&pageViewId=4f7b0d3d-052c-44a6-819d-6a8342fa1454&an_uid=6356309733316463134

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.220.95 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-220-95.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:08 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 522ms
522ms Image
image/gif 184.30.220.95
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=3576c97e67a9b7f8553a44ff1cc54791&svisitor=null&visitor=43f3504c-5d4c-4359-83e3-0703731e5ed0&session=374bb682-39ed-4b85-86ae-46e550561c36&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2009%20Jan%202023%2022%3A31%3A09%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2009%20Jan%202023%2022%3A31%3A08%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%224009%22%7D&isIframe=false&m=%7B%22description%22%3A%22Black%20Basta%20operational%20TTPs%20are%20described%20here%20in%20full%20detail%2C%20revealing%20previously%20unknown%20tools%20and%20techniques%20and%20a%20link%20to%20FIN7.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Black%20Basta%20Ransomware%20%7C%20Attacks%20Deploy%20Custom%20EDR%20Evasion%20Tools%20Tied%20to%20FIN7%20Threat%20Actor%20-%20SentinelOne%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&pageViewId=4f7b0d3d-052c-44a6-819d-6a8342fa1454&an_uid=6356309733316463134

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.220.95 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-220-95.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:09 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 255ms
255ms Image
image/gif 184.30.220.95
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=3576c97e67a9b7f8553a44ff1cc54791&svisitor=null&visitor=43f3504c-5d4c-4359-83e3-0703731e5ed0&session=374bb682-39ed-4b85-86ae-46e550561c36&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2009%20Jan%202023%2022%3A31%3A10%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2009%20Jan%202023%2022%3A31%3A09%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225010%22%7D&isIframe=false&m=%7B%22description%22%3A%22Black%20Basta%20operational%20TTPs%20are%20described%20here%20in%20full%20detail%2C%20revealing%20previously%20unknown%20tools%20and%20techniques%20and%20a%20link%20to%20FIN7.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Black%20Basta%20Ransomware%20%7C%20Attacks%20Deploy%20Custom%20EDR%20Evasion%20Tools%20Tied%20to%20FIN7%20Threat%20Actor%20-%20SentinelOne%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&pageViewId=4f7b0d3d-052c-44a6-819d-6a8342fa1454&an_uid=6356309733316463134

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.220.95 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-220-95.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 22:31:10 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET img.gif
b.6sc.co/v1/beacon/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=310158bdd1af84d475fdfad436b9d61d

Domain: b.6sc.co
URL: https://b.6sc.co/v1/beacon/img.gif?token=3576c97e67a9b7f8553a44ff1cc54791&svisitor=null&visitor=43f3504c-5d4c-4359-83e3-0703731e5ed0&session=374bb682-39ed-4b85-86ae-46e550561c36&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2009%20Jan%202023%2022%3A31%3A11%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2009%20Jan%202023%2022%3A31%3A10%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226011%22%7D&isIframe=false&m=%7B%22description%22%3A%22Black%20Basta%20operational%20TTPs%20are%20described%20here%20in%20full%20detail%2C%20revealing%20previously%20unknown%20tools%20and%20techniques%20and%20a%20link%20to%20FIN7.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Black%20Basta%20Ransomware%20%7C%20Attacks%20Deploy%20Custom%20EDR%20Evasion%20Tools%20Tied%20to%20FIN7%20Threat%20Actor%20-%20SentinelOne%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&pageViewId=4f7b0d3d-052c-44a6-819d-6a8342fa1454&an_uid=6356309733316463134

Verdicts & Comments Add Verdict or Comment

139 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

46 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.sentinelone.com/	1969-12-31 23:59:59	Name: __cfredirector_sm Value: DE
.go.sentinelone.com/	1970-01-20 08:48:25	Name: __cf_bm Value: KXDg7XG98HtTyRylIA9w9cq4rY72WfZBor7444AfH2w-1673303461-0-AfM+LjVtHOqQAgdrXflLnnFEpUJe4U/rhDAEhHRdwCAxA3K459ZBG86Njh+0kWZZ/G8naKcKk2ZdZEKno1sIhDg=
.sentinelone.com/	1970-01-20 18:24:23	Name: _ga_KJPGLC9EVP Value: GS1.1.1673303463.1.0.1673303463.0.0.0
.sentinelone.com/	1970-01-20 10:57:59	Name: _gcl_au Value: 1.1.1028553306.1673303464
.bing.com/	1970-01-20 18:09:59	Name: MUID Value: 0568E98444DD62B32DB1FB1045B66397
.sentinelone.com/	1970-01-20 18:24:23	Name: _ga Value: GA1.2.422762468.1673303464
.sentinelone.com/	1970-01-20 08:49:49	Name: _gid Value: GA1.2.1782668282.1673303464
.sentinelone.com/	1970-01-20 08:48:23	Name: _gat_UA-38175129-1 Value: 1
www.sentinelone.com/	1970-01-20 08:49:49	Name: ln_or Value: eyI0MzI4OTAiOiJkIn0%3D
.t.co/	1970-01-20 18:24:23	Name: muc_ads Value: 28b997f9-151d-4dff-b798-8939be9ba910
.sentinelone.com/	1970-01-20 18:24:23	Name: _mkto_trk Value: id:327-MNM-087&token:_mch-sentinelone.com-1673303464267-29435
.linkedin.com/	1970-01-20 09:31:35	Name: UserMatchHistory Value: AQJOMvmpWGmiXQAAAYWYqJkrItKiPFKPdkPC15t58hBrug23Ho6RvK85gUr_n6d-FULpk68gfHEgmQ
.linkedin.com/	1970-01-20 09:31:35	Name: AnalyticsSyncHistory Value: AQJe3GHa3FyhNgAAAYWYqJkrtpzbhQtQciGB0_4dq42uABFPy1n34cmdHBNk1YfBJzNSqcUcMrwECWhbovqvOg
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 17:33:59	Name: bcookie Value: "v=2&1b3a2036-8ddb-48fe-8ce3-9645911aeecb"
.linkedin.com/	1970-01-20 08:49:49	Name: lidc Value: "b=TGST05:s=T:r=T:a=T:p=T:g=2689:u=1:x=1:i=1673303464:t=1673389864:v=2:sig=AQE2AUax98QXK_FAPySIx4zTv0l6zUM4"
.prfct.co/	1970-01-20 18:24:23	Name: pa_uid Value: pa_aEyzvAyEtf32tPa1t
.prfct.co/	1970-01-20 18:24:23	Name: pa_twitter_ts Value: 1673303464370
.prfct.co/	1970-01-20 18:24:23	Name: pa_yahoo_ts Value: 1673303464399
go.sentinelone.com/	1969-12-31 23:59:59	Name: BIGipServerab14web-nginx-app_https Value: !hKNVevwJO4HbBpvn/+ZT2Dlakae2C0BPienj3M18WCeb+7mPHu5W75t4fV9oEReHDXX7oj1LZf8tY3Y=
.prfct.co/	1970-01-20 18:24:23	Name: pa_openx_ts Value: 1673303464429
.prfct.co/	1970-01-20 18:24:23	Name: pa_rubicon_ts Value: 1673303464433
.prfct.co/	1970-01-20 18:24:23	Name: pa_google_ts Value: 1673303464436
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 17:33:59	Name: bscookie Value: "v=1&20230109223104a6de59c7-879e-42b0-89e8-d4c096958cccAQGR3gXcd0jCwI6bRMVffV5rFSOi_FB5"
.linkedin.com/	1970-01-20 13:07:35	Name: li_gc Value: MTswOzE2NzMzMDM0NjQ7MjswMjGmd3pzqUBMIjWnHtIPo4SwN6DG6tSNkkjqZ8JzOfyT0Q==
.yahoo.com/	1970-01-20 17:34:21	Name: A3 Value: d=AQABBKiVvGMCEEvcfKt56QPbq4fVBurW5-AFEgEBAQHnvWPGYwAAAAAA_eMAAA&S=AQAAAipVotW5H_0uBi5xRGxULvs
.analytics.yahoo.com/	1970-01-20 17:33:59	Name: IDSYNC Value: 18z4~29by
.twitter.com/	1970-01-20 18:24:23	Name: personalization_id Value: "v1_oZ5nbZqv3lrEQVobut2H1A=="
.doubleclick.net/	1970-01-20 18:09:59	Name: IDE Value: AHWqTUmZsyiDZZRtWiEIZVBzo72to8WpQVkD32i5U-zn0tpZLzACqATSDIcpUheVqls
.adnxs.com/	1970-01-20 10:57:59	Name: uuid2 Value: 6356309733316463134
.adnxs.com/	1970-01-20 10:57:59	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2E?^l9>BX!]tbP6j2F-XstGt!@DzD$zYf)
.sentinelone.com/	1970-01-20 17:26:47	Name: bf_lead Value: gd0fpvfaui000
.sentinelone.com/	1970-01-20 17:33:59	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Mon+Jan+09+2023+22%3A31%3A04+GMT%2B0000+(GMT)&version=6.23.0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fblack-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor%2F&groups=C0003%3A0%2CC0001%3A1%2CC0002%3A0%2CC0004%3A0
.sentinelone.com/	1970-01-20 08:49:49	Name: _uetsid Value: 4dd72fc0906d11edbb99a9909b0c3113
.sentinelone.com/	1970-01-20 18:09:59	Name: _uetvid Value: 4dd74870906d11eda84ee5e4a52ec4db
www.sentinelone.com/	1970-01-20 08:58:28	Name: _an_uid Value: 6356309733316463134
www.sentinelone.com/	1970-01-20 18:24:23	Name: _gd_visitor Value: 43f3504c-5d4c-4359-83e3-0703731e5ed0
www.sentinelone.com/	1970-01-20 08:48:37	Name: _gd_session Value: 374bb682-39ed-4b85-86ae-46e550561c36
.sentinelone.com/	1970-01-20 17:33:59	Name: _hjSessionUser_2714452 Value: eyJpZCI6IjlhMDRiOTc3LTI3NGUtNWQxMi1hYzJlLTg1NjNkZjA1OTdhZSIsImNyZWF0ZWQiOjE2NzMzMDM0NjQyMzIsImV4aXN0aW5nIjpmYWxzZX0=
.sentinelone.com/	1970-01-20 08:48:25	Name: _hjFirstSeen Value: 1
www.sentinelone.com/	1970-01-20 08:48:23	Name: _hjIncludedInSessionSample Value: 0
.sentinelone.com/	1970-01-20 08:48:25	Name: _hjSession_2714452 Value: eyJpZCI6IjM2NzJkODg1LTA4YjYtNDIwYS04ZGQxLTI3YTJiZjcxYjI0YyIsImNyZWF0ZWQiOjE2NzMzMDM0NjUwNzQsImluU2FtcGxlIjpmYWxzZX0=
www.sentinelone.com/	1970-01-20 08:48:23	Name: _hjIncludedInPageviewSample Value: 1
.sentinelone.com/	1970-01-20 08:48:25	Name: _hjAbsoluteSessionInProgress Value: 0
.6sc.co/	1970-01-20 18:24:23	Name: 6suuid Value: 0c84140224670000a995bc6363020000d7873000

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/(Line 569) Message: Access to script at 'https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=310158bdd1af84d475fdfad436b9d61d' from origin 'https://www.sentinelone.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=310158bdd1af84d475fdfad436b9d61d Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://www.sentinelone.com/wp-json/wordpress-popular-posts/v1/popular-posts Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rebrandly.com/v1/links Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' http://sentinelone.lookbookhq.com https://sentinelone.lookbookhq.com http://sentinelone.pathfactory.com https://sentinelone.pathfactory.com http://assets.sentinelone.com https://assets.sentinelone.com https://app.scalyr.com https://app.eu.scalyr.com localhost;
Strict-Transport-Security	max-age=15768000;, max-age=300
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10466992.fls.doubleclick.net
327-mnm-087.mktoresp.com
a.quora.com
adservice.google.com
adservice.google.de
analytics.twitter.com
api.brightfunnel.com
api.rebrandly.com
b.6sc.co
bam.nr-data.net
bat.bing.com
c.6sc.co
cdn.abrankings.com
cdn.cookielaw.org
cdn.linkedin.oribi.io
cdn.onesignal.com
cloud.typography.com
cm.g.doubleclick.net
de.sentinelone.com
epsilon.6sense.com
fonts.googleapis.com
fonts.gstatic.com
ga.clearbit.com
geolocation.onetrust.com
go.sentinelone.com
googleads.g.doubleclick.net
in.hotjar.com
ipv6.6sc.co
j.6sc.co
js-agent.newrelic.com
munchkin.brightfunnel.com
munchkin.marketo.net
pixel-geo.prfct.co
pixel.rubiconproject.com
px.ads.linkedin.com
px4.ads.linkedin.com
q.quora.com
region1.google-analytics.com
script.hotjar.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
tag.marinsm.com
ups.analytics.yahoo.com
us-u.openx.net
vars.hotjar.com
www.google-analytics.com
www.google.com
www.google.de
www.googleoptimize.com
www.googletagmanager.com
www.linkedin.com
www.sentinelone.com
b.6sc.co
cdn.onesignal.com
104.17.70.206
104.244.42.197
104.244.42.67
104.26.2.18
104.76.151.226
13.107.42.14
142.250.186.134
143.204.215.116
143.204.215.65
151.101.0.65
151.101.66.137
162.159.152.17
162.247.241.14
172.217.18.2
18.171.23.207
18.214.27.153
184.30.220.95
185.89.211.84
192.28.144.124
199.232.16.157
2001:4860:4802:34::36
23.45.104.85
2600:9000:206f:d800:2:53b2:240:93a1
2600:9000:223d:d200:11:8a36:7200:93a1
2606:4700::6810:9540
2606:4700::6812:1b55
2620:12a:8001::2
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:809::200e
2a00:1450:4001:80e::2002
2a00:1450:4001:811::2002
2a00:1450:4001:827::2008
2a00:1450:4001:82f::2003
2a00:1450:4001:831::200e
2a00:1450:400c:c00::9a
2a00:1450:400d:802::2002
2a00:1450:400d:806::200a
2a00:1450:400d:80c::2004
2a02:26f0:11a:39e::1c91
2a02:26f0:11a::217:9a4a
3.126.56.137
3.217.136.129
34.243.222.134
35.244.159.8
52.59.125.199
52.84.106.37
54.78.116.173
65.9.66.114
69.173.144.138
99.86.240.71
012743d9f8e3a8cb9fd4a9466aa2eb026a53d446d530d60440463e555ad0fc87
03f94ea8844e57c376e7fa137ca45fedfd4282be27aaa3d3ce25afe79dd7e375
04e86fcf247e2d9809596331db17a2a0d3efe9c9bf1d8d9babd04645286ee68c
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849
0cfc74f37470c666d6ac10d4d7a933b923c13b29879134c0866c7de7dcee0310
13cbbb338296f5381fc4557ac240e43d375fbe34b875cbde78200fd8e6826fca
145287b36883dd3061ca7aa9229a8fa9ace2cccd50e0382b4b6201f3916b57c5
157bf3443291b2ce103e03db40917ba47696a6a5d6626df4d996d260d09eb990
1f4513a435d6a3047d20a50c1e7d4263de42146c74be227f774b5e82e6357e75
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2b2f88606e0e67ca512cb458ab89f1c48a1ea9109e28c7be9f925b59e478bafc
2da4a62da9a64946cd02ac4477322b686b6a3699287546b09e511dbf001c2699
2e0409a5c07795fdd2e472e5fc8a723cf7076de849d5050966b5e2cc58741df5
2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659
30590015a27861fd93b46d6eecac613beb0d8a6570d3619fca8e1d8c9d258e45
3109fef8b2a9ab71fca698483d2bae36d8fed772517c259dacce872e739bb690
3168426c11618154286c149c3fd10842ec5785c180c193de80b2fcece300eddb
321caf3b5deae5f4be6261374b509b793eacc09762074aa1ae7471f7ad6369a3
3b3c7778ba4e247b97d37e9559528c0f1524faf72de80d4312a322e5e2420d65
3b65bf8781a1a5df9a6dfa12398a526ee429ea56ab9e32e3be8de48ebdd8caca
3d277a90920d78efa3d6e473d67240beb26100591c7b02a34bd444aa78ee5d5c
3ebf3641230e5352e553afa3f4f378f8e621017899a99d0c6de417fdeaba3958
3fe29b8c78990a7b9438b55099db5603e79ad1438a8c3efab09cedf8eb415b66
444c83e95470e69f7355fcdb3a370c872025ae298b139090ff9f194ce28dea5b
49f1fe168324ed0f76fbbab536b991c992296cd48da5ce9dd8bc8ea55e2ef946
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
516cbc569d4e8f15ac7917f186a911d85fd0aaca2d0ca074a6583e95486af856
5466092ef0deb16007dc2e8e61eb345b380ab6663bd3ef41808ffb7360abd61a
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa
5a164c7c15f8197903a11533e5fe6894fc3e75abf931897d86d039d0661e4bfc
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57
6076a1df63a6d3c892634a3486eff4a37b59b7479dbff70adaaee5fda5074b88
62f3f809487194fcc55a3ebd88811a604ae496027bb425d4ebd15d9ae1921945
64d117a5cdaf7b8aa3bc5ff1abeec0e1d98b834782d49f34260c4e1ecc7ec4c2
6782c26e66d8abbe5816cd0222f41c431399582ce9b59805bffda7572e7ba288
6b51a1a094b7dcbf4845a48d1353a9efdae95922cc8c000c7c66e152d5082399
700c8bd73d93522ca53cdc35e2a71e96caf7c344bc7a8391f3af90c10b917033
717f6bb5f6cc69c444f54376a72dee0ca7968b2a12e7c9475247ec85c0e75a53
72044fff34fd2acb43fd24102aab743138feee44f2ecbba56ada534b61d4724c
72562f00bd821b6edc0368065bf009468955ba01f8ead742d8bbc2470c4358c4
72b8e81a5582a445d21a0399e1dd970cdd496eeb8482223acccffc3e27773221
72fc1a57801612f9e297e1c1954410ff840c40e713a6b4b40b2596e80338c2ee
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
745e4ec5e982d8150fcfb3fe3a6d04c6e6be34c3fd5785c76ac6ae4d370736b8
792074561f2d94442c8648916f41fc6016817b61d554daa9c67301aeecca14bb
7a03a996827ae51fa30beda81cc22982256a33bb38cbe949f4ccb19748c2b942
7a573e16342f6fa34d336eb60df65489d8f7761c4936384810c1eae75bca723d
7a5d0f939c5224a8efb5b96759dd0509360b5d071774bb702f788f37a00a8426
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7f8a5022df3199d1c0cfdc94abc6b80b1227adfbd5b36ebce0507a9e8a6df4e5
8239c9d2df4e5e7eef079789133d9c6a158b6605664d6149551bc6e6e8547392
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85ef29f5b0dc32924443c0574809da5c9881ecd615159b38e5f756ce2d5aa2c5
91a50850c517899e1c975079158949f7a500ddf5a7307fe36bf50092926beedc
93b12b09303e15dfcf3b0db83c50891de208da0af7ce76233baed85160941b25
95039f1bf174bcbff2eb5d161e9ab5d4c9cb95e726af94efba4f79a907aa1a47
95f35e1959ce4156ff0c8342109ccbf64e6bbe029221053fed01d0e54e66be92
96a1d0071b990a791f9b2e1cd7d99ca4b41d798833e98279f22e00720ce45365
99ac0e388250281fe8851ef71799b3222bab0db5612c2c17deba3962626e0ec1
9a3d1f5824ad4bd991a67acab64088920e43d25545ca6b4cb78736dc35b696a3
9a5b709b5064f9f009289f9c9bc810c35502cbcc0bf41b1347599b640e8220d1
9bb89cb08ac1c1b96dd4325b9abf1bf7c70f45e7aec1f7b1f5005fda87af572f
9bcdb94ad74931ea092ec31ed6aa7b1d7addd5cf819e8d374cd57883db25204a
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a15bef5551f730c8269a1cba57c370099d559defd996193c80a477c411081ca2
ac4de418f56efb62be153e101f32d8fca408447af165aa5dc0244df6db6bab3c
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
adc0e2dacc10d6d2acec5ffc5b5346f30a3424ea0bfccff7b902b6a594878a18
adedd0befd73ee02e5480f500d1c8518bc6ab5ec39f4f06024102f53e8c0a683
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b66e62306d1b6f738c7095c9577957ff21f80d62ed611768eee45d1cf833512c
b82a7e3de0f28545976b6ea127ed6d815e1e675322e869f21532184a7244fc56
b91234b576455d66e12dd661a2539eb2418a831078ecef9ebc7f4bbd4e580d9c
ba0429c39149c85d1a9b6d03e40a59de57367d1fd22bbab68bee7e0b17c05f2d
bf2bfa6f48358382c7eb5c52079df532bae3d1d041cefe81530ddc9a4ec5eb29
bf9a0c280ee8c722e9754fb796c271e6edf87dec1af693bfc8cfedd8b8e6aff0
c254279147099e0b696b281d62b436b8aed42fb0f3abf1ba17abc398ca6c90e2
c2ab5254855742aebaefe6be648c2b6ab7717dfe88c06daecfd7ae1980d3ce26
c485fb4fc68dde813205e42fbf0aba1a9bb9986b1bcacd4b8d981df8702aa1f6
c66c8be72f0f2c0a85d3693ebd2e5a480c5b1d4e705c065cd7117dddfe3f6957
ca8e60ba9a281ae41f019d64c681ba7b523d7b9c839db4d41eb042dcbaad8b7a
ca9b10dd6f91b1495f2f5afb055e060c55a5cc89e12c435e383cc1998741a739
cbffce6f8642619af7ed7335e32750f7f2933765d32c113115da0710aa7deadc
ccd548e752c5194c21a3d83711ae71990d66ea1a932bb37db82c0209c602329f
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d02e464ddf2e31d6f1a2c2be6d4fe08d472be421fdd5990fb6b45a4a9b32169f
d0d937b32b0a1fa6bbdcc5389f695a36147c1b3ba869ecc507b765adf0300393
d39dbcbab2612e0517746e01444d3eff25e08911bee4941263c89d6c5df78fac
d692a67352a3dfa80010c86a62761cfff05c0b1086618106a8576cc45a6a8115
d96ac3de06de0a5a49356221469a414db632cd4486a405940cd839f8e23c1f83
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
dc78454a6c5b509cb705feac59bcd550340250905a9af37d74c3bbf57ccc9425
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd7ec90bdddc830689a2a4e0b9d3864cd99aa688309ce12c36c625bb5c154398
de02e745c51299417a1126c3707d033de02baef0f9be8fed07185c1a6b74eac1
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de51ba53b38ba54ff68c8d8446802ae1a917d5c456494d88e3bb9d488dc605b9
e0a26a1ea9be40cca40ba8fa9085fc9114e14171022777b7e9010638cbde935b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea18ca3fe3ae4d94d21bb36a2912258193fb4f257be81be3dabe0e3809a312e5
ea3936c658514ceedc75f1a29737460ae3b5857ee35ac58fa8510edf471548f2
eae2c34014a512a5bebe4a87261c00c87807d4d185dfe1bc0cc09eae0592e6ae
eb14baeac955bb11e33cd7fd3fd2f698cf20db1b450325f45ea843b6cdc82366
ebd778095a50233e4ece49f4a059c402c752962ea7535922000e7204d393a94e
ed65a2ee564a45f9542821212c663182e3832ac3483e597aa67388e9b48fb52d
eea93734d5f0032479fa252394415d53cbcd4e7bd6d54764543eaa8b7c9fd10c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0dbd5ad7b0ead52f6375610e738f5727261715f392d0892047e160f50138f5d
f2c4b7d20ff42a433d0c76631c460cd75128f8f0436d052ce2cf79dc4fa6a244
f7b78ab3994d3f6de37b359cc3d243d44caca23578c342b6f3966dda1cb9fd70
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f9b186212bf7ea8fcf0a7a0df9ea09ebc2b1fa4e49126c24c79e992b40d7fa48
fbd24a6f8c65cb9b0f542091680c640c8c53dc88387a390b6b1f520455758bfd
fcecb97c12786d7a9387a81e74e4179790fd84425c9c75be1aec3aed645bf6e2
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.sentinelone.com Open in urlscan Pro 104.26.2.18 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

138 Requests

72 %HTTPS

39 %IPv6

38 Domains

56 Subdomains

49 IPs

7 Countries

1968 kBTransfer

4805 kBSize

46 Cookies

45 Outgoing links

Redirected requests

138 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

www.sentinelone.com Open in urlscan Pro
104.26.2.18 Public Scan

Screenshot
Live screenshot

Full Image

138
Requests

72 %
HTTPS

39 %
IPv6

38
Domains

56
Subdomains

49
IPs

7
Countries

1968 kB
Transfer

4805 kB
Size

46
Cookies

138 HTTP transactions
12 data transactions