analyst1.com Open in urlscan Pro
2606:4700:10::6816:34bf Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/MVbNeqV8MT
Effective URL:
https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
Submission: On September 01 via manual (September 1st 2023, 8:18:50 am UTC) from BG — Scanned from DE

Summary HTTP 114 Redirects Links 47 Behaviour Indicators

Summary

This website contacted 35 IPs in 4 countries across 29 domains to perform 114 HTTP transactions. The main IP is 2606:4700:10::6816:34bf, located in United States and belongs to CLOUDFLARENET, US. The main domain is analyst1.com.
TLS certificate: Issued by GTS CA 1P5 on July 20th 2023. Valid for: 3 months.

This is the only time analyst1.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
48	2606:4700:10:... 2606:4700:10::6816:34bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:803::200a	15169 (GOOGLE) (GOOGLE)
8	2606:4700:10:... 2606:4700:10::6816:46c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:812::2008	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:bf59	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a02:26f0:310... 2a02:26f0:3100::1735:2a09	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:200... 2a04:4e42:200::396	54113 (FASTLY) (FASTLY)
1	2606:4700:440... 2606:4700:4400::ac40:973c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.107.254.219 34.107.254.219	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4	52.58.93.237 52.58.93.237	16509 (AMAZON-02) (AMAZON-02)
1	18.66.97.10 18.66.97.10	16509 (AMAZON-02) (AMAZON-02)
1 2	185.89.211.116 185.89.211.116	29990 (ASN-APPNEX) (ASN-APPNEX)
2	2606:4700::68... 2606:4700::6811:5b9a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:22e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:e3a3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:4dba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c0b::9b	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1	151.101.1.140 151.101.1.140	54113 (FASTLY) (FASTLY)
1	52.222.236.74 52.222.236.74	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5	2600:9000:20e... 2600:9000:20eb:7a00:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:806::2013	15169 (GOOGLE) (GOOGLE)
1	54.155.111.130 54.155.111.130	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:cbcc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:a07d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
114	35

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

48 2606:4700:10::6816:34bf (United States)

ASN13335 (CLOUDFLARENET, US)

analyst1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:10::6816:46c5 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:bf59 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:3100::1735:2a09 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:973c (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.254.219 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 219.254.107.34.bc.googleusercontent.com

www.influ2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.58.93.237 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-93-237.eu-central-1.compute.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.10 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-10.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.211.116 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:5b9a (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:22e5 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e3a3 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4dba (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0b::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.236.74 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-74.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:20eb:7a00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

t.influ2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.155.111.130 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-155-111-130.eu-west-1.compute.amazonaws.com

content.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:cbcc (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:a07d (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
48	analyst1.com analyst1.com	3 MB
8	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 3884	30 KB
6	gstatic.com fonts.gstatic.com	128 KB
5	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 365 www.linkedin.com — Cisco Umbrella Rank: 625 px4.ads.linkedin.com — Cisco Umbrella Rank: 6371	5 KB
5	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 881	2 KB
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 2921	9 KB
4	licdn.com snap.licdn.com — Cisco Umbrella Rank: 760	12 KB
3	google.de www.google.de — Cisco Umbrella Rank: 6457	669 B
3	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3238 www.google.com — Cisco Umbrella Rank: 2	813 B
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 13737 ibc-flow.techtarget.com — Cisco Umbrella Rank: 16112	2 KB
3	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 40 stats.g.doubleclick.net — Cisco Umbrella Rank: 87	2 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4723 forms.hscollectedforms.net — Cisco Umbrella Rank: 4839	26 KB
2	adnxs.com 1 redirects secure.adnxs.com — Cisco Umbrella Rank: 450	1 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 727 script.hotjar.com — Cisco Umbrella Rank: 906	59 KB
2	influ2.com www.influ2.com — Cisco Umbrella Rank: 51258 t.influ2.com — Cisco Umbrella Rank: 50055	3 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 35	21 KB
2	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2386	2 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 47	174 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 41	2 KB
1	hubspot.com track.hubspot.com — Cisco Umbrella Rank: 2299	1 KB
1	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4292	1016 B
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 3439	1 KB
1	hotjar.io content.hotjar.io — Cisco Umbrella Rank: 6322	161 B
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 1523	637 B
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2155	21 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3144	3 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2156	16 KB
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1344	8 KB
1	t.co t.co — Cisco Umbrella Rank: 577	581 B
114	29

	Domain	Requested by
48	analyst1.com	t.co analyst1.com script.hotjar.com
8	static.addtoany.com	analyst1.com static.addtoany.com
6	fonts.gstatic.com	fonts.googleapis.com
5	cdn.linkedin.oribi.io	snap.licdn.com
4	tags.srv.stackadapt.com	t.co tags.srv.stackadapt.com
4	snap.licdn.com	www.googletagmanager.com snap.licdn.com js.hsadspixel.net
3	px.ads.linkedin.com	3 redirects
3	www.google.de	analyst1.com
2	ibc-flow.techtarget.com	trk.techtarget.com
2	www.google.com	analyst1.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	secure.adnxs.com	1 redirects analyst1.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	js.hs-scripts.com	analyst1.com
2	www.googletagmanager.com	analyst1.com www.googletagmanager.com
2	fonts.googleapis.com	analyst1.com
1	track.hubspot.com
1	forms.hsforms.com	analyst1.com
1	api.hubapi.com	js.hsadspixel.net
1	content.hotjar.io	script.hotjar.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	t.influ2.com	www.influ2.com
1	px4.ads.linkedin.com	analyst1.com
1	www.linkedin.com	1 redirects
1	script.hotjar.com	static.hotjar.com
1	alb.reddit.com	analyst1.com
1	region1.analytics.google.com	www.googletagmanager.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hsadspixel.net	js.hs-scripts.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hscollectedforms.net	js.hs-scripts.com
1	static.hotjar.com	t.co
1	www.influ2.com	www.googletagmanager.com
1	trk.techtarget.com	t.co
1	www.redditstatic.com	www.googletagmanager.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	t.co
114	37

This site contains links to these domains. Also see Links.

Domain
www.addtoany.com
www.bleepingcomputer.com
twitter.com
blog.bushidotoken.net
www.trellix.com
www.justice.gov
home.treasury.gov
www.mandiant.com
intel471.com
en.wikipedia.org
www.engadget.com
www.computerweekly.com
web.archive.org
www.sentinelone.com
www.malwarebytes.com
darktrace.com
www.tetrane.com
krebsonsecurity.com
therecord.media
thehackernews.com
www.scientificamerican.com
cybernews.com
www.techradar.com
www.dni.gov
www.linkedin.com
www.facebook.com
digitalsilk.com
wordpress.org

Subject Issuer	Validity	Valid
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
analyst1.com GTS CA 1P5	`2023-07-20` - `2023-10-18`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-04` - `2024-05-03`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-25` - `2024-02-21`	6 months	crt.sh
influ2.com GTS CA 1D4	`2023-08-05` - `2023-11-03`	3 months	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M02	`2023-02-14` - `2023-11-07`	9 months	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
www.google.de GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2023-09-01` - `2024-02-28`	6 months	crt.sh
www.google.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2023-07-26` - `2023-10-24`	3 months	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-06-08` - `2024-07-07`	a year	crt.sh
t.influ2.com GTS CA 1D4	`2023-09-01` - `2023-11-30`	3 months	crt.sh
*.hotjar.io Amazon ECDSA 256 M02	`2023-03-02` - `2024-03-30`	a year	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2023-04-07` - `2024-04-06`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
Frame ID: C9F4626F7E301D0695DB98E083A7BAFF
Requests: 120 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.24.html
Frame ID: 1F317D922E2FCD558836594C940DF5D7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Ransomware Diaries V. 3: LockBit's Secrets

Page URL History Show full URLs

https://t.co/MVbNeqV8MT Page URL
https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

114
Requests

97 %
HTTPS

71 %
IPv6

29
Domains

37
Subdomains

35
IPs

4
Countries

3283 kB
Transfer

5252 kB
Size

44
Cookies

47 Outgoing links

These are links going to different origins than the main page.

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fanalyst1.com%2Fransomware-diaries-volume-3-lockbits-secrets%2F&title=Ransomware%20Diaries%3A%20Volume%203%20%E2%80%93%20LockBit%E2%80%99s%20Secrets%C2%A0
Title: Share

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/lockbit-ransomware-builder-leaked-online-by-angry-developer/
Title: leaked the builder in September 2022

Search URL Search Domain Scan URL

URL: https://twitter.com/AShukuhi/status/1620975076970754048
Title: Figure 4: Azim’s post showing a post from Baddie on a Russian forum looking for affiliate hackers to join Royal ransomware.

Search URL Search Domain Scan URL

URL: https://blog.bushidotoken.net/2022/11/the-continuity-of-conti.html
Title: Various researchers

Search URL Search Domain Scan URL

URL: https://www.trellix.com/en-us/about/newsroom/stories/research/a-royal-analysis-of-royal-ransom.html
Title: cyber security

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/conti-ransomware-shuts-down-operation-rebrands-into-smaller-units/
Title: May 2022

Search URL Search Domain Scan URL

URL: https://twitter.com/vxunderground/status/1618885718839001091
Title: VX-Underground

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/lockbit-ransomware-goes-green-uses-new-conti-based-encryptor/
Title: and previous Conti variants

Search URL Search Domain Scan URL

URL: https://www.justice.gov/opa/press-release/file/1223586/download
Title: wanted criminal the United States indicted

Search URL Search Domain Scan URL

URL: https://home.treasury.gov/news/press-releases/sm845
Title: supporting the FSB

Search URL Search Domain Scan URL

URL: https://www.mandiant.com/resources/blog/unc2165-shifts-to-evade-sanctions
Title: attacks last year

Search URL Search Domain Scan URL

URL: https://intel471.com/blog/the-trickbot-conti-ransomware-gang-has-been-sanctioned-what-does-it-mean
Title: Conti ransomware gang

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/https://www.smarty.com/articles/royal-mail
Title: United Kingdom

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/ransomware-gang-apologizes-gives-sickkids-hospital-free-decryptor/
Title: shut down emergency systems

Search URL Search Domain Scan URL

URL: https://twitter.com/UK_Daniel_Card/status/1613583665740615682?lang=en-GB
Title: Figure 17: Ransom note associated with the Royal Mail attack

Search URL Search Domain Scan URL

URL: https://www.engadget.com/lock-bit-ransomware-gang-apologizes-sick-kids-attack-224245439.html
Title: SickKids

Search URL Search Domain Scan URL

URL: https://www.computerweekly.com/news/365530169/LockBit-cartel-finally-claims-Royal-Mail-ransomware-attack
Title: critical national infrastructure

Search URL Search Domain Scan URL

URL: https://web.archive.org/web/20230425043815im_/https://pbs.twimg.com/media/FsKrbcQX0AI6iJ7?format=png&name=small
Title: Maximum Industries breach

Search URL Search Domain Scan URL

URL: https://web.archive.org/web/20230425043815im_/https://pbs.twimg.com/media/FsKn3JlXsAMoons?format=png&name=900x900
Title: LockBit Affiliate

Search URL Search Domain Scan URL

URL: https://twitter.com/malwrhunterteam/status/1647384505550876675?s=20
Title: MalwareHunterTeam

Search URL Search Domain Scan URL

URL: https://www.sentinelone.com/blog/lockbit-for-mac-how-real-is-the-risk-of-macos-ransomware/
Title: which technically was not true

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/blog/news/2023/04/lockbit-ransomware-on-mac-should-we-worry
Title: “move it to the Trash.”

Search URL Search Domain Scan URL

URL: https://twitter.com/vxunderground/status/1646291857251377157
Title: its site

Search URL Search Domain Scan URL

URL: https://darktrace.com/people/poppy-gustafsson
Title: Poppy Gustafsson

Search URL Search Domain Scan URL

URL: https://twitter.com/vxunderground/status/1661789069670780934?s=61&t=4Lgtsi3o3NICftnUWxDJ4w
Title: Russian hacking forum

Search URL Search Domain Scan URL

URL: https://www.tetrane.com/demos-videos.html
Title: “Reven”,

Search URL Search Domain Scan URL

URL: https://www.justice.gov/opa/pr/russian-national-charged-ransomware-attacks-against-critical-infrastructure
Title: LockBit crime syndicate

Search URL Search Domain Scan URL

URL: https://krebsonsecurity.com/2022/02/wazawaka-goes-waka-waka/
Title: Matveev used the monikers

Search URL Search Domain Scan URL

URL: https://krebsonsecurity.com/2022/01/who-is-the-network-access-broker-wazawaka/
Title: in an article published in January 2022

Search URL Search Domain Scan URL

URL: https://therecord.media/an-interview-with-initial-access-broker-wazawaka-there-is-no-such-money-anywhere-as-there-is-in-ransomware
Title: interview with Dmitry

Search URL Search Domain Scan URL

URL: https://www.justice.gov/d9/2023-05/matveev.indictment.pdf
Title: US Department of Justice

Search URL Search Domain Scan URL

URL: https://therecord.media/wazawaka-cyber-most-wanted-interview-click-here
Title: “lost their way”

Search URL Search Domain Scan URL

URL: https://thehackernews.com/2023/06/20-year-old-russian-lockbit-ransomware.html
Title: a 20-year-old

Search URL Search Domain Scan URL

URL: https://www.justice.gov/d9/2023-06/astamirov.complaint.pdf
Title: arrested by the FBI

Search URL Search Domain Scan URL

URL: https://www.scientificamerican.com/article/fbi-takes-down-hive-criminal-ransomware-group1/
Title: Hive

Search URL Search Domain Scan URL

URL: https://cybernews.com/news/lockbit-boasts-of-breaching-spacex-contractor/
Title: owned by Elon Musk

Search URL Search Domain Scan URL

URL: https://twitter.com/AL3xL7/status/1673170259992367105
Title: Bassterlord

Search URL Search Domain Scan URL

URL: https://www.techradar.com/reviews/sendspace
Title: legitimate third-party file-sharing platforms

Search URL Search Domain Scan URL

URL: https://www.dni.gov/files/NCSC/documents/SafeguardingOurFuture/Kaseya%20VSA%20Supply%20Chain%20Ransomware%20Attack.pdf
Title: MSP incident

Search URL Search Domain Scan URL

URL: https://twitter.com/jon__dimaggio/status/1687085919679954946?s=61&t=HQaIC4nHMoon7pQ27ghPBw
Title: crime syndicate

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/jondimaggio/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/UseAnalyst1/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/analyst1/

Search URL Search Domain Scan URL

URL: https://twitter.com/Analyst1

Search URL Search Domain Scan URL

URL: https://digitalsilk.com/
Title: Designed by Digital Silk

Search URL Search Domain Scan URL

URL: https://wordpress.org/plugins/gdpr-cookie-compliance/
Title: Powered by GDPR Cookie Compliance

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/MVbNeqV8MT Page URL
https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 80

https://secure.adnxs.com/px?id=1576800&t=2 HTTP 307
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1576800%26t%3D2

Request Chain 101

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3412169&time=1693556325000&url=https%3A%2F%2Fanalyst1.com%2Fransomware-diaries-volume-3-lockbits-secrets%2F&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3412169&time=1693556325000&url=https%3A%2F%2Fanalyst1.com%2Fransomware-diaries-volume-3-lockbits-secrets%2F&tm=gtmv2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3412169%26time%3D1693556325000%26url%3Dhttps%253A%252F%252Fanalyst1.com%252Fransomware-diaries-volume-3-lockbits-secrets%252F%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3412169&time=1693556325000&url=https%3A%2F%2Fanalyst1.com%2Fransomware-diaries-volume-3-lockbits-secrets%2F&tm=gtmv2&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3412169&time=1693556325000&url=https%3A%2F%2Fanalyst1.com%2Fransomware-diaries-volume-3-lockbits-secrets%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQKth9DfMKKA3QAAAYpP0r1fat5C3i_54dUI0iUm3uvEHbJzRHpcMfUQ6oD3Vize

114 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 MVbNeqV8MT
t.co/ 354 B
581 B 149ms
122ms Document
text/html 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/MVbNeqV8MT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,max-age=300
content-encoding: gzip
content-length: 209
content-type: text/html; charset=utf-8
date: Fri, 01 Sep 2023 08:18:42 GMT
expires: Fri, 01 Sep 2023 08:23:43 GMT
perf: 7626143928
server: tsa_o
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: 7538241bf258bc59028bafbb7e4eb86a7305e174f595bce980ca169417e123b6
x-response-time: 115
x-transaction-id: 90093cdbb7401d55
x-xss-protection: 0

GET
H2 200 Primary Request / Show response
analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/ 271 KB
66 KB 379ms
303ms Document
text/html 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Requested by

Host: t.co
URL: https://t.co/MVbNeqV8MT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b613be485aa6ffb2f61ebffb9331daa748d0909db5fc801f2948bbc1c1b7d11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://t.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
age: 1237
cf-cache-status: DYNAMIC
cf-edge-cache: cache,platform=wordpress
cf-ray: 7ffc15906a111c05-FRA
content-encoding: br
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
content-type: text/html; charset=UTF-8
date: Fri, 01 Sep 2023 08:18:44 GMT
server: cloudflare
vary: Accept-Encoding
x-cache: HIT
x-cache-hits: 4
x-cacheable: YES:Forced
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-host: analyst1.com
x-url: /ransomware-diaries-volume-3-lockbits-secrets/
x-xss-protection: 1; mode=block

GET
H2 200 theme.css
analyst1.com/wp-content/uploads/dsmp-assets/ 5 KB
1 KB 23ms
20ms Stylesheet
text/css 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/uploads/dsmp-assets/theme.css

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ff8e4b5b9f5ff680c854dbc1ae0bc31541871b7e8f5487a9b761a39043e061c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 40
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3241337
cf-polished: origSize=5055
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/uploads/dsmp-assets/theme.css
x-host: analyst1.com
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Tue, 06 Sep 2022 07:19:50 GMT
server: cloudflare
etag: W/"6316f496-13bf"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc15925cd01c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
969 B 52ms
16ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Barlow%3Aital%2Cwght%400%2C700%3B0%2C900%3B1%2C700%3B1%2C900&display=swap&ver=6.2.2

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8bba0f40887b12333044658c68be1390c09cfbc0e47abb4657a3584a4b27505

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 01 Sep 2023 08:18:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 01 Sep 2023 08:18:44 GMT

GET
H2 200 css2
fonts.googleapis.com/ 7 KB
710 B 53ms
18ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Barlow+Condensed%3Aital%2Cwght%400%2C400%3B0%2C600%3B0%2C700%3B1%2C400%3B1%2C600%3B1%2C700&display=swap&ver=6.2.2

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

279ea3ccb433eb3d011d2521acf88a23512f97d39ec542f315368dddcca91d6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 01 Sep 2023 08:18:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 01 Sep 2023 08:18:44 GMT

GET
H2 200 style.min.css
analyst1.com/wp-includes/css/dist/block-library/ 95 KB
13 KB 27ms
21ms Stylesheet
text/css 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-includes/css/dist/block-library/style.min.css?ver=6.2.2

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 3
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 482273
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-includes/css/dist/block-library/style.min.css?ver=6.2.2
x-host: analyst1.com
x-xss-protection: 1; mode=block
last-modified: Fri, 10 Mar 2023 00:22:37 GMT
server: cloudflare
etag: W/"640a784d-17ced"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc15925cd41c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 classic-themes.min.css
analyst1.com/wp-includes/css/ 291 B
340 B 32ms
26ms Stylesheet
text/css 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-includes/css/classic-themes.min.css?ver=6.2.2

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 36
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 248005
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-includes/css/classic-themes.min.css?ver=6.2.2
x-host: analyst1.com
x-xss-protection: 1; mode=block
last-modified: Mon, 13 Feb 2023 20:50:19 GMT
server: cloudflare
etag: W/"63eaa28b-123"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc15925cd51c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 styles.css
analyst1.com/wp-content/plugins/contact-form-7/includes/css/ 2 KB
1 KB 32ms
26ms Stylesheet
text/css 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.8

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e7c083e0e173f849fa0582a9332bf40a3567c49ff818f28b0e4dca93930c6e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 57
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2170880
cf-polished: origSize=2859
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.8
x-host: analyst1.com
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Mon, 07 Aug 2023 00:18:04 GMT
server: cloudflare
etag: W/"64d0383c-b2b"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc15925cd61c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 screen.min.css
analyst1.com/wp-content/plugins/easy-table-of-contents/assets/css/ 5 KB
2 KB 23ms
18ms Stylesheet
text/css 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/plugins/easy-table-of-contents/assets/css/screen.min.css?ver=2.0.53

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ca1bb41f8bd235c016c81e22a5be19fafddf755798a6e74420ae21174534595

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 2
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 248005
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/plugins/easy-table-of-contents/assets/css/screen.min.css?ver=2.0.53
x-host: analyst1.com
x-xss-protection: 1; mode=block
last-modified: Mon, 14 Aug 2023 00:18:04 GMT
server: cloudflare
etag: W/"64d972bc-15ab"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc15925cd71c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 default.css
analyst1.com/wp-content/plugins/tablepress/css/build/ 6 KB
2 KB 29ms
24ms Stylesheet
text/css 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/plugins/tablepress/css/build/default.css?ver=2.1.7

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9bc19ce27e7fe54728be0d4489cf683005fd6f522bbf6391a681d7d2d8d3f190

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 22
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 482273
cf-polished: origSize=6091
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/plugins/tablepress/css/build/default.css?ver=2.1.7
x-host: analyst1.com
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Mon, 21 Aug 2023 00:18:05 GMT
server: cloudflare
etag: W/"64e2ad3d-17cb"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc15925cd81c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 tablepress-responsive.min.css
analyst1.com/wp-content/plugins/tablepress-responsive-tables/css/ 8 KB
1 KB 26ms
20ms Stylesheet
text/css 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.7

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70a5b0b12138d72265e36399b36ce4590a9df3bd22ee73c201d269b109a8177a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 42
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3241337
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.7
x-host: analyst1.com
x-xss-protection: 1; mode=block
last-modified: Thu, 13 Jul 2023 13:42:25 GMT
server: cloudflare
etag: W/"64afff41-2176"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc15925cda1c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 addtoany.min.css
analyst1.com/wp-content/plugins/add-to-any/ 2 KB
645 B 24ms
19ms Stylesheet
text/css 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.16

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c19e3e4151ea4933fa9ba9703c51fe20ad469237771214b1c5001d1b107ddef5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 45
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3241337
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/plugins/add-to-any/addtoany.min.css?ver=1.16
x-host: analyst1.com
x-xss-protection: 1; mode=block
last-modified: Thu, 13 Jul 2023 13:42:11 GMT
server: cloudflare
etag: W/"64afff33-644"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc15925cdb1c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 critical.css
analyst1.com/wp-content/themes/digitalexpress1/assets/_dist/css/ 72 KB
13 KB 28ms
23ms Stylesheet
text/css 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/themes/digitalexpress1/assets/_dist/css/critical.css?ver=1689255700

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65622f221abb9eb242ee1dbd19033bb5390f332b25fe52f10e0ec840e15f5401

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 1
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3241337
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/themes/digitalexpress1/assets/_dist/css/critical.css?ver=1689255700
x-host: analyst1.com
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Thu, 13 Jul 2023 13:41:40 GMT
server: cloudflare
etag: W/"64afff14-11ebb"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc15925cdc1c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 blog.css
analyst1.com/wp-content/themes/digitalexpress1/assets/_dist/css/ 25 KB
5 KB 29ms
24ms Stylesheet
text/css 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/themes/digitalexpress1/assets/_dist/css/blog.css?ver=1689255700

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6964b643d9729b5953d4bbda1b142c27bfa2f7bd34beefcf53c2d170d6340788

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 14
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1879355
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/themes/digitalexpress1/assets/_dist/css/blog.css?ver=1689255700
x-host: analyst1.com
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Thu, 13 Jul 2023 13:41:40 GMT
server: cloudflare
etag: W/"64afff14-619c"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc15925cdd1c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 main.css
analyst1.com/wp-content/themes/digitalexpress1/assets/_dist/css/ 231 KB
38 KB 34ms
29ms Stylesheet
text/css 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/themes/digitalexpress1/assets/_dist/css/main.css?ver=1689255700

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

362ae06b64117ef3431cf56356527c36fe17b2602956e3cfda9fb6347a9addde

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3328941
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: MISS
x-url: /wp-content/themes/digitalexpress1/assets/_dist/css/main.css?ver=1689255700
x-host: analyst1.com
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Thu, 13 Jul 2023 13:41:40 GMT
server: cloudflare
etag: W/"64afff14-3887d"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc15925ce31c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 swiper-bundle.min.css
analyst1.com/wp-content/themes/digitalexpress1/assets/vendors/swiper/ 15 KB
4 KB 32ms
28ms Stylesheet
text/css 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/themes/digitalexpress1/assets/vendors/swiper/swiper-bundle.min.css?ver=1.8

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3371f801000f02d00a3011c06bd012698f91b361b6d8d4bb76816e8dba84d22f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 40
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3241337
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/themes/digitalexpress1/assets/vendors/swiper/swiper-bundle.min.css?ver=1.8
x-host: analyst1.com
x-xss-protection: 1; mode=block
last-modified: Thu, 13 Jul 2023 13:41:40 GMT
server: cloudflare
etag: W/"64afff14-3ccb"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc15925ce41c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.fancybox.min.css
analyst1.com/wp-content/themes/digitalexpress1/assets/vendors/fancybox/ 12 KB
4 KB 30ms
25ms Stylesheet
text/css 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/themes/digitalexpress1/assets/vendors/fancybox/jquery.fancybox.min.css?ver=1.8

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5736e3eec0c34bfc288854b7b8d2a8f1e22e9e2e7dae3c8d1ad5dfb2d4734ad0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 4
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 248005
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/themes/digitalexpress1/assets/vendors/fancybox/jquery.fancybox.min.css?ver=1.8
x-host: analyst1.com
x-xss-protection: 1; mode=block
last-modified: Thu, 13 Jul 2023 13:41:40 GMT
server: cloudflare
etag: W/"64afff14-31fb"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc15925ce51c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gdpr-main-nf.css
analyst1.com/wp-content/plugins/gdpr-cookie-compliance/dist/styles/ 85 KB
9 KB 32ms
27ms Stylesheet
text/css 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/plugins/gdpr-cookie-compliance/dist/styles/gdpr-main-nf.css?ver=4.12.6

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40b19e1d704d79b1ff52d3eee4a7e49dcccfe126a4524e8d71909976cd5befb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 78
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 356410
cf-polished: origSize=86575
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/plugins/gdpr-cookie-compliance/dist/styles/gdpr-main-nf.css?ver=4.12.6
x-host: analyst1.com
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Mon, 28 Aug 2023 00:18:04 GMT
server: cloudflare
etag: W/"64ebe7bc-1522f"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc15925ce61c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 page.js Show response
static.addtoany.com/menu/ 3 KB
2 KB 36ms
16ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92545ae7b38b727089c99033d3557a18ee913a608fe8b26fb24973eb8660f17d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:44 GMT
via: e2s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 78558
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 09 Aug 2023 10:28:36 GMT
server: cloudflare
etag: W/"c09-6027af130ca25"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=172800
cf-ray: 7ffc1592cabd4db5-FRA

GET
H2 200 jquery.min.js Show response
analyst1.com/wp-includes/js/jquery/ 88 KB
31 KB 36ms
32ms Script
application/javascript 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 482273
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: MISS
x-url: /wp-includes/js/jquery/jquery.min.js?ver=3.6.4
x-host: analyst1.com
x-xss-protection: 1; mode=block
last-modified: Wed, 08 Mar 2023 18:37:33 GMT
server: cloudflare
etag: W/"6408d5ed-15ed7"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc15925ce81c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery-migrate.min.js Show response
analyst1.com/wp-includes/js/jquery/ 13 KB
5 KB 31ms
27ms Script
application/javascript 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 26
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 482274
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0
x-host: analyst1.com
x-xss-protection: 1; mode=block
last-modified: Mon, 06 Feb 2023 20:59:15 GMT
server: cloudflare
etag: W/"63e16a23-3470"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc15925cea1c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 addtoany.min.js Show response
analyst1.com/wp-content/plugins/add-to-any/ 129 B
275 B 20ms
19ms Script
application/javascript 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 19
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2911545
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1
x-host: analyst1.com
x-xss-protection: 1; mode=block
last-modified: Thu, 13 Jul 2023 13:42:11 GMT
server: cloudflare
etag: W/"64afff33-81"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc1592bd8a1c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 core.c78901bc.js Show response
static.addtoany.com/menu/modules/ 69 KB
25 KB 35ms
20ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/modules/core.c78901bc.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05d18955853a018a783dde77bcf072fb4e36df5bffafefb7be0e5e97411ab092

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://analyst1.com/
Origin: https://analyst1.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:44 GMT
via: e3s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 128494
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 09 Aug 2023 10:28:35 GMT
server: cloudflare
etag: W/"1140a-6027af129c545"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, immutable
cf-ray: 7ffc1592fb289268-FRA

GET
H2 200 cssrelpreload.js Show response
analyst1.com/wp-content/themes/digitalexpress1/assets/vendors/ 1 KB
994 B 20ms
19ms Script
application/javascript 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/themes/digitalexpress1/assets/vendors/cssrelpreload.js

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

664f6d2b747d802a76801d4948aa59ce5c7dcb25c5e245c813c42a2346efb867

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 1
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 482272
cf-polished: origSize=3017
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/themes/digitalexpress1/assets/vendors/cssrelpreload.js
x-host: analyst1.com
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Thu, 13 Jul 2023 13:41:40 GMT
server: cloudflare
etag: W/"64afff14-bc9"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc15936e5d1c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 modernizr-custom.js Show response
analyst1.com/wp-content/themes/digitalexpress1/assets/vendors/ 3 KB
2 KB 21ms
21ms Script
application/javascript 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/themes/digitalexpress1/assets/vendors/modernizr-custom.js

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c25fb28f6f44215a4ccb741d6e9647bfc47392a942ae3a8c32e4b3868ee157a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 16
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1879355
cf-polished: origSize=3401
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/themes/digitalexpress1/assets/vendors/modernizr-custom.js
x-host: analyst1.com
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Thu, 13 Jul 2023 13:41:40 GMT
server: cloudflare
etag: W/"64afff14-d49"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc15936e5e1c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 262 KB
89 KB 59ms
32ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5X55QVN

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

75881baf8ff6454da2014473b21e8643ef2b4eef5bddf23613c85392eef03b07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 90697
x-xss-protection: 0
last-modified: Fri, 01 Sep 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Sep 2023 08:18:44 GMT

GET
H2 200 7cHqv4kjgoGqM7E3t-4s51os.woff2
fonts.gstatic.com/s/barlow/v12/ 21 KB
22 KB 36ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3t-4s51os.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow%3Aital%2Cwght%400%2C700%3B0%2C900%3B1%2C700%3B1%2C900&display=swap&ver=6.2.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65a47caa5183b035bf78d0f93adbe5cea500333410259c54abf2de356740df7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://analyst1.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 05:31:58 GMT
x-content-type-options: nosniff
age: 528406
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21724
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:29:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 Aug 2024 05:31:58 GMT

GET
H2 200 RDA3.png
analyst1.com/wp-content/uploads/2023/08/ 682 KB
683 KB 26ms
25ms Image
image/png 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analyst1.com/wp-content/uploads/2023/08/RDA3.png

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dddd493e81d9696ca3d1a81373b888fe27da421c478c11858ba3001d60756dbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 48
date: Fri, 01 Sep 2023 08:18:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 77164
cf-polished: origSize=712982
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/uploads/2023/08/RDA3.png
x-host: analyst1.com
content-length: 698578
x-xss-protection: 1; mode=block
cf-bgj: imgq:100,h2pri
last-modified: Mon, 14 Aug 2023 15:45:24 GMT
server: cloudflare
etag: "64da4c14-ae116"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7ffc15938e9c1c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jon_dimaggio-150x150.jpg
analyst1.com/wp-content/uploads/2023/07/ 3 KB
4 KB 19ms
19ms Image
image/jpeg 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analyst1.com/wp-content/uploads/2023/07/jon_dimaggio-150x150.jpg

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ad330382c7c1f60f338c8b3db3572eeb7b0037bda95fd36904bbf6041f125e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 56
date: Fri, 01 Sep 2023 08:18:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 60462
cf-polished: origSize=3745
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/uploads/2023/07/jon_dimaggio-150x150.jpg
x-host: analyst1.com
content-length: 3547
x-xss-protection: 1; mode=block
cf-bgj: imgq:100,h2pri
last-modified: Thu, 06 Jul 2023 09:15:10 GMT
server: cloudflare
etag: "64a6861e-ea1"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7ffc15938e9f1c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 A-Ransomware-Hacker-Origin-Story-min.jpg
analyst1.com/wp-content/uploads/2023/04/ 54 KB
54 KB 41ms
40ms Image
image/jpeg 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analyst1.com/wp-content/uploads/2023/04/A-Ransomware-Hacker-Origin-Story-min.jpg

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ef7094554552cc7822bc6920038444e01b407713cb660b6b88075e1c74d9880

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 53
date: Fri, 01 Sep 2023 08:18:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 77164
cf-polished: status=not_needed
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/uploads/2023/04/A-Ransomware-Hacker-Origin-Story-min.jpg
x-host: analyst1.com
content-length: 55332
x-xss-protection: 1; mode=block
cf-bgj: imgq:100,h2pri
last-modified: Fri, 21 Apr 2023 22:17:09 GMT
server: cloudflare
etag: "64430b65-d824"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7ffc15939ea11c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Cyber-Security-1.png
analyst1.com/wp-content/uploads/2023/02/ 338 KB
339 KB 41ms
41ms Image
image/png 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analyst1.com/wp-content/uploads/2023/02/Cyber-Security-1.png

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23ab74b17e5f78a087aa72353bbd320721c2a6aff37f13a034aaa72e12f60336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 25
date: Fri, 01 Sep 2023 08:18:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 77164
cf-polished: origSize=347331
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/uploads/2023/02/Cyber-Security-1.png
x-host: analyst1.com
content-length: 346284
x-xss-protection: 1; mode=block
cf-bgj: imgq:100,h2pri
last-modified: Tue, 28 Feb 2023 17:55:42 GMT
server: cloudflare
etag: "63fe401e-54cc3"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7ffc15939ea21c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Ransom-Diaries-Part-I_Analyst1_Joe-Dimaggio.png
analyst1.com/wp-content/uploads/2023/01/ 1 MB
1 MB 41ms
40ms Image
image/png 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analyst1.com/wp-content/uploads/2023/01/Ransom-Diaries-Part-I_Analyst1_Joe-Dimaggio.png

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

82ae3253c906fba5bbaa45ae842a17f04f9160f61231b1970baf7c34fa89d83a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 24
date: Fri, 01 Sep 2023 08:18:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1553702
cf-polished: origSize=1228662
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/uploads/2023/01/Ransom-Diaries-Part-I_Analyst1_Joe-Dimaggio.png
x-host: analyst1.com
content-length: 1226874
x-xss-protection: 1; mode=block
cf-bgj: imgq:100,h2pri
last-modified: Sun, 15 Jan 2023 16:39:54 GMT
server: cloudflare
etag: "63c42c5a-12bf76"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7ffc15939ea41c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 logo.svg
analyst1.com/wp-content/uploads/2022/05/ 7 KB
3 KB 41ms
40ms Image
image/svg+xml 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analyst1.com/wp-content/uploads/2022/05/logo.svg

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c33a5639cb3feb8a4e6ff3c19edb8947caf54f2aab52d1ebe97fd10f3bcb9a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 51
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 60462
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/uploads/2022/05/logo.svg
x-host: analyst1.com
x-xss-protection: 1; mode=block
last-modified: Mon, 09 May 2022 10:21:02 GMT
server: cloudflare
etag: W/"6278eb0e-1ba1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc15939ea71c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 7602761.js Show response
js.hs-scripts.com/ 2 KB
1 KB 433ms
395ms Script
application/javascript 2606:4700::6810:bf59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/7602761.js

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:bf59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e055ce560859733fc891576a91fd463bd43804f96c8729cfcd8074eb59460bb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 4e862092-a182-42b5-bdaa-12727ef84612
x-envoy-upstream-service-time: 11
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 4e862092-a182-42b5-bdaa-12727ef84612
last-modified: Fri, 01 Sep 2023 04:38:44 GMT
server: cloudflare
x-trace: 2BAA6932B94A7B4B7A2E4943AF58BC66C936430DA2000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://analyst1.com
x-evy-trace-virtual-host: all
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6c94986c56-mlzrb
cf-ray: 7ffc1593da393606-FRA
expires: Fri, 01 Sep 2023 08:19:44 GMT

GET
DATA 200
OK truncated
/ 420 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d21258c59af6cc22fc9e133894e06810471800a806cfbfb06466b0dbe2493248

Request headers

Referer
Origin: https://analyst1.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 508 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 10cf7df99fd57a9c91e2363b1583ddb35d143edd83f724e036585894cd6b38ac

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 604 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ba4036b1cf30d0dcaa7730ba42f4242ab23c45a06aaf4697c100853dd8a6ccd5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 522 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9a08bd07a9da277d25a591727b8f5f249e677a9cebe6c2c3b7ebf3e71d3e7c2d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 arc-footer.png
analyst1.com/wp-content/themes/digitalexpress1/assets/_dist/images/ 43 KB
43 KB 53ms
41ms Image
image/png 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analyst1.com/wp-content/themes/digitalexpress1/assets/_dist/images/arc-footer.png

Requested by

Host: analyst1.com
URL: https://analyst1.com/wp-content/themes/digitalexpress1/assets/_dist/css/main.css?ver=1689255700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

58239e32c45cf12f04e22800dfbb50f614dcf2afa117abf3a72a8427a41e1a8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/wp-content/themes/digitalexpress1/assets/_dist/css/main.css?ver=1689255700
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 60462
cf-polished: origSize=44437
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: MISS
x-url: /wp-content/themes/digitalexpress1/assets/_dist/images/arc-footer.png
x-host: analyst1.com
content-length: 44127
x-xss-protection: 1; mode=block
cf-bgj: imgq:100,h2pri
last-modified: Thu, 13 Jul 2023 13:41:40 GMT
server: cloudflare
etag: "64afff14-ad95"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7ffc1593dee01c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 form-eagle.svg
analyst1.com/wp-content/themes/digitalexpress1/assets/_dist/images/ 3 KB
2 KB 56ms
44ms Image
image/svg+xml 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analyst1.com/wp-content/themes/digitalexpress1/assets/_dist/images/form-eagle.svg

Requested by

Host: analyst1.com
URL: https://analyst1.com/wp-content/themes/digitalexpress1/assets/_dist/css/main.css?ver=1689255700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e2e1ac3dcd6c0894b40555e69ca72ea6fbf6a61837294bce204587bbb56c5c44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/wp-content/themes/digitalexpress1/assets/_dist/css/main.css?ver=1689255700
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 49
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 60462
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/themes/digitalexpress1/assets/_dist/images/form-eagle.svg
x-host: analyst1.com
x-xss-protection: 1; mode=block
last-modified: Thu, 13 Jul 2023 13:41:40 GMT
server: cloudflare
etag: W/"64afff14-a66"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc1593dee11c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 lib-icon-arrow4.svg
analyst1.com/wp-content/themes/digitalexpress1/assets/_dist/images/svg-icons/ 170 B
289 B 53ms
41ms Image
image/svg+xml 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analyst1.com/wp-content/themes/digitalexpress1/assets/_dist/images/svg-icons/lib-icon-arrow4.svg

Requested by

Host: analyst1.com
URL: https://analyst1.com/wp-content/themes/digitalexpress1/assets/_dist/css/main.css?ver=1689255700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e3407f64548ade7888540e2a758d7c1aaa0eda31a3d897ef24ed4cd768d22c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/wp-content/themes/digitalexpress1/assets/_dist/css/main.css?ver=1689255700
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 49
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 60462
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/themes/digitalexpress1/assets/_dist/images/svg-icons/lib-icon-arrow4.svg
x-host: analyst1.com
x-xss-protection: 1; mode=block
last-modified: Thu, 13 Jul 2023 13:41:40 GMT
server: cloudflare
etag: W/"64afff14-aa"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc1593dee21c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 HTx3L3I-JCGChYJ8VI-L6OO_au7B6xHT2g.woff2
fonts.gstatic.com/s/barlowcondensed/v12/ 20 KB
20 KB 35ms
24ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlowcondensed/v12/HTx3L3I-JCGChYJ8VI-L6OO_au7B6xHT2g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow+Condensed%3Aital%2Cwght%400%2C400%3B0%2C600%3B0%2C700%3B1%2C400%3B1%2C600%3B1%2C700&display=swap&ver=6.2.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af91213cd670d6270b32ebdeb00a09625f6b74ccd780d12ff6724a14ea1efaff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://analyst1.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 05:51:13 GMT
x-content-type-options: nosniff
age: 527251
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20200
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:28:11 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 Aug 2024 05:51:13 GMT

GET
H2 200 HTxwL3I-JCGChYJ8VI-L6OO_au7B4873z3bWuQ.woff2
fonts.gstatic.com/s/barlowcondensed/v12/ 21 KB
21 KB 46ms
35ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlowcondensed/v12/HTxwL3I-JCGChYJ8VI-L6OO_au7B4873z3bWuQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow+Condensed%3Aital%2Cwght%400%2C400%3B0%2C600%3B0%2C700%3B1%2C400%3B1%2C600%3B1%2C700&display=swap&ver=6.2.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b281bf2f4179c06ba68f0a427f2341287c41eacc2ce9d534c6f5c513ac633fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://analyst1.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 04:09:00 GMT
x-content-type-options: nosniff
age: 274184
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21352
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:30:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Aug 2024 04:09:00 GMT

GET
H2 200 HTxwL3I-JCGChYJ8VI-L6OO_au7B46r2z3bWuQ.woff2
fonts.gstatic.com/s/barlowcondensed/v12/ 21 KB
21 KB 29ms
25ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlowcondensed/v12/HTxwL3I-JCGChYJ8VI-L6OO_au7B46r2z3bWuQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow+Condensed%3Aital%2Cwght%400%2C400%3B0%2C600%3B0%2C700%3B1%2C400%3B1%2C600%3B1%2C700&display=swap&ver=6.2.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8320299532b4b81498d5b3714d49c9d5938883b55f4c2a1efe6f105bf4a942bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://analyst1.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 21:29:16 GMT
x-content-type-options: nosniff
age: 470968
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21440
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:46:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 Aug 2024 21:29:16 GMT

GET
H2 200 HTxxL3I-JCGChYJ8VI-L6OO_au7B6xTj2FHz.woff2
fonts.gstatic.com/s/barlowcondensed/v12/ 22 KB
22 KB 39ms
34ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlowcondensed/v12/HTxxL3I-JCGChYJ8VI-L6OO_au7B6xTj2FHz.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow+Condensed%3Aital%2Cwght%400%2C400%3B0%2C600%3B0%2C700%3B1%2C400%3B1%2C600%3B1%2C700&display=swap&ver=6.2.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b3130cfe8b7c49789517a61b7b34c6f35f25b994147f6dd30b40721458f0cf74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://analyst1.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 22:14:30 GMT
x-content-type-options: nosniff
age: 209054
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22900
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:42:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Aug 2024 22:14:30 GMT

GET
H2 200 HTxyL3I-JCGChYJ8VI-L6OO_au7B6xTrY3Tmu4kG.woff2
fonts.gstatic.com/s/barlowcondensed/v12/ 22 KB
22 KB 30ms
26ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlowcondensed/v12/HTxyL3I-JCGChYJ8VI-L6OO_au7B6xTrY3Tmu4kG.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow+Condensed%3Aital%2Cwght%400%2C400%3B0%2C600%3B0%2C700%3B1%2C400%3B1%2C600%3B1%2C700&display=swap&ver=6.2.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aeb1b16ad1d9bf8d2654c0eca63f5c6b28b9d0e903f110971082b437cd8b190e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://analyst1.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 06:33:03 GMT
x-content-type-options: nosniff
age: 524741
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22768
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:34:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 Aug 2024 06:33:03 GMT

GET
H2 200 dscf7db.min.js Show response
analyst1.com/wp-content/plugins/ds-contact-form-cfdb7/js/ 1 KB
660 B 19ms
18ms Script
application/javascript 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/plugins/ds-contact-form-cfdb7/js/dscf7db.min.js?ver=1.4.6

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d2fe9ed896910208d98311180bfb7fb293972197e887803dce5bbf5b242c207

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 13
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1879355
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/plugins/ds-contact-form-cfdb7/js/dscf7db.min.js?ver=1.4.6
x-host: analyst1.com
x-xss-protection: 1; mode=block
last-modified: Thu, 13 Jul 2023 13:42:17 GMT
server: cloudflare
etag: W/"64afff39-502"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc1594982b1c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 index.js Show response
analyst1.com/wp-content/plugins/contact-form-7/includes/swv/js/ 11 KB
3 KB 37ms
37ms Script
application/javascript 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.8

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fe46d2da01452067736578431f6c6e8116a24e616f58c72d9d81fdb2c7c9569

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 27
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 482271
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.8
x-host: analyst1.com
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Mon, 07 Aug 2023 00:18:04 GMT
server: cloudflare
etag: W/"64d0383c-2a12"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc1594982d1c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 index.js Show response
analyst1.com/wp-content/plugins/contact-form-7/includes/js/ 13 KB
4 KB 854ms
854ms Script
application/javascript 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.8

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1060091178cbd6c843b802f516f230f1a3a1e85f1afbd6ef84d80e5430ba457e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 36
date: Fri, 01 Sep 2023 08:18:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.8
x-host: analyst1.com
x-xss-protection: 1; mode=block
last-modified: Mon, 07 Aug 2023 00:18:04 GMT
server: cloudflare
etag: W/"64d0383c-328f"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc1594982e1c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 7602761.js Show response
js.hs-scripts.com/ 2 KB
746 B 385ms
385ms Script
application/javascript 2606:4700::6810:bf59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/7602761.js?integration=WordPress&ver=10.2.1

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:bf59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26ade2fe0731e7a4f5ae43fa5c0b0e556eb06dcbcc9579715965348263ddf388

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 774c1d8e-590d-4f5f-9b38-fcc5efb1b5a9
x-envoy-upstream-service-time: 6
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 774c1d8e-590d-4f5f-9b38-fcc5efb1b5a9
last-modified: Fri, 01 Sep 2023 04:38:44 GMT
server: cloudflare
x-trace: 2B9252B5CDFEAD3FE88BE234BBFF756D1B2C85DC60000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://analyst1.com
x-evy-trace-virtual-host: all
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6c94986c56-5r95m
cf-ray: 7ffc15949b303606-FRA
expires: Fri, 01 Sep 2023 08:19:44 GMT

GET
H2 200 js.cookie.min.js Show response
analyst1.com/wp-content/plugins/easy-table-of-contents/vendor/js-cookie/ 2 KB
1 KB 21ms
20ms Script
application/javascript 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/plugins/easy-table-of-contents/vendor/js-cookie/js.cookie.min.js?ver=2.2.1

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef09f4bec10862578ab2a20b0b0f5cff4faef4b3ce0fe01872a1460ad0d72c50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 22
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1879355
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/plugins/easy-table-of-contents/vendor/js-cookie/js.cookie.min.js?ver=2.2.1
x-host: analyst1.com
x-xss-protection: 1; mode=block
last-modified: Mon, 31 Jul 2023 00:18:03 GMT
server: cloudflare
etag: W/"64c6fdbb-9ee"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc159498311c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.sticky-kit.min.js Show response
analyst1.com/wp-content/plugins/easy-table-of-contents/vendor/sticky-kit/ 3 KB
1 KB 36ms
36ms Script
application/javascript 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/plugins/easy-table-of-contents/vendor/sticky-kit/jquery.sticky-kit.min.js?ver=1.9.2

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66361c617e79f2f0643b4ce1a922a59cb6d4e048fa3ee5cbc2309ab826af40ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 28
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 482272
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/plugins/easy-table-of-contents/vendor/sticky-kit/jquery.sticky-kit.min.js?ver=1.9.2
x-host: analyst1.com
x-xss-protection: 1; mode=block
last-modified: Mon, 14 Aug 2023 00:18:04 GMT
server: cloudflare
etag: W/"64d972bc-b5b"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc159498321c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 front.min.js Show response
analyst1.com/wp-content/plugins/easy-table-of-contents/assets/js/ 3 KB
1 KB 34ms
32ms Script
application/javascript 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/plugins/easy-table-of-contents/assets/js/front.min.js?ver=2.0.53-1691972284

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0fea30e85a1d525bb37a85eeebb9b9edbf0eb8318aaaa8b40f24e8ab2c4fa2d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 29
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 482272
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/plugins/easy-table-of-contents/assets/js/front.min.js?ver=2.0.53-1691972284
x-host: analyst1.com
x-xss-protection: 1; mode=block
last-modified: Mon, 14 Aug 2023 00:18:04 GMT
server: cloudflare
etag: W/"64d972bc-c20"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc1594a83c1c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 app_blog.js Show response
analyst1.com/wp-content/themes/digitalexpress1/assets/_dist/js/ 4 KB
2 KB 35ms
33ms Script
application/javascript 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/themes/digitalexpress1/assets/_dist/js/app_blog.js?ver=1689255700

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8baa1a585198029ec1b5e3407bc8ebe09507a57da0360cc1a619a4ac99ba8ce5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 29
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 482271
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/themes/digitalexpress1/assets/_dist/js/app_blog.js?ver=1689255700
x-host: analyst1.com
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Thu, 13 Jul 2023 13:41:40 GMT
server: cloudflare
etag: W/"64afff14-10ba"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc1594a83f1c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 swiper-bundle.min.js Show response
analyst1.com/wp-content/themes/digitalexpress1/assets/vendors/swiper/ 132 KB
38 KB 43ms
41ms Script
application/javascript 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/themes/digitalexpress1/assets/vendors/swiper/swiper-bundle.min.js?ver=1

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e43a5802d5ed9337da2e507c39c43080de4305db7e520e22fe3ec9fd83c1b72f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 12
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1879355
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/themes/digitalexpress1/assets/vendors/swiper/swiper-bundle.min.js?ver=1
x-host: analyst1.com
x-xss-protection: 1; mode=block
last-modified: Thu, 13 Jul 2023 13:41:40 GMT
server: cloudflare
etag: W/"64afff14-211fc"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc1594a8411c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 lazyload.min.js Show response
analyst1.com/wp-content/themes/digitalexpress1/assets/vendors/lazyload/ 8 KB
3 KB 37ms
36ms Script
application/javascript 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/themes/digitalexpress1/assets/vendors/lazyload/lazyload.min.js?ver=1

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea0bff4c09b2d825e704cc95a9621d5584d6e7e334d7d2bc1d6d432a376ca566

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 20
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1879355
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/themes/digitalexpress1/assets/vendors/lazyload/lazyload.min.js?ver=1
x-host: analyst1.com
x-xss-protection: 1; mode=block
last-modified: Thu, 13 Jul 2023 13:41:40 GMT
server: cloudflare
etag: W/"64afff14-1f25"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc1594a8421c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 app.js Show response
analyst1.com/wp-content/themes/digitalexpress1/assets/_dist/js/ 87 KB
17 KB 37ms
35ms Script
application/javascript 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/themes/digitalexpress1/assets/_dist/js/app.js?ver=1689255700

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be73af5ff04d2bbb9b472bb618fae156fc794911588370cabd243886fd579fd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 35
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1554088
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/themes/digitalexpress1/assets/_dist/js/app.js?ver=1689255700
x-host: analyst1.com
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Thu, 13 Jul 2023 13:41:40 GMT
server: cloudflare
etag: W/"64afff14-15cf3"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc1594a8431c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 vendor.js Show response
analyst1.com/wp-content/themes/digitalexpress1/assets/_dist/js/ 0
243 B 36ms
34ms Script
application/javascript 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/themes/digitalexpress1/assets/_dist/js/vendor.js?ver=1689255700

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 55
date: Fri, 01 Sep 2023 08:18:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 248005
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/themes/digitalexpress1/assets/_dist/js/vendor.js?ver=1689255700
x-host: analyst1.com
content-length: 0
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Thu, 13 Jul 2023 13:41:40 GMT
server: cloudflare
etag: "64afff14-0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7ffc1594a8441c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.fancybox.min.js Show response
analyst1.com/wp-content/themes/digitalexpress1/assets/vendors/fancybox/ 67 KB
22 KB 42ms
40ms Script
application/javascript 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/themes/digitalexpress1/assets/vendors/fancybox/jquery.fancybox.min.js?ver=1

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cadda460ccb4c3c01bb45f3d5976f63f5adf8dc3ff1d31cb4fbd3ded4f18e5bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 26
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 482272
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/themes/digitalexpress1/assets/vendors/fancybox/jquery.fancybox.min.js?ver=1
x-host: analyst1.com
x-xss-protection: 1; mode=block
last-modified: Thu, 13 Jul 2023 13:41:40 GMT
server: cloudflare
etag: W/"64afff14-10a9d"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc1594a8461c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 main.js Show response
analyst1.com/wp-content/plugins/gdpr-cookie-compliance/dist/scripts/ 60 KB
14 KB 38ms
37ms Script
application/javascript 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/plugins/gdpr-cookie-compliance/dist/scripts/main.js?ver=4.12.6

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

28480d2cf0daf7c3e1e9eb2248c2a87467472c427f6586c595a50bf36995c4ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 74
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 356410
cf-polished: origSize=61087
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/plugins/gdpr-cookie-compliance/dist/scripts/main.js?ver=4.12.6
x-host: analyst1.com
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Mon, 28 Aug 2023 00:18:04 GMT
server: cloudflare
etag: W/"64ebe7bc-ee9f"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc1594a8471c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 akismet-frontend.js Show response
analyst1.com/wp-content/plugins/akismet/_inc/ 6 KB
2 KB 38ms
37ms Script
application/javascript 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1689255733

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a88ba0b09a4416c080044dc095eabf66ca59e4d12a1d6201457b693687be85d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 36
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1554088
cf-polished: origSize=10733
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1689255733
x-host: analyst1.com
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Thu, 13 Jul 2023 13:42:13 GMT
server: cloudflare
etag: W/"64afff35-29ed"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc1594a8491c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 sm.24.html Show response
static.addtoany.com/menu/ Frame 1F31 677 B
541 B 33ms
32ms Document
text/html 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.24.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a4192e762a449dfd6e63bee835e0941627223c9159e8219acdd01881a1ac175

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://analyst1.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2178153
alt-svc: h3=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 7ffc1594ad3c4db5-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 01 Sep 2023 08:18:44 GMT
etag: W/"2a5-5edb40e6d10d8"
last-modified: Fri, 18 Nov 2022 00:47:55 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: e4s
x-content-type-options: nosniff

GET
H3 200 linkedin.js Show response
static.addtoany.com/menu/svg/icons/ 447 B
549 B 34ms
33ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/linkedin.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.c78901bc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98a4e1fdf290cfc7c5d58fd5688a45f0348db9ea62eceefad96a75569cae2a2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://analyst1.com/
Origin: https://analyst1.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:44 GMT
via: e2s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 308214
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 18 Nov 2022 01:01:37 GMT
server: cloudflare
etag: W/"1bf-5edb43f69a778"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=7776000
cf-ray: 7ffc1594bce09268-FRA

GET
H3 200 facebook.js Show response
static.addtoany.com/menu/svg/icons/ 318 B
482 B 33ms
32ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/facebook.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.c78901bc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a19ff3554a1e589f756a92be8263726674127c133feb1d333095668b77ba08c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://analyst1.com/
Origin: https://analyst1.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:44 GMT
via: e4s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 128494
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 18 Nov 2022 01:01:36 GMT
server: cloudflare
etag: W/"13e-5edb43f5ee978"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=7776000
cf-ray: 7ffc1594bce29268-FRA

GET
H3 200 twitter.js Show response
static.addtoany.com/menu/svg/icons/ 695 B
656 B 56ms
54ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/twitter.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.c78901bc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74ec1e2bfcf647ccdeaf5b127294db846ee4a6f8ffd6c909d4938370d4187d1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://analyst1.com/
Origin: https://analyst1.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:44 GMT
via: e4s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 128494
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 18 Nov 2022 01:01:39 GMT
server: cloudflare
etag: W/"2b7-5edb43f86f378"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=7776000
cf-ray: 7ffc1594bce49268-FRA

GET
H3 200 email.js Show response
static.addtoany.com/menu/svg/icons/ 393 B
545 B 33ms
31ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/email.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.c78901bc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15684309274ca43c5240c88c5be2c9ed2f56ed2b38d0367dc372760f9e287c50

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://analyst1.com/
Origin: https://analyst1.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:44 GMT
via: e3s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 128494
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 18 Nov 2022 01:01:36 GMT
server: cloudflare
etag: W/"189-5edb43f5e5cd8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=7776000, stale-while-revalidate=30
cf-ray: 7ffc1594bce69268-FRA

GET
H3 200 a2a.js Show response
static.addtoany.com/menu/svg/icons/ 182 B
390 B 171ms
170ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/a2a.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.c78901bc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dab93242ee573bbcfc22c9d15acd47794e500ed44e6bd48a35400b39d65aa43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://analyst1.com/
Origin: https://analyst1.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:44 GMT
via: e3s
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 18 Nov 2022 01:01:36 GMT
server: cloudflare
etag: W/"b6-5edb43f58ee38"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=7776000
cf-ray: 7ffc1594bce89268-FRA

GET
H2 200 A1-Brand-Identity-Color.svg
analyst1.com/wp-content/uploads/2022/09/ 6 KB
2 KB 31ms
29ms Image
image/svg+xml 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analyst1.com/wp-content/uploads/2022/09/A1-Brand-Identity-Color.svg

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

961e3016095d7e6f244ff538020cebbc52e2beca851b51e4f0a4ef44c4648a63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 33
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 60462
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/uploads/2022/09/A1-Brand-Identity-Color.svg
x-host: analyst1.com
x-xss-protection: 1; mode=block
last-modified: Fri, 30 Sep 2022 19:14:43 GMT
server: cloudflare
etag: W/"63374023-1801"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7ffc1594b85c1c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ 44 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 82 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7ce23bb169d56e3dc218181172c5d318dc16526e035b539e038f605a893ea551

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 90 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 345a7f619e726c9ed21fa1e83646623f3491056eb1c9e0f3af797c42d38255c1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 38 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Type: image/webp

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 1 KB
1 KB 63ms
10ms Script
application/javascript 2a02:26f0:3100::1735:2a09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5X55QVN

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:2a09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

292f853f9ef0e448c5536987fe87197f401bafcde3e0857e17de1f0676f5b2eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:44 GMT
x-content-type-options: nosniff
last-modified: Wed, 30 Aug 2023 18:41:20 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
content-type: application/javascript;charset=utf-8
cache-control: max-age=28642
accept-ranges: bytes
content-length: 1046

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/481621745/ 3 KB
2 KB 97ms
49ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/481621745/?random=1693556324823&cv=11&fst=1693556324823&bg=ffffff&guid=ON&async=1&gtm=45He38u0&u_w=1600&u_h=1200&url=https%3A%2F%2Fanalyst1.com%2Fransomware-diaries-volume-3-lockbits-secrets%2F&ref=https%3A%2F%2Ft.co%2F&hn=www.googleadservices.com&frm=0&tiba=Ransomware%20Diaries%20V.%203%3A%20LockBit%27s%20Secrets&auid=1320954378.1693556325&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5X55QVN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d8f352e3d5555dd078a494601da1b016de22df1851c3446e5b415bb7abca7863

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1354
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 54ms
9ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5X55QVN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 01 Sep 2023 07:44:23 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 2061
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Fri, 01 Sep 2023 09:44:23 GMT

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 23 KB
8 KB 54ms
10ms Script
application/javascript 2a04:4e42:200::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5X55QVN
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Thu, 15 Jun 2023 20:49:59 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "4a205643a240cb95fa82289d62b5af7e"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 7409

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 93ms
51ms Script
text/javascript 2606:4700:4400::ac40:973c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: t.co
URL: https://t.co/MVbNeqV8MT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:973c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
server: cloudflare
age: 54283
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 7ffc15967875bbbc-FRA
expires: Fri, 01 Sep 2023 08:38:44 GMT

GET
H2 200 tracker Show response
www.influ2.com/ 7 KB
3 KB 172ms
130ms Script
application/javascript 34.107.254.219
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.influ2.com/tracker?clid=19622639-70cd-43f9-ad54-eb46578774f0

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5X55QVN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.254.219 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

219.254.107.34.bc.googleusercontent.com

Software

Resource Hash

4b0e9a5334242f0ffd1c6842d11a0e848801121699f9912588e09d29608beb6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:44 GMT
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
content-encoding: gzip
via: 1.1 google
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 18 KB
7 KB 139ms
98ms Script
text/javascript 52.58.93.237
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: t.co
URL: https://t.co/MVbNeqV8MT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.58.93.237 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-93-237.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: db24d4482bec396e9b30761a8ab97aa312b95595c7bd61b66a261a3dea66cf4e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 01 Sep 2023 08:18:44 GMT
cache-control: max-age=5
content-encoding: gzip
content-type: text/javascript

GET
H2 200 hotjar-2795099.js Show response
static.hotjar.com/c/ 9 KB
4 KB 76ms
41ms Script
application/javascript 18.66.97.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2795099.js?sv=6

Requested by

Host: t.co
URL: https://t.co/MVbNeqV8MT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.10 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-10.fra56.r.cloudfront.net

Software

Resource Hash

f72ac0d9e398ea0ccdcb3980f84084e14d7275b68da6b6b6fb77e6cfdc120c1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Fri, 01 Sep 2023 08:18:44 GMT
via: 1.1 3aad72975c9da06e6d0903ad874f0b54.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/3bcc5f455d92031a15c789f5feb4e68b
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
x-amz-cf-id: GNrx39IF18WFaIC1B2Bl_3aTKQIJhEsJ0pG4WATgl5N2bYmjwyjE-Q==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 250 KB
85 KB 24ms
23ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-M2K2VMB2HV&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5X55QVN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a650ac58d932df0dec0df72ed19c97a552def9d82fcd5e3a3849aa98f88a9fb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 87032
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 01 Sep 2023 08:18:44 GMT

GET
H2

200

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/px?id=1576800&t=2
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1576800%26t%3D2

43 B
842 B

25ms
18ms

Image
image/gif

185.89.211.116
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1576800%26t%3D2

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Server

185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Sep 2023 08:18:44 GMT
an-x-request-uuid: 8b223a21-0ac6-4b40-9519-89d098cc94e5
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 80.255.10.205; 80.255.10.205; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Sep 2023 08:18:44 GMT
an-x-request-uuid: ad356f05-94ab-4f1a-84a1-39553e63a13b
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1576800%26t%3D2
cache-control: no-store, no-cache, private
x-proxy-origin: 80.255.10.205; 80.255.10.205; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 147ms
117ms Script
application/javascript 2606:4700::6811:5b9a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7602761.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:5b9a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

026c249acda71b64fe2510542d88ae26073694f89b595b1fd0e9f3ad501bf6b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://analyst1.com/
Origin: https://analyst1.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:44 GMT
x-amz-version-id: EcjZkyUfgxNGQ.xnv1Vqq9Oda2f1T.dE
via: 1.1 3c43e000c50d5633eb558057710f3c54.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-amz-cf-pop: IAD12-P3
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: a6161b5a-5832-4346-81cc-dc5630a6cae2
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.394/bundles/project.js&cfRay=7ffc15967eb72bc5-FRA
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 2
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a6161b5a-5832-4346-81cc-dc5630a6cae2
last-modified: Wed, 09 Aug 2023 09:05:38 UTC
server: cloudflare
etag: W/"6fb5b8aa66d730f2a49b41a9c712ffa7"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
x-hs-cache-status: HIT
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-2zr9h
cf-ray: 7ffc15967eb72bc5-FRA
x-amz-cf-id: U9QrJjBam0QMcH0F5n3Zdl2WvMj-vShSKFGiSpmlfYA4w4p1gSuIQA==
x-hs-target-asset: collected-forms-embed-js/static-1.394/bundles/project.js

GET
H2 200 7602761.js Show response
js.hs-banner.com/ 61 KB
16 KB 167ms
140ms Script
text/javascript 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/7602761.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7602761.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8b1bb95e70bb91da5ec8e5388576319b0ea0b2b2609a97faa08200daf917c51e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:45 GMT
x-amz-version-id: lFosE6Ehk.jiwQclvKTUAtTewjEZ6g6T
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: RB6QMTEZ4N36N5NF
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: a4f7411b-f700-404f-b37e-c24d43e5151f
x-envoy-upstream-service-time: 36
x-amz-id-2: tKyjwh6xFjfUxpZW0sjSD1H+VDdBjGgpbERHVW/Tondw7PcHFeOjXEzGfuUviHqw7ENlPb/EYp8=
x-evy-trace-listener: listener_https
x-request-id: a4f7411b-f700-404f-b37e-c24d43e5151f
x-evy-trace-route-configuration: listener_https/all
last-modified: Fri, 21 Apr 2023 13:49:17 GMT
server: cloudflare
etag: W/"a68b80203ae8fe9ba6038c93657c50ea"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://analyst1.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-qh8zw
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 7ffc1596bf504d64-FRA
expires: Fri, 01 Sep 2023 08:23:44 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
3 KB 44ms
15ms Script
application/javascript 2606:4700::6811:e3a3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7602761.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:e3a3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

13a212c6b892024aae8c2db3d8cf9a5ec7d7f0f86948669384001e375a55edb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:44 GMT
x-amz-version-id: ejB.A_S_mq2WBFqiJyHsLYTQXyGD1Wjj
via: 1.1 9d2dee9b44718f249b789987d2cbe62c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 397
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.406/bundles/pixels-release.js&cfRay=7ffc0be009839b9e-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 4a4ac2fe-7929-4eb2-894e-7627cb48371c
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 2
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 4a4ac2fe-7929-4eb2-894e-7627cb48371c
last-modified: Mon, 28 Aug 2023 04:02:35 UTC
server: cloudflare
etag: W/"0d4f9e1a24521caddccf596277344ec4"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-p2dkf
cf-ray: 7ffc1596b84c0493-FRA
x-amz-cf-id: eOV4SU5WDjS8FKC-x-DAaDG9dQb07Vjt-A-nYNkAW9EKh27eyOdf5w==
x-hs-target-asset: adsscriptloaderstatic/static-1.406/bundles/pixels-release.js

GET
H2 200 7602761.js Show response
js.hs-analytics.net/analytics/1693556100000/ 66 KB
21 KB 176ms
150ms Script
text/javascript 2606:4700::6810:4dba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1693556100000/7602761.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7602761.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:4dba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 748c4e07de671a0d0af075f9811a09144741c8cf6bf243470dc1d1193276062e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:45 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: NFH5YTBA3TPDYW7R
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 2b9ed52a-edbb-44de-a628-575f786f07ce
x-envoy-upstream-service-time: 26
x-amz-id-2: LGyqaJVwf+C7oAGIcZ6/RVZWNf4nujZ0TKxn40erUoAkKhEgLeq/fbY0SUOH+4QpYhXwCANepN0=
x-evy-trace-listener: listener_https
x-request-id: 2b9ed52a-edbb-44de-a628-575f786f07ce
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 14 Aug 2023 15:43:22 GMT
server: cloudflare
etag: W/"36c5a27e6d4bb3d6530893779578174b"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-wrchw
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 7ffc1596b9cc35e5-FRA
expires: Fri, 01 Sep 2023 08:23:44 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
251 B 43ms
15ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-M2K2VMB2HV&gtm=45je38u0&_p=525930159&_gaz=1&cid=356397846.1693556325&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1693556324&sct=1&seg=0&dl=https%3A%2F%2Fanalyst1.com%2Fransomware-diaries-volume-3-lockbits-secrets%2F&dr=https%3A%2F%2Ft.co%2F&dt=Ransomware%20Diaries%20V.%203%3A%20LockBit%27s%20Secrets&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-M2K2VMB2HV&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Sep 2023 08:18:44 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://analyst1.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
251 B 59ms
19ms Ping
text/plain 2a00:1450:400c:c0b::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-M2K2VMB2HV&cid=356397846.1693556325&gtm=45je38u0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-M2K2VMB2HV&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0b::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Sep 2023 08:18:44 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://analyst1.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 58ms
31ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-M2K2VMB2HV&cid=356397846.1693556325&gtm=45je38u0&aip=1&z=1898501110

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Sep 2023 08:18:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 8ms
8ms Script
application/x-javascript 2a02:26f0:3100::1735:2a09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:2a09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 28 Aug 2023 12:14:15 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=66406
accept-ranges: bytes
content-length: 4862

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 129ms
103ms Image
image/gif 151.101.1.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1693556324946&id=t2_l0gvgzka&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=505f1aca-5d73-4162-bd8b-a118bf8723a8&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_f5bd31b2
Requested by: Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:45 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 modules.cf97ff05ad84a23ed648.js Show response
script.hotjar.com/ 223 KB
55 KB 43ms
11ms Script
application/javascript 52.222.236.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.cf97ff05ad84a23ed648.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2795099.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.74 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-74.fra56.r.cloudfront.net

Software

Resource Hash

f0e777bd6d46a2a9ebc6f4986220f92537ee8e651a5fa0cadddb68db76c902b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Thu, 31 Aug 2023 07:47:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 f8f9f25f837c0ce4e62b6d917642b56a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 88299
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 55589
last-modified: Thu, 31 Aug 2023 07:46:51 GMT
etag: "c7ffb330d237572130639bc2e4598cba"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: 7a79SAHDddF7GjK5fMjOqHZhU8jkuOPXUJWHOzI3MRtvLGOFVpNDhQ==

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
206 B 16ms
15ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=525930159&t=pageview&_s=1&dl=https%3A%2F%2Fanalyst1.com%2Fransomware-diaries-volume-3-lockbits-secrets%2F&dr=https%3A%2F%2Ft.co%2F&ul=en-us&de=UTF-8&dt=Ransomware%20Diaries%20V.%203%3A%20LockBit%27s%20Secrets&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=1954957656&gjid=1467902808&cid=356397846.1693556325&tid=UA-166324371-1&_gid=126525237.1693556325&_r=1&_slc=1&gtm=45He38u0n815X55QVN&z=879590818

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://analyst1.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 01 Sep 2023 08:18:44 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://analyst1.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/481621745/ 42 B
455 B 53ms
20ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/481621745/?random=1693556324823&cv=11&fst=1693555200000&bg=ffffff&guid=ON&async=1&gtm=45He38u0&u_w=1600&u_h=1200&url=https%3A%2F%2Fanalyst1.com%2Fransomware-diaries-volume-3-lockbits-secrets%2F&ref=https%3A%2F%2Ft.co%2F&frm=0&tiba=Ransomware%20Diaries%20V.%203%3A%20LockBit%27s%20Secrets&fmt=3&is_vtc=1&random=4125964617&rmt_tld=0&ipr=y

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Sep 2023 08:18:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/481621745/ 42 B
154 B 33ms
31ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/481621745/?random=1693556324823&cv=11&fst=1693555200000&bg=ffffff&guid=ON&async=1&gtm=45He38u0&u_w=1600&u_h=1200&url=https%3A%2F%2Fanalyst1.com%2Fransomware-diaries-volume-3-lockbits-secrets%2F&ref=https%3A%2F%2Ft.co%2F&frm=0&tiba=Ransomware%20Diaries%20V.%203%3A%20LockBit%27s%20Secrets&fmt=3&is_vtc=1&random=4125964617&rmt_tld=1&ipr=y

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Sep 2023 08:18:44 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
466 B 110ms
109ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=20973056&r=1693556324971&ref=https%3A%2F%2Fanalyst1.com%2Fransomware-diaries-volume-3-lockbits-secrets%2F&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 20973056
Referer: https://analyst1.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:45 GMT
via: 1.1 google
x-guploader-uploadid: ADPycdtV-TcQD5H58mxbrqb38YUDJBv1HP2lSpcSUFQHFL6hyAhKautoM0YX5WKGb17KRQJ1LBmXo9ObvTJfmDpVHVip8Q
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Fri, 01 Sep 2023 09:18:45 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 149ms
110ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=20973056&r=1693556324971&ref=https%3A%2F%2Fanalyst1.com%2Fransomware-diaries-volume-3-lockbits-secrets%2F&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://analyst1.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 01 Sep 2023 08:18:45 GMT
expires: Fri, 01 Sep 2023 08:18:45 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ADPycds4cVFKmyUnPP1MdLYuK0-u0iZfjioP8rbjlRNkhjX29okxuHBXQdo4foFeoILLQ9uIeKZXPtyYRACgQH5P27aumSFhC2cq

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 23ms
23ms XHR
text/plain 2a00:1450:400c:c0b::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-166324371-1&cid=356397846.1693556325&jid=1954957656&gjid=1467902808&_gid=126525237.1693556325&_u=YADAAEAAAAAAACAAI~&z=1132875200

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0b::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://analyst1.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 01 Sep 2023 08:18:45 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://analyst1.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/3412169/domain/analyst1.com/ 36 B
375 B 64ms
22ms XHR
application/json 2600:9000:20eb:7a00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/3412169/domain/analyst1.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:7a00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://analyst1.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:16:42 GMT
content-encoding: gzip
via: 1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 123
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: MyySyl6lktOzOjXGbJRdwjjhBFoVe6QIxJNkeXqQX90hkfZwIJgbgA==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/3412169/domain/analyst1.com/ 36 B
372 B 69ms
29ms XHR
application/json 2600:9000:20eb:7a00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/3412169/domain/analyst1.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:7a00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://analyst1.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:16:42 GMT
content-encoding: gzip
via: 1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 123
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: 5lSMYvXQkwipYgSndxViILHXY04JKS8c1VYgneezGcLypocKqwD3OQ==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/3412169/domain/analyst1.com/ 36 B
373 B 63ms
29ms XHR
application/json 2600:9000:20eb:7a00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/3412169/domain/analyst1.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:7a00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://analyst1.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:16:42 GMT
content-encoding: gzip
via: 1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 123
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: ODPYuIQhBMx5O0JmxsJw4nji7rTqHwxOGnOeyfpA_a3BrUZ3YYHFqg==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/3412169/domain/analyst1.com/ 36 B
372 B 62ms
28ms XHR
application/json 2600:9000:20eb:7a00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/3412169/domain/analyst1.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:7a00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://analyst1.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:16:42 GMT
content-encoding: gzip
via: 1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 123
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: 5K5k68iniDxFZ2XFazGQim9vfZPPzGhVE8Pfo_LTA35RQGI2taPfEg==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3412169&time=1693556325000&url=https%3A%2F%2Fanalyst1.com%2Fransomware-diaries-volume-3-lockbits-secrets%2F&tm=gtmv2
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3412169&time=1693556325000&url=https%3A%2F%2Fanalyst1.com%2Fransomware-diaries-volume-3-lockbits-secrets%2F&tm=gtmv2&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3412169%26time%3D1693556325000%26url%3Dhttps%253A%252F%252Fanalyst1.com%252Franso...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3412169&time=1693556325000&url=https%3A%2F%2Fanalyst1.com%2Fransomware-diaries-volume-3-lockbits-secrets%2F&tm=gtmv2&cookiesTest=true&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3412169&time=1693556325000&url=https%3A%2F%2Fanalyst1.com%2Fransomware-diaries-volume-3-lockbits-secrets%2F&tm=gtmv2&cookiesTest=true&liSync=true...

0
266 B

185ms
149ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3412169&time=1693556325000&url=https%3A%2F%2Fanalyst1.com%2Fransomware-diaries-volume-3-lockbits-secrets%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQKth9DfMKKA3QAAAYpP0r1fat5C3i_54dUI0iUm3uvEHbJzRHpcMfUQ6oD3Vize
Requested by: Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:45 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: BB0417E2EBA04C40B837E7F9B1F8B2E9 Ref B: DUS30EDGE0817 Ref C: 2023-09-01T08:18:45Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYER882eRZLlTdneh1jKA==

Redirect headers

date: Fri, 01 Sep 2023 08:18:45 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 3B0CF74F3E4844EABDF816EE6BC5EC5F Ref B: FRAEDGE1112 Ref C: 2023-09-01T08:18:45Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3412169&time=1693556325000&url=https%3A%2F%2Fanalyst1.com%2Fransomware-diaries-volume-3-lockbits-secrets%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQKth9DfMKKA3QAAAYpP0r1fat5C3i_54dUI0iUm3uvEHbJzRHpcMfUQ6oD3Vize
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYER88zn+bnT5Tf/XXWoQ==

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 100ms
99ms Stylesheet
text/css 52.58.93.237
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.58.93.237 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-93-237.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: d3b64adf949a01915c03bae247c1cbdd6f188e488e4fd7fdc349942b2a691fd5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 01 Sep 2023 08:18:45 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 141ms
98ms Fetch
image/jpeg 52.58.93.237
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.58.93.237 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-93-237.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 01 Sep 2023 08:18:45 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/3412169/domain/analyst1.com/ 36 B
372 B 30ms
16ms XHR
application/json 2600:9000:20eb:7a00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/3412169/domain/analyst1.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:7a00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://analyst1.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:16:42 GMT
content-encoding: gzip
via: 1.1 41f60102fc29156bc5001d6646f75c02.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 123
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: NrN_m7PSOQ8SKTFmTisBUJlHH0HwNj11re3Xy7O7dAM3LhYje0tDeA==

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 53ms
39ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-166324371-1&cid=356397846.1693556325&jid=1954957656&_u=YADAAEAAAAAAACAAI~&z=1791300860

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Sep 2023 08:18:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 55ms
42ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-166324371-1&cid=356397846.1693556325&jid=1954957656&_u=YADAAEAAAAAAACAAI~&z=1791300860

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Sep 2023 08:18:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
t.influ2.com/u/ 63 B
319 B 191ms
127ms XHR
text/plain 2a00:1450:4001:806::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.influ2.com/u/?cb=1693556325096
Requested by: Host: www.influ2.com
URL: https://www.influ2.com/tracker?clid=19622639-70cd-43f9-ad54-eb46578774f0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:806::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 387bf955126a0edd3c0773c4e3cb9f6f21c46b4e15aacd295debc7bf25a1fcbd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-origin: https://analyst1.com
date: Fri, 01 Sep 2023 08:18:45 GMT
content-encoding: gzip
access-control-allow-credentials: true
via: 1.1 google
vary: Accept-Encoding
content-type: text/plain; charset=utf-8

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 115 B
454 B 125ms
125ms XHR
application/json 2606:4700::6811:5b9a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=7602761&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:5b9a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd2c45ebab0309ad0e5e607793c7eb2ea9f88bde585bc1d64b406ab87bc019bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://analyst1.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 65eaad52-dcf3-4029-bd7a-8dd329d4ef2a
x-envoy-upstream-service-time: 11
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 65eaad52-dcf3-4029-bd7a-8dd329d4ef2a
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://analyst1.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-lhvpx
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 7ffc1598fa692bc5-FRA

POST
H2 404 csp-report
analyst1.com/ 105 KB
22 KB 717ms
717ms Other
text/html 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://analyst1.com/csp-report
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.cf97ff05ad84a23ed648.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 142be53b91aaf22b5282f6261f4a33ba43fd7088ef700a200ac47efe0bc91d25

Request headers

Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type: application/csp-report

Response headers

cf-edge-cache: cache,platform=wordpress
date: Fri, 01 Sep 2023 08:18:45 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
age: 0
vary: Accept-Encoding
x-cache: MISS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
x-url: /csp-report
cache-control: no-cache, must-revalidate, max-age=0
x-host: analyst1.com
cf-ray: 7ffc1598fd221c05-FRA
expires: Wed, 11 Jan 1984 05:00:00 GMT

POST
H2 200 / Show response
content.hotjar.io/ 56 B
161 B 208ms
91ms XHR
application/json 54.155.111.130
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.hotjar.io/?gzip=1
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.cf97ff05ad84a23ed648.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.155.111.130 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-155-111-130.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: bdfe3d5a499850ecd38f84e084bc4868b0373686754ebd92096476ff2b0ac72e

Request headers

Referer: https://analyst1.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Fri, 01 Sep 2023 08:18:45 GMT
content-length: 56
vary: Origin
content-type: application/json

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 114 B
1 KB 300ms
273ms XHR
application/json 2606:4700::6811:cbcc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=7602761

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:cbcc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

35cb86d608e029086857198c50969d59aec1456d1cc0a4ea38e9f20c2c37761a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 48fb3964-669b-4271-894f-2b4b03afbe92
content-encoding: br
x-envoy-upstream-service-time: 7
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 48fb3964-669b-4271-894f-2b4b03afbe92
server: cloudflare
x-trace: 2B9B4A3ADE32A91D72D64FDE98B161C18FA6CDC8B8000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://analyst1.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6c94986c56-hqv97
access-control-max-age: 180
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dfHPc%2BB3Tk5UxzBWQg99mAE3NxXv0kso5ghuQuYYrEvsOlDgnzx9UVQ5vaC%2BwoDEQ2my1bn%2Fx5%2BPDnA8kl3NceXtSYoR1mfGIucmyEWmLfoeJIJlAUpyfrI4fp6ey%2FVX4G5fCpMJcDpdSF2b"}],"group":"cf-nel","max_age":604800}
cf-ray: 7ffc1599688a993f-FRA
access-control-allow-headers: *

POST
H2 404 csp-report
analyst1.com/ 105 KB
22 KB 563ms
562ms Other
text/html 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://analyst1.com/csp-report
Requested by: Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a32c7a1e8f21d674c0524118f13e2ea9d98e56fa8b2c0ba759fa002b897960da

Request headers

Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type: application/csp-report

Response headers

cf-edge-cache: cache,platform=wordpress
date: Fri, 01 Sep 2023 08:18:45 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
age: 0
vary: Accept-Encoding
x-cache: MISS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
x-url: /csp-report
cache-control: no-cache, must-revalidate, max-age=0
x-host: analyst1.com
cf-ray: 7ffc15997def1c05-FRA
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
BLOB 200
OK 4c69757a-da98-4540-945b-65d197065d2d
https://analyst1.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://analyst1.com/4c69757a-da98-4540-945b-65d197065d2d
Requested by: Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 116 B
307 B 99ms
98ms XHR
text/plain 52.58.93.237
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=FtCyemTrdDmd32raE4rsyg&is_js=true&landing_url=https%3A%2F%2Fanalyst1.com%2Fransomware-diaries-volume-3-lockbits-secrets%2F&t=Ransomware%20Diaries%20V.%203%3A%20LockBit%27s%20Secrets&tip=LA1PuotfCrvBMhxEfO4h4ySp2oy0tobsciG82QO8LYo&host=https://analyst1.com&sa_conv_data_css_value=%270-0f71840c-5471-5da1-5f3a-09412cad5991%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd90f71840c54715da15f3a09412cad599150ff0acd&sa-user-id-v3=s%253AAQAKIE5XVrVva16qb5ECRMugLQu3wpQWh_1U3ub5MZSOorisEHwYBCDkvManBjABOgRDMKv5QgSfMtMW.7hnwLSMAxJKxrt75AswT64GXzl7M2qU2rKAwyOFpxaQ&sa-user-id-v2=s%253AD3GEDFRxXaFfOglBLK1ZkVD_Cs0.iPSNVofU1q21OJQoU7GlH%252FZ7h0qTQcGXsBsAiW66ukw&sa-user-id=s%253A0-0f71840c-5471-5da1-5f3a-09412cad5991.KoRVNwZj4f75qyycvc%252Fc8UCM2HsiAjTlAaX5VDW%252Bn58
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.58.93.237 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-93-237.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 3ab6467049bbcbcb72dcc5cf702c37968c7ae0f5343625ec2b0203c0d4af1b75

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

access-control-allow-origin: https://analyst1.com
date: Fri, 01 Sep 2023 08:18:45 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 116
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
H/1.1 200
OK counters.gif
forms.hsforms.com/embed/v3/ 35 B
1016 B 137ms
116ms Image
image/gif 2606:4700::6812:a07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date: Fri, 01 Sep 2023 08:18:45 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 60c42a93-efd1-4586-8bb8-9601625bbd72
x-envoy-upstream-service-time: 4
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 60c42a93-efd1-4586-8bb8-9601625bbd72
Server: cloudflare
X-Trace: 2B366BCB391F8721039E092538284EEBB14D9C58CD000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-6xsfj
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 7ffc1599eb0c2bc3-FRA

GET
H2 200 schema Show response
analyst1.com/wp-json/contact-form-7/v1/contact-forms/456/feedback/ 235 B
494 B 596ms
595ms Fetch
application/json 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://analyst1.com/wp-json/contact-form-7/v1/contact-forms/456/feedback/schema

Requested by

Host: analyst1.com
URL: https://analyst1.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d410952265550c9b59b6c3a7df69b9084581ef2d1b012b98a5b660b744c2cd1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, */*;q=0.1
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

cf-edge-cache: cache,platform=wordpress
date: Fri, 01 Sep 2023 08:18:46 GMT
content-encoding: br
x-content-type-options: nosniff, nosniff
cf-cache-status: DYNAMIC
x-cacheable: YES:Forced
age: 0
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: MISS
x-url: /wp-json/contact-form-7/v1/contact-forms/456/feedback/schema
x-host: analyst1.com
x-xss-protection: 1; mode=block
server: cloudflare
allow: GET
vary: Origin, Accept-Encoding
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
x-frame-options: SAMEORIGIN
x-robots-tag: noindex
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
cf-ray: 7ffc159a0e901c05-FRA

GET
H2 200 RD3-PART-I-1024x748.png
analyst1.com/wp-content/uploads/2023/08/ 69 KB
70 KB 18ms
17ms Image
image/png 2606:4700:10::6816:34bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analyst1.com/wp-content/uploads/2023/08/RD3-PART-I-1024x748.png

Requested by

Host: analyst1.com
URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:34bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c996a584c1955880f48cf8c06d83cb695dbe2172d7c66924a6c1fcda22624e15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-cache-hits: 33
date: Fri, 01 Sep 2023 08:18:45 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 77164
cf-polished: origSize=71797
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
x-cache: HIT
x-url: /wp-content/uploads/2023/08/RD3-PART-I-1024x748.png
x-host: analyst1.com
content-length: 70835
x-xss-protection: 1; mode=block
cf-bgj: imgq:100,h2pri
last-modified: Mon, 14 Aug 2023 18:23:49 GMT
server: cloudflare
etag: "64da7135-11875"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7ffc159a5ece1c05-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 1 KB
1 KB 8ms
7ms Script
application/javascript 2a02:26f0:3100::1735:2a09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:2a09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

292f853f9ef0e448c5536987fe87197f401bafcde3e0857e17de1f0676f5b2eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:45 GMT
x-content-type-options: nosniff
last-modified: Wed, 30 Aug 2023 18:41:20 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
content-type: application/javascript;charset=utf-8
cache-control: max-age=28641
accept-ranges: bytes
content-length: 1046

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 9ms
8ms Script
application/x-javascript 2a02:26f0:3100::1735:2a09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:2a09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 28 Aug 2023 12:14:15 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=66405
accept-ranges: bytes
content-length: 4862

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
1 KB 149ms
129ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1966805734&v=1.1&a=7602761&ct=blog-post&rcu=https%3A%2F%2Fanalyst1.com%2Fransomware-diaries-volume-3-lockbits-secrets%2F&r=https%3A%2F%2Ft.co%2F&pu=https%3A%2F%2Fanalyst1.com%2Fransomware-diaries-volume-3-lockbits-secrets%2F&t=Ransomware+Diaries+V.+3%3A+LockBit%27s+Secrets&cts=1693556325989&vi=55499e47576a3e18e98cd6ff1756e0e5&nc=true&u=44537595.55499e47576a3e18e98cd6ff1756e0e5.1693556325986.1693556325986.1693556325986.1&b=44537595.1.1693556325986&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://analyst1.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 08:18:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: a6843d1e-b811-4e69-8b96-1e3762d6b3f9
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 10
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a6843d1e-b811-4e69-8b96-1e3762d6b3f9
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B%2BieSNp4dwTB%2BO%2BBMBLt7tYfjLqDK5NaCOINw0fhk4QCdyBzyLh47Eo4ySY1AWCOhX02yk0gii6mhCSRp9dG5ivwSrOXFYzJIb751%2FpRU%2Bt0EBiRVQdGspcB1Dtsc6GTmN8uFbmX%2BpIC%2BXI8FUsK"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8555d4b97d-krkn8
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7ffc159d9ee291db-FRA
x-robots-tag: none

Verdicts & Comments Add Verdict or Comment

74 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

44 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.t.co/	1970-01-20 23:56:10	Name: muc Value: e813be1e-cf33-477b-8e16-7b7d02813454
.analyst1.com/	1970-01-20 16:35:32	Name: _gcl_au Value: 1.1.1320954378.1693556325
.adnxs.com/	1970-01-20 16:35:32	Name: uuid2 Value: 1766296888944605675
.analyst1.com/	1970-01-21 00:01:56	Name: _ga_M2K2VMB2HV Value: GS1.1.1693556324.1.0.1693556324.60.0.0
.doubleclick.net/	1970-01-20 14:25:57	Name: test_cookie Value: CheckForPermission
.techtarget.com/	1970-01-20 14:25:58	Name: __cf_bm Value: ce9UIo.HcPr5lC8RTMAdzF9JCFegN5g_B.iGBvvvUpQ-1693556324-0-AdWYtntIazBif2MbAyIishXH9IitC5P7tFvVm54iV5EDXR10JdAeBuGakzBaQlJdXO8EuoO466muD4E+apU3zi4=
.analyst1.com/	1970-01-20 16:35:32	Name: _rdt_uuid Value: 1693556324945.505f1aca-5d73-4162-bd8b-a118bf8723a8
.analyst1.com/	1970-01-21 00:01:56	Name: _ga Value: GA1.2.356397846.1693556325
.analyst1.com/	1970-01-20 14:27:22	Name: _gid Value: GA1.2.126525237.1693556325
.adnxs.com/	1970-01-20 16:35:32	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2E?_FCynI!@wnf-Te9(>wL5L!!'bo$qow-
.analyst1.com/	1970-01-20 14:25:56	Name: _gat_UA-166324371-1 Value: 1
tags.srv.stackadapt.com/	1970-01-20 23:11:32	Name: sa-user-id Value: s%3A0-0f71840c-5471-5da1-5f3a-09412cad5991.KoRVNwZj4f75qyycvc%2Fc8UCM2HsiAjTlAaX5VDW%2Bn58
.srv.stackadapt.com/	1970-01-20 23:11:32	Name: sa-user-id Value: s%3A0-0f71840c-5471-5da1-5f3a-09412cad5991.KoRVNwZj4f75qyycvc%2Fc8UCM2HsiAjTlAaX5VDW%2Bn58
tags.srv.stackadapt.com/	1970-01-20 23:11:32	Name: sa-user-id-v2 Value: s%3AD3GEDFRxXaFfOglBLK1ZkVD_Cs0.iPSNVofU1q21OJQoU7GlH%2FZ7h0qTQcGXsBsAiW66ukw
.srv.stackadapt.com/	1970-01-20 23:11:32	Name: sa-user-id-v2 Value: s%3AD3GEDFRxXaFfOglBLK1ZkVD_Cs0.iPSNVofU1q21OJQoU7GlH%2FZ7h0qTQcGXsBsAiW66ukw
tags.srv.stackadapt.com/	1970-01-20 23:11:32	Name: sa-user-id-v3 Value: s%3AAQAKIE5XVrVva16qb5ECRMugLQu3wpQWh_1U3ub5MZSOorisEHwYBCDkvManBjABOgRDMKv5QgSfMtMW.7hnwLSMAxJKxrt75AswT64GXzl7M2qU2rKAwyOFpxaQ
.srv.stackadapt.com/	1970-01-20 23:11:32	Name: sa-user-id-v3 Value: s%3AAQAKIE5XVrVva16qb5ECRMugLQu3wpQWh_1U3ub5MZSOorisEHwYBCDkvManBjABOgRDMKv5QgSfMtMW.7hnwLSMAxJKxrt75AswT64GXzl7M2qU2rKAwyOFpxaQ
analyst1.com/	1970-01-20 23:11:32	Name: sa-user-id Value: s%253A0-0f71840c-5471-5da1-5f3a-09412cad5991.KoRVNwZj4f75qyycvc%252Fc8UCM2HsiAjTlAaX5VDW%252Bn58
analyst1.com/	1970-01-20 23:11:32	Name: sa-user-id-v2 Value: s%253AD3GEDFRxXaFfOglBLK1ZkVD_Cs0.iPSNVofU1q21OJQoU7GlH%252FZ7h0qTQcGXsBsAiW66ukw
analyst1.com/	1970-01-20 23:11:32	Name: sa-user-id-v3 Value: s%253AAQAKIE5XVrVva16qb5ECRMugLQu3wpQWh_1U3ub5MZSOorisEHwYBCDkvManBjABOgRDMKv5QgSfMtMW.7hnwLSMAxJKxrt75AswT64GXzl7M2qU2rKAwyOFpxaQ
analyst1.com/	1970-01-20 14:27:22	Name: ln_or Value: eyIzNDEyMTY5IjoiZCJ9
.analyst1.com/	1970-01-20 23:11:32	Name: _hjSessionUser_2795099 Value: eyJpZCI6IjVmNmNhNzdkLWE5OGMtNTZjNS1hNDE3LWM3Y2RjZjE4Y2YzMiIsImNyZWF0ZWQiOjE2OTM1NTYzMjUxMzcsImV4aXN0aW5nIjpmYWxzZX0=
.analyst1.com/	1970-01-20 14:25:58	Name: _hjFirstSeen Value: 1
.analyst1.com/	1970-01-20 14:25:56	Name: _hjIncludedInSessionSample_2795099 Value: 1
.analyst1.com/	1970-01-20 14:25:58	Name: _hjSession_2795099 Value: eyJpZCI6IjAxZDQ1ODNjLTBmOGYtNDk5Yi04YTc4LWJhNTk2NDQzYjUxYSIsImNyZWF0ZWQiOjE2OTM1NTYzMjUxMzksImluU2FtcGxlIjp0cnVlfQ==
.analyst1.com/	1970-01-20 14:25:58	Name: _hjAbsoluteSessionInProgress Value: 0
.linkedin.com/	1970-01-20 16:35:32	Name: li_sugr Value: 09ed6dfd-cbf7-410c-ba6c-28923ad141d1
.linkedin.com/	1970-01-20 23:11:32	Name: bcookie Value: "v=2&8038787e-cf35-4ad0-8912-030fbf01508a"
.linkedin.com/	1970-01-20 14:27:22	Name: lidc Value: "b=TGST03:s=T:r=T:a=T:p=T:g=3039:u=1:x=1:i=1693556325:t=1693642725:v=2:sig=AQGNNSmq_SFVXBRtXc9LpdbMd8eTJeFn"
.influ2.com/	1970-01-20 23:11:32	Name: R Value: 57677b7e8afb644755ca6ada
.linkedin.com/	1970-01-20 15:09:08	Name: UserMatchHistory Value: AQJVDCFQLA3DwwAAAYpP0rwUcdR2lsFtDZsw22LnoJpQNBifby0TJx82ahi9z6N0tsEYaPuGLs_koA
.linkedin.com/	1970-01-20 15:09:08	Name: AnalyticsSyncHistory Value: AQKw4gXlaFTuZAAAAYpP0rwU1XRIhqcl_wVKp-bcDYqzmG76OCER7Rh0_oj2s9jI61xQMdb5lgDX1jAKV9msqw
.analyst1.com/	1969-12-31 23:59:59	Name: referer_url Value: "https://t.co/"
.analyst1.com/	1969-12-31 23:59:59	Name: utm_campaign Value: null
.analyst1.com/	1969-12-31 23:59:59	Name: utm_medium Value: null
.analyst1.com/	1969-12-31 23:59:59	Name: utm_source Value: null
.analyst1.com/	1969-12-31 23:59:59	Name: utm_term Value: null
.www.linkedin.com/	1970-01-20 23:11:32	Name: bscookie Value: "v=1&2023090108184565c88196-cbde-499d-873e-d41e7ab9d44bAQGYyQobiAMprA6NK2dEkn-XnTikwfAe"
.linkedin.com/	1970-01-20 18:45:08	Name: li_gc Value: MTswOzE2OTM1NTYzMjU7MjswMjGcODEJhoiMlSzjala3IjTQOaI5joDQ8Py+Qi+H9kSsLQ==
.analyst1.com/	1970-01-20 18:45:08	Name: __hstc Value: 44537595.55499e47576a3e18e98cd6ff1756e0e5.1693556325986.1693556325986.1693556325986.1
.analyst1.com/	1970-01-20 18:45:08	Name: hubspotutk Value: 55499e47576a3e18e98cd6ff1756e0e5
.analyst1.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.analyst1.com/	1970-01-20 14:25:58	Name: __hssc Value: 44537595.1.1693556325986
.hubspot.com/	1970-01-20 14:25:58	Name: __cf_bm Value: 14HgKf17u3r1NaYEtR9KS4sWURAXKYTKt29y5v3yQG4-1693556326-0-AcOa743ypwPU/VTDLaRYkb9JUtpFFkzhSHRnhDx6n0sAV/5iTo2j+MGeVmRuWDCFSemwauEYwbdC7UNAIvPixsE=

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://script.hotjar.com/modules.cf97ff05ad84a23ed648.js(Line 1) Message: [Report Only] Refused to connect to 'wss://ws.hotjar.com/api/v2/client/ws' because it violates the following Content Security Policy directive: "default-src https:". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/ Message: [Report Only] Refused to load the image 'blob:https://analyst1.com/4c69757a-da98-4540-945b-65d197065d2d' because it violates the following Content Security Policy directive: "img-src https: data:".
network	error	URL: https://analyst1.com/csp-report Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://analyst1.com/csp-report Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

alb.reddit.com
analyst1.com
api.hubapi.com
cdn.linkedin.oribi.io
content.hotjar.io
fonts.googleapis.com
fonts.gstatic.com
forms.hscollectedforms.net
forms.hsforms.com
googleads.g.doubleclick.net
ibc-flow.techtarget.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hscollectedforms.net
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
script.hotjar.com
secure.adnxs.com
snap.licdn.com
static.addtoany.com
static.hotjar.com
stats.g.doubleclick.net
t.co
t.influ2.com
tags.srv.stackadapt.com
track.hubspot.com
trk.techtarget.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.influ2.com
www.linkedin.com
www.redditstatic.com
104.244.42.5
13.107.42.14
151.101.1.140
18.66.97.10
185.89.211.116
2001:4860:4802:32::36
2600:9000:20eb:7a00:2:53b2:240:93a1
2606:4700:10::6816:34bf
2606:4700:10::6816:46c5
2606:4700:4400::6812:22e5
2606:4700:4400::ac40:973c
2606:4700::6810:4dba
2606:4700::6810:bf59
2606:4700::6811:5b9a
2606:4700::6811:cbcc
2606:4700::6811:e3a3
2606:4700::6812:a07d
2606:4700::6813:9a53
2620:1ec:21::14
2a00:1450:4001:803::200a
2a00:1450:4001:806::2013
2a00:1450:4001:812::2008
2a00:1450:4001:812::200e
2a00:1450:4001:813::2002
2a00:1450:4001:828::2004
2a00:1450:4001:82b::2003
2a00:1450:4001:830::2003
2a00:1450:400c:c0b::9b
2a02:26f0:3100::1735:2a09
2a04:4e42:200::396
34.107.254.219
34.111.208.231
52.222.236.74
52.58.93.237
54.155.111.130
026c249acda71b64fe2510542d88ae26073694f89b595b1fd0e9f3ad501bf6b4
05d18955853a018a783dde77bcf072fb4e36df5bffafefb7be0e5e97411ab092
0b281bf2f4179c06ba68f0a427f2341287c41eacc2ce9d534c6f5c513ac633fb
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0d2fe9ed896910208d98311180bfb7fb293972197e887803dce5bbf5b242c207
0fea30e85a1d525bb37a85eeebb9b9edbf0eb8318aaaa8b40f24e8ab2c4fa2d4
0ff8e4b5b9f5ff680c854dbc1ae0bc31541871b7e8f5487a9b761a39043e061c
1060091178cbd6c843b802f516f230f1a3a1e85f1afbd6ef84d80e5430ba457e
10cf7df99fd57a9c91e2363b1583ddb35d143edd83f724e036585894cd6b38ac
13a212c6b892024aae8c2db3d8cf9a5ec7d7f0f86948669384001e375a55edb5
142be53b91aaf22b5282f6261f4a33ba43fd7088ef700a200ac47efe0bc91d25
15684309274ca43c5240c88c5be2c9ed2f56ed2b38d0367dc372760f9e287c50
1b613be485aa6ffb2f61ebffb9331daa748d0909db5fc801f2948bbc1c1b7d11
23ab74b17e5f78a087aa72353bbd320721c2a6aff37f13a034aaa72e12f60336
26ade2fe0731e7a4f5ae43fa5c0b0e556eb06dcbcc9579715965348263ddf388
279ea3ccb433eb3d011d2521acf88a23512f97d39ec542f315368dddcca91d6e
28480d2cf0daf7c3e1e9eb2248c2a87467472c427f6586c595a50bf36995c4ab
292f853f9ef0e448c5536987fe87197f401bafcde3e0857e17de1f0676f5b2eb
2c33a5639cb3feb8a4e6ff3c19edb8947caf54f2aab52d1ebe97fd10f3bcb9a0
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3371f801000f02d00a3011c06bd012698f91b361b6d8d4bb76816e8dba84d22f
345a7f619e726c9ed21fa1e83646623f3491056eb1c9e0f3af797c42d38255c1
35cb86d608e029086857198c50969d59aec1456d1cc0a4ea38e9f20c2c37761a
362ae06b64117ef3431cf56356527c36fe17b2602956e3cfda9fb6347a9addde
387bf955126a0edd3c0773c4e3cb9f6f21c46b4e15aacd295debc7bf25a1fcbd
3a19ff3554a1e589f756a92be8263726674127c133feb1d333095668b77ba08c
3ab6467049bbcbcb72dcc5cf702c37968c7ae0f5343625ec2b0203c0d4af1b75
3dab93242ee573bbcfc22c9d15acd47794e500ed44e6bd48a35400b39d65aa43
40b19e1d704d79b1ff52d3eee4a7e49dcccfe126a4524e8d71909976cd5befb8
4b0e9a5334242f0ffd1c6842d11a0e848801121699f9912588e09d29608beb6f
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0
5736e3eec0c34bfc288854b7b8d2a8f1e22e9e2e7dae3c8d1ad5dfb2d4734ad0
58239e32c45cf12f04e22800dfbb50f614dcf2afa117abf3a72a8427a41e1a8a
5a4192e762a449dfd6e63bee835e0941627223c9159e8219acdd01881a1ac175
5c25fb28f6f44215a4ccb741d6e9647bfc47392a942ae3a8c32e4b3868ee157a
5ca1bb41f8bd235c016c81e22a5be19fafddf755798a6e74420ae21174534595
5e3407f64548ade7888540e2a758d7c1aaa0eda31a3d897ef24ed4cd768d22c2
5ef7094554552cc7822bc6920038444e01b407713cb660b6b88075e1c74d9880
5fe46d2da01452067736578431f6c6e8116a24e616f58c72d9d81fdb2c7c9569
65622f221abb9eb242ee1dbd19033bb5390f332b25fe52f10e0ec840e15f5401
65a47caa5183b035bf78d0f93adbe5cea500333410259c54abf2de356740df7e
66361c617e79f2f0643b4ce1a922a59cb6d4e048fa3ee5cbc2309ab826af40ac
664f6d2b747d802a76801d4948aa59ce5c7dcb25c5e245c813c42a2346efb867
6964b643d9729b5953d4bbda1b142c27bfa2f7bd34beefcf53c2d170d6340788
6ad330382c7c1f60f338c8b3db3572eeb7b0037bda95fd36904bbf6041f125e1
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6e7c083e0e173f849fa0582a9332bf40a3567c49ff818f28b0e4dca93930c6e5
70a5b0b12138d72265e36399b36ce4590a9df3bd22ee73c201d269b109a8177a
748c4e07de671a0d0af075f9811a09144741c8cf6bf243470dc1d1193276062e
74ec1e2bfcf647ccdeaf5b127294db846ee4a6f8ffd6c909d4938370d4187d1f
75881baf8ff6454da2014473b21e8643ef2b4eef5bddf23613c85392eef03b07
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7ce23bb169d56e3dc218181172c5d318dc16526e035b539e038f605a893ea551
82ae3253c906fba5bbaa45ae842a17f04f9160f61231b1970baf7c34fa89d83a
8320299532b4b81498d5b3714d49c9d5938883b55f4c2a1efe6f105bf4a942bd
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8b1bb95e70bb91da5ec8e5388576319b0ea0b2b2609a97faa08200daf917c51e
8baa1a585198029ec1b5e3407bc8ebe09507a57da0360cc1a619a4ac99ba8ce5
92545ae7b38b727089c99033d3557a18ee913a608fe8b26fb24973eb8660f17d
961e3016095d7e6f244ff538020cebbc52e2beca851b51e4f0a4ef44c4648a63
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3
98a4e1fdf290cfc7c5d58fd5688a45f0348db9ea62eceefad96a75569cae2a2d
9a08bd07a9da277d25a591727b8f5f249e677a9cebe6c2c3b7ebf3e71d3e7c2d
9bc19ce27e7fe54728be0d4489cf683005fd6f522bbf6391a681d7d2d8d3f190
a32c7a1e8f21d674c0524118f13e2ea9d98e56fa8b2c0ba759fa002b897960da
a650ac58d932df0dec0df72ed19c97a552def9d82fcd5e3a3849aa98f88a9fb4
a88ba0b09a4416c080044dc095eabf66ca59e4d12a1d6201457b693687be85d3
aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4
aeb1b16ad1d9bf8d2654c0eca63f5c6b28b9d0e903f110971082b437cd8b190e
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af91213cd670d6270b32ebdeb00a09625f6b74ccd780d12ff6724a14ea1efaff
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a
b3130cfe8b7c49789517a61b7b34c6f35f25b994147f6dd30b40721458f0cf74
ba4036b1cf30d0dcaa7730ba42f4242ab23c45a06aaf4697c100853dd8a6ccd5
bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6
bdfe3d5a499850ecd38f84e084bc4868b0373686754ebd92096476ff2b0ac72e
be73af5ff04d2bbb9b472bb618fae156fc794911588370cabd243886fd579fd9
c19e3e4151ea4933fa9ba9703c51fe20ad469237771214b1c5001d1b107ddef5
c996a584c1955880f48cf8c06d83cb695dbe2172d7c66924a6c1fcda22624e15
cadda460ccb4c3c01bb45f3d5976f63f5adf8dc3ff1d31cb4fbd3ded4f18e5bf
cd2c45ebab0309ad0e5e607793c7eb2ea9f88bde585bc1d64b406ab87bc019bd
d21258c59af6cc22fc9e133894e06810471800a806cfbfb06466b0dbe2493248
d3b64adf949a01915c03bae247c1cbdd6f188e488e4fd7fdc349942b2a691fd5
d410952265550c9b59b6c3a7df69b9084581ef2d1b012b98a5b660b744c2cd1b
d8f352e3d5555dd078a494601da1b016de22df1851c3446e5b415bb7abca7863
db24d4482bec396e9b30761a8ab97aa312b95595c7bd61b66a261a3dea66cf4e
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48
dddd493e81d9696ca3d1a81373b888fe27da421c478c11858ba3001d60756dbc
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e055ce560859733fc891576a91fd463bd43804f96c8729cfcd8074eb59460bb7
e2e1ac3dcd6c0894b40555e69ca72ea6fbf6a61837294bce204587bbb56c5c44
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e43a5802d5ed9337da2e507c39c43080de4305db7e520e22fe3ec9fd83c1b72f
e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f
ea0bff4c09b2d825e704cc95a9621d5584d6e7e334d7d2bc1d6d432a376ca566
ef09f4bec10862578ab2a20b0b0f5cff4faef4b3ce0fe01872a1460ad0d72c50
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0e777bd6d46a2a9ebc6f4986220f92537ee8e651a5fa0cadddb68db76c902b7
f72ac0d9e398ea0ccdcb3980f84084e14d7275b68da6b6b6fb77e6cfdc120c1a
f8bba0f40887b12333044658c68be1390c09cfbc0e47abb4657a3584a4b27505
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25

analyst1.com Open in urlscan Pro 2606:4700:10::6816:34bf Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

114 Requests

97 %HTTPS

71 %IPv6

29 Domains

37 Subdomains

35 IPs

4 Countries

3283 kBTransfer

5252 kBSize

44 Cookies

47 Outgoing links

Page URL History

Redirected requests

114 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

analyst1.com Open in urlscan Pro
2606:4700:10::6816:34bf Public Scan

Screenshot
Live screenshot

Full Image

114
Requests

97 %
HTTPS

71 %
IPv6

29
Domains

37
Subdomains

35
IPs

4
Countries

3283 kB
Transfer

5252 kB
Size

44
Cookies

114 HTTP transactions
8 data transactions