www.siriuscom.com Open in urlscan Pro
67.225.132.53 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://link.getsiriuscom.com/ls/click?upn=4AtdUIKfL4Yqyma97FNKp8Lqp1dnt1F75HPl3bP6ErOLJ7ltOQTwE7rOD9JkaHHkLHe5KarLJaavxT4-2Be...
Effective URL:
https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
Submission: On March 29 via manual (March 29th 2021, 2:25:00 pm UTC) from IN

Summary HTTP 214 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 36 IPs in 5 countries across 26 domains to perform 214 HTTP transactions. The main IP is 67.225.132.53, located in United States and belongs to LIQUIDWEB, US. The main domain is www.siriuscom.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 26th 2021. Valid for: 3 months.

This is the only time www.siriuscom.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.89.123.124 167.89.123.124	11377 (SENDGRID) (SENDGRID)
128	67.225.132.53 67.225.132.53	32244 (LIQUIDWEB) (LIQUIDWEB)
2	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
4	35.174.151.106 35.174.151.106	14618 (AMAZON-AES) (AMAZON-AES)
2	13.226.159.100 13.226.159.100	16509 (AMAZON-02) (AMAZON-02)
1	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
1 3	142.250.185.134 142.250.185.134	15169 (GOOGLE) (GOOGLE)
3	2a02:26f0:6c0... 2a02:26f0:6c00:28c::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2a02:26f0:6c0... 2a02:26f0:6c00:2a6::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	151.101.13.108 151.101.13.108	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6810:a852	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 4	2620:119:50e1... 2620:119:50e1:101::6cae:b25	14413 (LINKEDIN) (LINKEDIN)
2 2	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1	34.252.115.248 34.252.115.248	16509 (AMAZON-02) (AMAZON-02)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
1	37.252.172.36 37.252.172.36	29990 (ASN-APPNEX) (ASN-APPNEX)
1	13.226.159.122 13.226.159.122	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
6	2a00:1450:400... 2a00:1450:4001:80e::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
1	34.246.133.154 34.246.133.154	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	15.237.136.106 15.237.136.106	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
4	52.21.178.134 52.21.178.134	14618 (AMAZON-AES) (AMAZON-AES)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
2	2a04:4e42:1b:... 2a04:4e42:1b::622	54113 (FASTLY) (FASTLY)
214	36

1 167.89.123.124 (Chicago, United States) 1 redirects

ASN11377 (SENDGRID, US)
PTR: o16789123x124.outbound-mail.sendgrid.net

link.getsiriuscom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

128 67.225.132.53 (United States)

ASN32244 (LIQUIDWEB, US)

www.siriuscom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.174.151.106 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: pi0-lba1-4-ue1.aws.pardot.com

get.siriuscom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
go.pardot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.226.159.100 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-159-100.dus51.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.134 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f6.1e100.net

10117223.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:6c00:28c::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:6c00:2a6::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f01c:8012:face:b00c:0:3 (United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.13.108 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a852 (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:119:50e1:101::6cae:b25 (United States) 2 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:21::14 (United States) 2 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.252.115.248 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-252-115-248.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.172.36 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.159.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-159-122.dus51.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f11c:8183:face:b00c:0:25de (United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80e::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.246.133.154 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-246-133-154.eu-west-1.compute.amazonaws.com

siriuscomputerpartnersandbox.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.237.136.106 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-237-136-106.eu-west-3.compute.amazonaws.com

siriuscontenttest.112.2o7.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.21.178.134 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: pi0-lba1-2-ue1.aws.pardot.com

pi.pardot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:1b::622 (United States)

ASN54113 (FASTLY, US)

fast.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
131	siriuscom.com www.siriuscom.com get.siriuscom.com	916 KB
17	gstatic.com fonts.gstatic.com www.gstatic.com	722 KB
9	google.com www.google.com adservice.google.com	20 KB
7	googleapis.com fonts.googleapis.com maps.googleapis.com	125 KB
6	linkedin.com 4 redirects px.ads.linkedin.com www.linkedin.com	4 KB
6	doubleclick.net 1 redirects 10117223.fls.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net	4 KB
5	pardot.com go.pardot.com pi.pardot.com	109 KB
4	facebook.com www.facebook.com	688 B
4	facebook.net connect.facebook.net	187 KB
3	adobedtm.com assets.adobedtm.com	74 KB
3	licdn.com snap.licdn.com	6 KB
3	google-analytics.com www.google-analytics.com	19 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	61 KB
2	wistia.com fast.wistia.com	212 KB
2	demdex.net dpm.demdex.net siriuscomputerpartnersandbox.demdex.net	5 KB
2	adnxs.com acdn.adnxs.com ib.adnxs.com	3 KB
1	twitter.com analytics.twitter.com	653 B
1	t.co t.co	449 B
1	2o7.net siriuscontenttest.112.2o7.net	594 B
1	google.de www.google.de Failed adservice.google.de	250 B
1	ads-twitter.com static.ads-twitter.com	2 KB
1	zoominfo.com ws.zoominfo.com	725 B
1	googleadservices.com www.googleadservices.com	14 KB
1	googletagmanager.com www.googletagmanager.com	57 KB
1	getsiriuscom.com 1 redirects link.getsiriuscom.com	279 B
0	oktacdn.com Failed ok1static.oktacdn.com Failed
214	26

	Domain	Requested by
128	www.siriuscom.com	www.siriuscom.com
11	fonts.gstatic.com	www.siriuscom.com fonts.googleapis.com www.google.com
8	www.google.com	www.siriuscom.com get.siriuscom.com www.gstatic.com www.google.com
6	www.gstatic.com	www.google.com www.gstatic.com
4	pi.pardot.com	get.siriuscom.com www.siriuscom.com pi.pardot.com
4	www.facebook.com	www.siriuscom.com 10117223.fls.doubleclick.net connect.facebook.net
4	px.ads.linkedin.com	2 redirects www.siriuscom.com 10117223.fls.doubleclick.net
4	connect.facebook.net	www.siriuscom.com connect.facebook.net 10117223.fls.doubleclick.net
4	maps.googleapis.com	www.siriuscom.com maps.googleapis.com
3	assets.adobedtm.com	www.googletagmanager.com assets.adobedtm.com
3	snap.licdn.com	www.googletagmanager.com 10117223.fls.doubleclick.net assets.adobedtm.com
3	10117223.fls.doubleclick.net	1 redirects www.googletagmanager.com adservice.google.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	get.siriuscom.com	www.siriuscom.com pi.pardot.com
3	fonts.googleapis.com	www.siriuscom.com get.siriuscom.com
2	fast.wistia.com	pi.pardot.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	www.linkedin.com	2 redirects
1	analytics.twitter.com	static.ads-twitter.com
1	vars.hotjar.com	static.hotjar.com
1	t.co	www.siriuscom.com
1	siriuscontenttest.112.2o7.net	assets.adobedtm.com
1	go.pardot.com	get.siriuscom.com
1	siriuscomputerpartnersandbox.demdex.net	assets.adobedtm.com
1	adservice.google.de	1 redirects
1	adservice.google.com	10117223.fls.doubleclick.net
1	googleads.g.doubleclick.net	www.googleadservices.com
1	script.hotjar.com	static.hotjar.com
1	ib.adnxs.com	www.siriuscom.com
1	static.ads-twitter.com	assets.adobedtm.com
1	dpm.demdex.net	assets.adobedtm.com www.siriuscom.com
1	ws.zoominfo.com	www.siriuscom.com
1	acdn.adnxs.com	www.siriuscom.com
1	www.googleadservices.com	www.googletagmanager.com
1	static.hotjar.com	www.googletagmanager.com
1	www.googletagmanager.com	www.siriuscom.com
1	link.getsiriuscom.com	1 redirects
0	www.google.de Failed	www.siriuscom.com
0	ok1static.oktacdn.com Failed	www.siriuscom.com
214	39

This site contains links to these domains. Also see Links.

Domain
www.linkedin.com
www.facebook.com
twitter.com
www.youtube.com
www.fiveout.com
messageops.com
www.siriusfederal.com
edge.siriuscom.com
siriuscom.sharepoint.com

Subject Issuer	Validity	Valid
siriuscom.com cPanel, Inc. Certification Authority	`2021-03-26` - `2021-06-24`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-03-11` - `2021-06-03`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-03-11` - `2021-06-03`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2021-03-11` - `2021-06-03`	3 months	crt.sh
get.siriuscom.com R3	`2021-01-28` - `2021-04-28`	3 months	crt.sh
*.hotjar.com Amazon	`2020-12-25` - `2022-01-23`	a year	crt.sh
www.googleadservices.com GTS CA 1O1	`2021-03-11` - `2021-06-03`	3 months	crt.sh
*.doubleclick.net GTS CA 1O1	`2021-03-11` - `2021-06-03`	3 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-08` - `2021-09-30`	9 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-02-10` - `2021-05-10`	3 months	crt.sh
cdn.adnxs.com GlobalSign CloudSSL CA - SHA256 - G3	`2021-03-16` - `2022-03-17`	a year	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2020-07-04` - `2021-07-04`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-01-06` - `2021-07-05`	6 months	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2020-12-02` - `2022-01-02`	a year	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-03-11` - `2021-06-03`	3 months	crt.sh
www.google.com GTS CA 1O1	`2021-03-11` - `2021-06-03`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.google.com GTS CA 1O1	`2021-03-11` - `2021-06-03`	3 months	crt.sh
go.pardot.com DigiCert SHA2 Secure Server CA	`2020-12-05` - `2021-12-04`	a year	crt.sh
*.112.2o7.net DigiCert SHA2 High Assurance Server CA	`2019-04-23` - `2021-04-27`	2 years	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
pi.pardot.com DigiCert SHA2 Secure Server CA	`2020-12-05` - `2021-12-04`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
fast.wistia.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh

This page contains 9 frames:

Primary Page: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
Frame ID: 6F06A8A72F708E167AF708365F958BDD
Requests: 183 HTTP requests in this frame

Frame: https://get.siriuscom.com/l/302691/2018-12-10/7hxqz
Frame ID: 351FA4DEABED75C2823C60A8D98F1D1D
Requests: 10 HTTP requests in this frame

Frame: https://10117223.fls.doubleclick.net/activityi;dc_pre=CM6ngaPa1e8CFROscQodn7UE5w;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F
Frame ID: FA22FB2AFC48992AE42255FAB6C893BC
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CM6ngaPa1e8CFROscQodn7UE5w;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F
Frame ID: 2DF4DDAF208D775D3BA96864574F4EB9
Requests: 1 HTTP requests in this frame

Frame: https://10117223.fls.doubleclick.net/ddm/fls/r/dc_pre=CM6ngaPa1e8CFROscQodn7UE5w;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F
Frame ID: 805C816C97430681BF837734C841E73F
Requests: 7 HTTP requests in this frame

Frame: https://siriuscomputerpartnersandbox.demdex.net/dest5.html?d_nsid=0
Frame ID: 64200150D9E29DA610D29F39D9A3F7F7
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nZXQuc2lyaXVzY29tLmNvbTo0NDM.&hl=en&v=5mNs27FP3uLBP3KBPib88r1g&size=normal&cb=ji1xi5eiw9ds
Frame ID: E4C08A9F959987079E9073B38D32CF35
Requests: 9 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=5mNs27FP3uLBP3KBPib88r1g&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=bcklgvmsf17c
Frame ID: 85566298C35E5446BFFDC1296D9A7C6E
Requests: 3 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-5e3cec51ed8e99df6977c199d27812d7.html
Frame ID: 93620914647417B363E366ADE05BC611
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://link.getsiriuscom.com/ls/click?upn=4AtdUIKfL4Yqyma97FNKp8Lqp1dnt1F75HPl3bP6ErOLJ7ltOQTwE7rOD9JkaHH... HTTP 302
https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /adnxs\.(?:net|com)/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

214
Requests

98 %
HTTPS

58 %
IPv6

26
Domains

39
Subdomains

36
IPs

5
Countries

2540 kB
Transfer

7628 kB
Size

5
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://www.linkedin.com/company/sirius-computer-solutions
Title: LinkedIn

Search URL Search Domain Scan URL

URL: http://www.facebook.com/siriuscomputersolutions
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/SiriusNews
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/siriusnewscast
Title: YouTube

Search URL Search Domain Scan URL

URL: https://www.fiveout.com/
Title: FiveOut, A Sirius Agency

Search URL Search Domain Scan URL

URL: https://messageops.com/
Title: MessageOps, A Division of Sirius

Search URL Search Domain Scan URL

URL: https://www.siriusfederal.com/
Title: Sirius Federal

Search URL Search Domain Scan URL

URL: https://edge.siriuscom.com/
Title: Sirius Edge

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=&t=

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=&url=

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=&title=&summary=

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F&t=One-Week%20Robinhood%20Ransomware%20Recovery
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=One-Week%20Robinhood%20Ransomware%20Recovery&url=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/&title=One-Week%20Robinhood%20Ransomware%20Recovery&summary=One-Week%20Robinhood%20Ransomware%20Recovery%20%0D%0A%0D%0AA%20new%20data%20protection%20system%20allowed%20an%20insurance%20company%20to%20ignore%20a%20ransomware%20demand%20and%20fully%20restore%20within%20one%20week.%20%20%20%20%0D%0A%0D%0AThe%20Client%20%0D%0AA%20nationwide%20insurance%20company%20that%20provides%20coverage%20in%20over%2040%20state
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://siriuscom.sharepoint.com/sites/SiriusConnect/salescenter
Title: Employee Login

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://link.getsiriuscom.com/ls/click?upn=4AtdUIKfL4Yqyma97FNKp8Lqp1dnt1F75HPl3bP6ErOLJ7ltOQTwE7rOD9JkaHHkLHe5KarLJaavxT4-2BeZL9o1nwbU47aQabQ7dh-2FLOtCopgU1U2JDtkzgeFlWIl4Jq7Twwg_oxc78W1qIF-2B-2F5-2B-2BdNIKL-2FSPSUwjuBMWwlW2O5wykcVkqYKeoTif-2FYZrV-2BTA632DnZ5BY9nr1lpmeAKIFAsdF2UF1ljGaK0l4PdhL9GXW1-2BsQgTUMc2nOp0Fe4TBufdgUV2W-2B8nQfazP0lrTHjPn8SVBobhapDAqy2XuxiCVQ2o7tIOItot6P8EuXMFlH5mOqBkfRawAwrKbUuU3dI5jXaUD9HXj1mwDdnV0g-2B7kQWwKFos-2BPK590tqYCKHrWwYNn2fSNppbSl5bk8Bka1GzNkNy-2BdkEBz2jUpGHqN4WQAHbUNnVjGyFQtDSjwormcjzGmNkHFwkA498gAs57uE5POFkU8kigCnezO6niR-2BGAf-2BSVk5yNAl2QvWCoieoWIt6L8C8horYSNG4AGEGxpf878SRtN1zeXnYlKR40RU1HGdqLKMkpZnbfVrdGeHHgbZC9 HTTP 302
https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 144

https://10117223.fls.doubleclick.net/activityi;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F HTTP 302
https://10117223.fls.doubleclick.net/activityi;dc_pre=CM6ngaPa1e8CFROscQodn7UE5w;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F

Request Chain 150

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=506118145&time=1617027879844&url=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D506118145%26time%3D1617027879844%26url%3Dhttps%253A%252F%252Fwww.siriuscom.com%252Fcase-study%252Fone-week-robinhood-ransomware-recovery%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=506118145&time=1617027879844&url=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F&liSync=true

Request Chain 167

https://adservice.google.de/ddm/fls/i/dc_pre=CM6ngaPa1e8CFROscQodn7UE5w;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F HTTP 302
https://10117223.fls.doubleclick.net/ddm/fls/r/dc_pre=CM6ngaPa1e8CFROscQodn7UE5w;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F

Request Chain 169

https://cm.everesttech.net/cm/dd?d_uuid=64627915737716665072092791199589049297 HTTP 0
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YGHjKAAAAHpmkRNg

Request Chain 175

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2867641&time=1617027880345&url=https%3A%2F%2Fadservice.google.com%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2867641%26time%3D1617027880345%26url%3Dhttps%253A%252F%252Fadservice.google.com%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2867641&time=1617027880345&url=https%3A%2F%2Fadservice.google.com%2F&liSync=true

214 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set / Show response
www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
Redirect Chain

http://link.getsiriuscom.com/ls/click?upn=4AtdUIKfL4Yqyma97FNKp8Lqp1dnt1F75HPl3bP6ErOLJ7ltOQTwE7rOD9JkaHHkLHe5KarLJaavxT4-2BeZL9o1nwbU47aQabQ7dh-2FLOtCopgU1U2JDtkzgeFlWIl4Jq7Twwg_oxc78W1qIF-2B-2F5-...
https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

141 KB
27 KB

2223ms
1826ms

Document
text/html

67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

95964a671c48db6c37a4e687e492f77e37ac3419c23dbd183b648561f881dfd9

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://maps.googleapis.com https://distillery.wistia.com https://pipedream.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://dpm.demdex.net https://in.hotjar.com https://vc.hotjar.io https://embedwistia-a.akamaihd.net https://embed-ssl.wistia.com https://www.facebook.com siriuscom.okta.com https://.akamaihd.net https://www.google-analytics.com https://stats.g.doubleclick.net https://api.tiles.mapbox.com https://e.issuu.com/; font-src 'self' https://fonts.gstatic.com 'unsafe-inline' https://fonts.googleapis.com data:; script-src 'self' https://.wistia.com blob: https://.doubleclick.net https://.mapbox.com 'unsafe-eval' https://.akamaihd.net https://www.siriuscom.com 'unsafe-inline' https://fast.wistia.net https://e.issuu.com/ https://www.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://pi.pardot.com https://www.google.com https://snap.licdn.com https://assets.adobedtm.com https://acdn.adnxs.com https://ws.zoominfo.com https://static.hotjar.com https://connect.facebook.net https://cm.everesttech.net https://siriuscontenttest.112.2o7.net https://siriuscomputerpartnersandbox.demdex.net https://get.siriuscom.com https://static.ads-twitter.com https://script.hotjar.com https://analytics.twitter.com https://www.googleadservices.com; style-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' https://fonts.gstatic.com https://.mapbox.com https://api.tiles.mapbox.com; img-src data: 'unsafe-inline' 'unsafe-eval' 'self' https://.wistia.com https://.akamaihd.net https://.google-analytics.com https://.adnxs.com https://.facebook.com https://www.google.com https://.linkedin.com https://t.co https://www.googletagmanager.com https://unpkg.com https://.mapbox.com https://cm.everesttech.net; media-src 'unsafe-inline' https://www.siriuscom.com blob: 'self' https://www.youtube.com https://e.issuu.com/; object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob https://.siriuscom.com https://www.facebook.com https://vars.hotjar.com https://api.tiles.mapbox.com https://*.doubleclick.net https://www.youtube.com https://siriuscom.okta.com https://fast.wistia.net https://e.issuu.com/ https://siriuscomputerpartnersandbox.demdex.net;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: www.siriuscom.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:36 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Security-Policy: base-uri 'none'; connect-src 'self' https://maps.googleapis.com https://distillery.wistia.com https://pipedream.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://dpm.demdex.net https://in.hotjar.com https://vc.hotjar.io https://embedwistia-a.akamaihd.net https://embed-ssl.wistia.com https://www.facebook.com siriuscom.okta.com https://*.akamaihd.net https://www.google-analytics.com https://stats.g.doubleclick.net https://api.tiles.mapbox.com https://e.issuu.com/; font-src 'self' https://fonts.gstatic.com 'unsafe-inline' https://fonts.googleapis.com data:; script-src 'self' https://*.wistia.com blob: https://*.doubleclick.net https://*.mapbox.com 'unsafe-eval' https://*.akamaihd.net https://www.siriuscom.com 'unsafe-inline' https://fast.wistia.net https://e.issuu.com/ https://www.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://pi.pardot.com https://www.google.com https://snap.licdn.com https://assets.adobedtm.com https://acdn.adnxs.com https://ws.zoominfo.com https://static.hotjar.com https://connect.facebook.net https://cm.everesttech.net https://siriuscontenttest.112.2o7.net https://siriuscomputerpartnersandbox.demdex.net https://get.siriuscom.com https://static.ads-twitter.com https://script.hotjar.com https://analytics.twitter.com https://www.googleadservices.com; style-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' https://fonts.gstatic.com https://*.mapbox.com https://api.tiles.mapbox.com; img-src data: 'unsafe-inline' 'unsafe-eval' 'self' https://*.wistia.com https://*.akamaihd.net https://*.google-analytics.com https://*.adnxs.com https://*.facebook.com https://www.google.com https://*.linkedin.com https://t.co https://www.googletagmanager.com https://unpkg.com https://*.mapbox.com https://cm.everesttech.net; media-src 'unsafe-inline' https://www.siriuscom.com blob: 'self' https://www.youtube.com https://e.issuu.com/; object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob https://*.siriuscom.com https://www.facebook.com https://vars.hotjar.com https://api.tiles.mapbox.com https://*.doubleclick.net https://www.youtube.com https://siriuscom.okta.com https://fast.wistia.net https://e.issuu.com/ https://siriuscomputerpartnersandbox.demdex.net;
Link: <https://www.siriuscom.com/wp-json/>; rel="https://api.w.org/", <https://www.siriuscom.com/?p=25117>; rel=shortlink
X-TEC-API-VERSION: v1
X-TEC-API-ROOT: https://www.siriuscom.com/wp-json/tribe/events/v1/
X-TEC-API-ORIGIN: https://www.siriuscom.com
Set-Cookie: PHPSESSID=40fbf0fe64a046f17aff57040b794278; path=/
Strict-Transport-Security: max-age=31536000; includeSubDomains
Permissions-Policy: geolocation(), microphone(), payment()
Vary: Accept-Encoding
Content-Encoding: gzip
Referrer-Policy: no-referrer-when-downgrade
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: http://get.siriuscom.com
Access-Control-Allow-Credentials: true
Content-Length: 24097
Keep-Alive: timeout=5, max=200
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Redirect headers

Server: nginx
Date: Mon, 29 Mar 2021 14:24:35 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 99
Connection: keep-alive
Location: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
X-Robots-Tag: noindex, nofollow

GET
H/1.1 200
OK common-skeleton.min.css
www.siriuscom.com/wp-content/plugins/the-events-calendar/common/src/resources/css/ 26 KB
6 KB 258ms
140ms Stylesheet
text/css 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/the-events-calendar/common/src/resources/css/common-skeleton.min.css?ver=4.12.5

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

3699e9a8168525eb97795c72bb6315a198b4b18d9c914cc9f3a17fb2c79d1615

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 5066
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Mon, 27 Jul 2020 17:22:53 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "677c-5ab6f929c7540-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=199
Expires: Tue, 29 Mar 2022 14:24:38 GMT

GET
H/1.1 200
OK tooltip.min.css
www.siriuscom.com/wp-content/plugins/the-events-calendar/common/src/resources/css/ 2 KB
1 KB 400ms
140ms Stylesheet
text/css 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/the-events-calendar/common/src/resources/css/tooltip.min.css?ver=4.12.5

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

872454cbfd47b444a3fa6cfa9a74b0f57e5f6b3a47b9870108d2b0e5ce4aace5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 579
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Mon, 27 Jul 2020 17:22:53 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "662-5ab6f929c7540-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=198
Expires: Tue, 29 Mar 2022 14:24:38 GMT

GET
H/1.1 200
OK style.min.css
www.siriuscom.com/wp-includes/css/dist/block-library/ 40 KB
7 KB 421ms
140ms Stylesheet
text/css 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-includes/css/dist/block-library/style.min.css?ver=5.3.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

d9662b4b9ba6c2c3691ce0acd4572e027366eb97d6070550a13429262bb0037f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 6163
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:11:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "a1fb-59e435e800940-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=200
Expires: Tue, 29 Mar 2022 14:24:38 GMT

GET
H/1.1 200
OK settings.css
www.siriuscom.com/wp-content/plugins/essential-grid/public/assets/css/ 32 KB
7 KB 423ms
141ms Stylesheet
text/css 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/essential-grid/public/assets/css/settings.css?ver=2.3.6

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

277dc6e850dd5e48fab1d78d28416a77b99c0375f91d33427c1c23a6958c59ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 6201
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 15 Dec 2020 20:12:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "81ce-5b6865f949840-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=200
Expires: Tue, 29 Mar 2022 14:24:38 GMT

GET
H/1.1 200
OK fontello.css
www.siriuscom.com/wp-content/plugins/essential-grid/public/assets/font/fontello/css/ 12 KB
3 KB 423ms
140ms Stylesheet
text/css 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/essential-grid/public/assets/font/fontello/css/fontello.css?ver=2.3.6

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

168642741cf6acd34501d09c8cc1c7e6be332ca9222f3223419bd1664b381839

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 2406
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 15 Dec 2020 20:12:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "3177-5b6865f949840-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=200
Expires: Tue, 29 Mar 2022 14:24:38 GMT

GET
H/1.1 200
OK post-co-authors-public.css
www.siriuscom.com/wp-content/plugins/post-co-authors/public/css/ 98 B
862 B 426ms
141ms Stylesheet
text/css 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/post-co-authors/public/css/post-co-authors-public.css?ver=1.0.0

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

547dda3c14b284819be511be1e410da94a5efc6ccc4a9afe1c75394f9333191a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 106
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:56 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "62-59e434f6b9000-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=200
Expires: Tue, 29 Mar 2022 14:24:38 GMT

GET
H/1.1 200
OK rs6.css
www.siriuscom.com/wp-content/plugins/revslider/public/assets/css/ 57 KB
13 KB 437ms
148ms Stylesheet
text/css 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.1.7

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

9883e503c2916e2bfa5aff13d031f28e0ca6124cf47ac81dc8013efe4e5d702c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 12130
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:01 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "e278-59e434fb7db40-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=200
Expires: Tue, 29 Mar 2022 14:24:38 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
510 B 22ms
14ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato%3A%2C300%2C400%2C700&ver=5.3.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7a2dd21532e68bb69249e38f9f22315cd53843f618a78b6169c3ae64ac02294f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 29 Mar 2021 13:45:22 GMT
server: ESF
date: Mon, 29 Mar 2021 14:24:38 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 29 Mar 2021 14:24:38 GMT

GET
H/1.1 200
OK style.min.css
www.siriuscom.com/wp-content/themes/Avada/assets/css/ 204 KB
32 KB 545ms
148ms Stylesheet
text/css 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/assets/css/style.min.css?ver=5.7.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

79f9e42444d9457065d364f319e9e4b1a880dece2f66d72b71046944be9ddaf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 32237
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "3306c-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=197
Expires: Tue, 29 Mar 2022 14:24:38 GMT

GET
H/1.1 200
OK style.css
www.siriuscom.com/wp-content/themes/Avada-Child-Theme/ 423 B
977 B 557ms
139ms Stylesheet
text/css 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada-Child-Theme/style.css?ver=5.3.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

19e0e2d6c132908a423d543aa056a7e534b1fa23ea556cfa468508768527013c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 220
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Mon, 24 Feb 2020 23:16:51 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "1a7-59f5a90eedec0-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=199
Expires: Tue, 29 Mar 2022 14:24:38 GMT

GET
H/1.1 200
OK ee8facd5bf821c7504b99091546d9109.min.css
www.siriuscom.com/wp-content/uploads/fusion-styles/ 659 KB
83 KB 577ms
157ms Stylesheet
text/css 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/uploads/fusion-styles/ee8facd5bf821c7504b99091546d9109.min.css?ver=5.3.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

f9438ea9ccbbf28b6c15eaf985acf6907f507f93147d5ebd4b6efa59d16800cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: Keep-Alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 25 Mar 2021 20:04:16 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "a4dbd-5be61eb84b000-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=199
Expires: Tue, 29 Mar 2022 14:24:38 GMT

GET
H/1.1 200
OK ubermenu.min.css
www.siriuscom.com/wp-content/plugins/ubermenu/pro/assets/css/ 40 KB
6 KB 563ms
141ms Stylesheet
text/css 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/ubermenu/pro/assets/css/ubermenu.min.css?ver=3.2.1.1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

21c7fbaab48c021744f6706e9bae69d6d6859ed25365c96167cd10a9ae61d452

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 5800
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:56 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "9f87-59e434f6b9000-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=199
Expires: Tue, 29 Mar 2022 14:24:38 GMT

GET
H/1.1 200
OK trans_black_hover.css
www.siriuscom.com/wp-content/plugins/ubermenu/pro/assets/css/skins/ 4 KB
1 KB 569ms
147ms Stylesheet
text/css 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/ubermenu/pro/assets/css/skins/trans_black_hover.css?ver=5.3.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

fe900285f00d103c1e94cb6001929b683ff4503c37d3408264f8ce8e4feb7b92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 721
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:56 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "1135-59e434f6b9000-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=199
Expires: Tue, 29 Mar 2022 14:24:38 GMT

GET
H/1.1 200
OK font-awesome.min.css
www.siriuscom.com/wp-content/plugins/ubermenu/assets/css/fontawesome/css/ 26 KB
7 KB 698ms
141ms Stylesheet
text/css 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/ubermenu/assets/css/fontawesome/css/font-awesome.min.css?ver=4.3

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 6081
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:56 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "6857-59e434f6b9000-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=196
Expires: Tue, 29 Mar 2022 14:24:38 GMT

GET
H/1.1 200
OK active-styles.css
www.siriuscom.com/wp-content/micro-themes/ 3 KB
2 KB 704ms
146ms Stylesheet
text/css 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/micro-themes/active-styles.css?mts=1&ver=5.3.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

aaf7459b1edac4b185d892f870a27efaae51e60692771f04347298b157c2afaa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 860
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 05 May 2020 21:00:58 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "dae-5a4ecf1b59680-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=199
Expires: Tue, 29 Mar 2022 14:24:38 GMT

GET
H/1.1 200
OK jquery.js Show response
www.siriuscom.com/wp-includes/js/jquery/ 95 KB
34 KB 704ms
147ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 33776
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:11:10 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "17a69-59e435e8f4b80-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=198
Expires: Tue, 29 Mar 2022 14:24:38 GMT

GET
H/1.1 200
OK jquery-migrate.min.js Show response
www.siriuscom.com/wp-includes/js/jquery/ 10 KB
5 KB 716ms
146ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 4014
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:11:10 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "2748-59e435e8f4b80-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=198
Expires: Tue, 29 Mar 2022 14:24:38 GMT

GET
H/1.1 200
OK post-co-authors-public.js Show response
www.siriuscom.com/wp-content/plugins/post-co-authors/public/js/ 838 B
1 KB 716ms
146ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/post-co-authors/public/js/post-co-authors-public.js?ver=1.0.0

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

57a50c99a31ef4e89e86664e96f6dfbdde163a2eb96e88b3b492c49aa4be2f37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 479
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:56 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "346-59e434f6b9000-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=198
Expires: Tue, 29 Mar 2022 14:24:38 GMT

GET
H/1.1 200
OK revolution.tools.min.js Show response
www.siriuscom.com/wp-content/plugins/revslider/public/assets/js/ 155 KB
52 KB 853ms
154ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/revslider/public/assets/js/revolution.tools.min.js?ver=6.0

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

1d35b97cb8449be02c40553556f1031c7a300781586bc3a3447c197aafd6e1ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 52434
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:01 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "26d54-59e434fb7db40-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=195
Expires: Tue, 29 Mar 2022 14:24:38 GMT

GET
H/1.1 200
OK rs6.min.js Show response
www.siriuscom.com/wp-content/plugins/revslider/public/assets/js/ 282 KB
73 KB 873ms
156ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.1.7

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

2f2ca1625d190a0b70d8632dfabc0e4a5558266c9f03386da097fe3819af8de7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: Keep-Alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:01 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "469f4-59e434fb7db40-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=198
Expires: Tue, 29 Mar 2022 14:24:38 GMT

GET
H/1.1 200
OK gtm4wp-form-move-tracker.js Show response
www.siriuscom.com/wp-content/plugins/duracelltomi-google-tag-manager/js/ 1 KB
1 KB 859ms
141ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js?ver=1.11.6

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

bc71c403dc6113c8597e111a99d6a6a197dd2f2355402f8392ca4812dca57d3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 335
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 29 Jan 2021 16:50:13 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "5cf-5ba0ccc44fb40-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=197
Expires: Tue, 29 Mar 2022 14:24:38 GMT

GET
H/1.1 200
OK wp-emoji-release.min.js Show response
www.siriuscom.com/wp-includes/js/ 14 KB
5 KB 158ms
158ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-includes/js/wp-emoji-release.min.js?ver=5.3.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

1a351abc3f3b435497ddb8a55f09268d3e641dc22455deac06cf0181a4de52ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 4626
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:11:10 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "362a-59e435e8f4b80-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=181
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK logoweb17.png
www.siriuscom.com/wp-content/uploads/2017/01/ 9 KB
10 KB 256ms
138ms Image
image/png 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.siriuscom.com/wp-content/uploads/2017/01/logoweb17.png

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

55e73025135c57554b904284f1b93ef31386cba5e7b70794a2df6b989f3584d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 9332
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:34 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "2474-59e4351af6580"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=196
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H/1.1 200
OK Case_Study_WEB-102020-1100x450_SSTA_ROBRANSOME.jpg
www.siriuscom.com/wp-content/uploads/revslider/case-study-one-week--robinhood-ransomware-recovery-/ 96 KB
96 KB 144ms
140ms Image
image/jpeg 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.siriuscom.com/wp-content/uploads/revslider/case-study-one-week--robinhood-ransomware-recovery-/Case_Study_WEB-102020-1100x450_SSTA_ROBRANSOME.jpg

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

1ce4f8d5df8a1ce74880c49985a908f0becf10b36cffb45fa09e27d129e970e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 97980
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Mon, 14 Dec 2020 23:00:59 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "17ebc-5b6749d88c0c0"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/jpeg
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=180
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK Security-Collateral-Badge-v1-01.png
www.siriuscom.com/wp-content/uploads/2020/02/ 36 KB
36 KB 183ms
141ms Image
image/png 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.siriuscom.com/wp-content/uploads/2020/02/Security-Collateral-Badge-v1-01.png

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

58d7740a2472d8be9c3f9c48f1a70ffa83340192e0124fbdd8062fe5a80efba3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 36551
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 15 Dec 2020 23:27:16 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "8ec7-5b689195f3d00"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=196
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H2 200 css
fonts.googleapis.com/ 5 KB
780 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:800%2C400%7CRoboto:400

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

420ee754b9fcc27b697e456eeb20d7477de443a5e7076da842cd64fb8c4fd459

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 29 Mar 2021 14:24:39 GMT
server: ESF
date: Mon, 29 Mar 2021 14:24:39 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 29 Mar 2021 14:24:39 GMT

GET
H/1.1 200
OK modernizr.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 13 KB
6 KB 254ms
150ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/modernizr.js?ver=3.3.1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

dd1fad41f2891919876ec7b3fc3057b7b89fad8e8ff8b5d03815838bb8e7e497

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 5164
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "3322-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=197
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H/1.1 200
OK jquery.fitvids.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 2 KB
2 KB 246ms
142ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.fitvids.js?ver=1.1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

3c0bfb5a3db6967755accf4f7d045f8529e546a3b713281cac8a3088b51f6bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 793
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "6eb-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=194
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H/1.1 200
OK fusion-video-general.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 6 KB
3 KB 225ms
142ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/fusion-video-general.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

b9996b32165e1ee5de0a45e370b05addb9fb6aec3fb6141c73c1cecfda4de66d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 1824
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "166f-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=196
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H/1.1 200
OK jquery.ilightbox.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 81 KB
25 KB 219ms
142ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.ilightbox.js?ver=2.2.3

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

385ed18e3673b41dfdee7ac701af87a1a7b29b8ef4bc095ded29f9bdd5775b9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 25312
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "14290-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=198
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H/1.1 200
OK jquery.mousewheel.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 1006 B
1 KB 219ms
142ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.mousewheel.js?ver=3.0.6

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

dd5ceb190d2852ad363c91ce58749aff3a6dd46e0c9fa299cdf9a8ecfcfaca7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 488
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "3ee-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=197
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H/1.1 200
OK fusion-lightbox.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 6 KB
3 KB 219ms
142ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-lightbox.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

ab1a025da75807a57c2e8ecfcc301f78bd002f4916f992dc520e043a25d47434

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 1847
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "1935-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=197
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H/1.1 200
OK imagesLoaded.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 7 KB
3 KB 148ms
140ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/imagesLoaded.js?ver=3.1.8

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

447f8762021b0e2726cea6977b09f5448684bf078d66cf5718f681bd2e1cec4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 2255
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "1a98-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=197
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H/1.1 200
OK isotope.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 34 KB
10 KB 148ms
146ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/isotope.js?ver=3.0.4

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

57f3316599c6cb279ffb4fb239393035f0bb68fb16302f9bfb2b122acc282e4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 9749
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "887f-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=196
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H/1.1 200
OK packery.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 13 KB
5 KB 143ms
142ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/packery.js?ver=2.0.0

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

0f158ed2f9a3b0126d41b4013a4f746eea09663c6214b79877e19016129aa4e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 4169
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "35cc-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=192
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H/1.1 200
OK avada-portfolio.js Show response
www.siriuscom.com/wp-content/plugins/fusion-core/js/min/ 12 KB
4 KB 144ms
141ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-core/js/min/avada-portfolio.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

180677466c59e0765b841f9f10c92f5c9c6f79a581f24694a0e1cfe2dcb5160b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 2906
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:53 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "31f6-59e434f3dc940-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=196
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H/1.1 200
OK jquery.infinitescroll.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 21 KB
12 KB 143ms
141ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.infinitescroll.js?ver=2.1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

b7be203f69d78fc9333697062bac50e776a77e549c326aeeb2f619f799f054d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 11990
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "524c-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=195
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H/1.1 200
OK avada-faqs.js Show response
www.siriuscom.com/wp-content/plugins/fusion-core/js/min/ 979 B
1 KB 152ms
152ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-core/js/min/avada-faqs.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

b1a7be6cf478f7d4228fc455a370f1be8ac6e37acade5fd382c1e1992b51433f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 373
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:53 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "3d3-59e434f3dc940-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=195
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H/1.1 200
OK cssua.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 3 KB
2 KB 149ms
146ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/cssua.js?ver=2.1.28

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

4025727c5cdf69ebebb78196e38a76144968ff27b9dfe789968f23f69d51e2cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 1481
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "d0d-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=191
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H/1.1 200
OK jquery.waypoints.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 7 KB
3 KB 142ms
141ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.waypoints.js?ver=2.0.3

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

173a42f3468eebc25191bc4aaa1e86fb422b56337682ce4b38bd2ca4229b8543

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 2416
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "1d57-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=195
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H/1.1 200
OK fusion-waypoints.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 447 B
1 KB 145ms
144ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-waypoints.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

051295687c256d4bf401a70a2fd455ee85f8b7272e2cd133c00a40ba282dab4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 267
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "1bf-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=195
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H/1.1 200
OK fusion-animations.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 1 KB
1 KB 143ms
142ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-animations.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

576f08290e6492215c31e059a5b8dbc6b9d9c801886d44ecab93624f070acb07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 477
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "430-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=194
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H/1.1 200
OK jquery.countTo.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/library/ 945 B
1 KB 181ms
161ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/library/jquery.countTo.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

0c2d6aa51d3d04b3e548b51fec1d00d7e7ae1d2cced71ba4e2bb154a6871d6c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 430
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "3b1-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=194
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H/1.1 200
OK jquery.appear.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 3 KB
2 KB 143ms
142ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.appear.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

08370201daee47824e2271d06f0300abe6dffa78df2a5913eae613bc9f375bcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 1331
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "bbc-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=194
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H/1.1 200
OK fusion-counters-box.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 926 B
1 KB 148ms
141ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-counters-box.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

67e0d4919ff70c1c3eabd2801c690bcfce99ef1926119f86d812c7a6b951ce28

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 441
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "39e-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=194
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H/1.1 200
OK jquery.fade.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 1 KB
1 KB 142ms
140ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.fade.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

0b6b1cd454ac76a80fe115f90ee1950f48e6c2a143e4a96176adbb520c40c80b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 445
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "48e-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=190
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H/1.1 200
OK jquery.requestAnimationFrame.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 695 B
1 KB 145ms
140ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.requestAnimationFrame.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

346467f0ba1b9a43b33c78f0663942aa96d5cc8c8064e470665d9308c45a3d91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 341
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "2b7-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=193
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H/1.1 200
OK fusion-parallax.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 10 KB
3 KB 146ms
141ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/fusion-parallax.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

8cab7e21e2a3105ef06fd43c875a614bc0ffd170ab3f8bffd2044c03ed44bcea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 2365
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "260f-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=194
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H/1.1 200
OK fusion-video-bg.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 5 KB
3 KB 141ms
139ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/fusion-video-bg.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

57376344235f987c935c8fedbf63597857d4c2357ffd48a0d4a7dfa4b7eb4794

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 1969
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "14ce-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=193
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK fusion-container.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 9 KB
3 KB 146ms
145ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-container.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

4e935df82f460a420d80cde9d91b1b145e1bee3bcc1bb7d31a074d9d7f37b5b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 1919
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "25b5-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=193
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK fusion-equal-heights.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 1 KB
1 KB 145ms
141ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-equal-heights.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

29da3233a309dd74c144f872b66ba470472579a0aca0e2362f5c5cc8f0e7a385

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 471
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "501-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=193
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK fusion-events.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 3 KB
2 KB 141ms
140ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-events.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

3369709d20d9c1c487738adf334cb5307e82d15948fa2241cfdcb6906b3e85f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 1083
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "cdb-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=189
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK jquery.easyPieChart.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 4 KB
2 KB 146ms
141ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.easyPieChart.js?ver=2.1.7

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

5338acdbe16862e5d826ff614549d8463ae7e26ef1fc27b5d7fee45193ac05b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 1541
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "e93-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=193
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK fusion-counters-circle.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 3 KB
2 KB 143ms
140ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-counters-circle.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

5c7438ec740fa9bea75de44a0fbbbc78c14351010ab6ff42ed13b96c7c777d37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 921
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "d20-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=192
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK fusion-progress.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 786 B
1 KB 142ms
139ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-progress.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

b6443f12a07a199cced0c9d1506093b41835cd831937332df384a781eca8977f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 356
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "312-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=192
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK fusion-flip-boxes.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 1 KB
1 KB 146ms
145ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-flip-boxes.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

b0ca3d367f3b06e94078cbe3132c948b43c31576c2513693a1790a5ab2c61598

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 322
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "4a3-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=192
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK fusion-content-boxes.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 4 KB
2 KB 144ms
143ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-content-boxes.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

fa0aa801b4f145613e631853cf697527783bd5af01eead6494563d0521de99a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 848
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "1045-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=192
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK bootstrap.modal.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 4 KB
2 KB 143ms
143ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/bootstrap.modal.js?ver=3.1.1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

74f49a4a14494563c06ff8da97a0bdb4fb7be6396fc222a5473cef3234549cee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 1309
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "f86-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=188
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK fusion-modal.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 4 KB
2 KB 143ms
141ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-modal.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

78a380367f24325466b6bfc6e989971ecabc00333757e69b87bc490726bfbc5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 1184
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "102f-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=192
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK bootstrap.transition.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 752 B
1 KB 140ms
139ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/bootstrap.transition.js?ver=3.3.6

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

f6524d3bc9f7ad5378a1957b540a60fe820e502ce1474bbb053d6b56e89a9102

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 378
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "2f0-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=191
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK bootstrap.tab.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 1 KB
1 KB 149ms
139ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/bootstrap.tab.js?ver=3.1.1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

5ead963d94c060ee77069d99d883e33ae92872b2271dc3846248756971c7b48a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 719
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "5e6-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=191
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK fusion-tabs.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 4 KB
2 KB 145ms
145ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-tabs.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

09f06f00d804cf6abd02fef131e6ce9f79401ba96ee40324dfd28fa286498e58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 1149
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "11c9-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=191
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK jquery.fusion_maps.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 6 KB
3 KB 143ms
142ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.fusion_maps.js?ver=2.2.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

bae5b45edb131342b9a2cee40445e32518286acf0497886f024108637cb8a823

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 1945
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "1646-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=191
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK fusion-google-map.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 325 B
994 B 142ms
141ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-google-map.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

4a768695e2001c056e6f8f20f4904e49bbd0471d060b47bbd3cf026ac74e8d5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 221
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "145-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=187
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK bootstrap.collapse.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 3 KB
2 KB 145ms
144ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/bootstrap.collapse.js?ver=3.1.1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

5e52f996d47eb5f321896cfc9a10153c1a47415b3e3b4c1b31a6ec736adadb5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 1157
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "d60-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=190
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK fusion-toggles.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 2 KB
2 KB 157ms
149ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-toggles.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

f98a3db3d376370ded7f085974e5b16af1c56904159fe522ebb0bbced062038b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 810
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "9a8-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=191
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK fusion-recent-posts.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 4 KB
2 KB 139ms
139ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-recent-posts.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

6e746a03bc3330d32fb71d7fd89fc6aa4de6214664ca21bf6b643bd444cc1415

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 1253
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "10a7-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=190
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK jquery.event.move.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/library/ 5 KB
3 KB 147ms
146ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/library/jquery.event.move.js?ver=2.0

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

512e43cff32041e14e69d9030c2eb73871e61aba905c1968eda47ae0cef9cb7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 2007
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "152d-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=190
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK fusion-image-before-after.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 2 KB
2 KB 141ms
140ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-image-before-after.js?ver=1.0

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

f8ea3fd0ebc9772c51df0b61b519677aa0c38bcc9ab0b1b818d949c1baf46a00

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 926
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "9f9-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=190
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK fusion-title.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 655 B
1 KB 152ms
141ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-title.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

ae0f1b690df343a956c0c38f10cdfba1b9caa9f5850ee066caa5e6aa4ea1fe04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 333
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "28f-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=186
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK fusion-column-bg-image.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 1 KB
1 KB 160ms
139ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-column-bg-image.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

e8a066351f19240f0fec8b70708aa8dec4928a741ef520a76e90a4ad75f1ec0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 523
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "53a-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=189
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK fusion-column.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 2 KB
1 KB 150ms
143ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-column.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

9ae3cc738ad24787d1be7330037d215c1383e2b15dcde127431f915e9dbcba1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 341
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "7c5-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=190
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK fusion-syntax-highlighter.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 2 KB
1 KB 140ms
139ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-syntax-highlighter.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

0d91ab1e931555efe756f470940e387c4086500cda43af0228c86361f0d9fc7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 707
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "76f-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=189
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK jquery.cycle.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 26 KB
8 KB 147ms
146ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.cycle.js?ver=3.0.3

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

ef01f6c9d515df0151de5d55bf3a60ea0f5b0b5387af0f602f1310851828f114

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 7523
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "6661-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=189
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK fusion-testimonials.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 1 KB
1 KB 141ms
141ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-testimonials.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

445ea6c21f8315829dc221101d38913120bd14090456441789562763763dc7b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 432
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "42e-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=189
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK fusion-gallery.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 1 KB
1 KB 141ms
139ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-gallery.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

d9ae8b314f45d9835f8738dd75713d6c267768b18a3fb072dd6b7a195ea045ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 499
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "4ad-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=185
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK jquery.countdown.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/library/ 3 KB
2 KB 141ms
140ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/library/jquery.countdown.js?ver=1.0

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

adb4dc173de9c49530f9d50131c359628af6011197caebdeea767de0a9aae7c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 1054
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "b41-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=188
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK fusion-countdown.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 459 B
1 KB 142ms
140ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-countdown.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

4303c58fd1ed8315421c091d6bf0c651916e752a08ac1eb65af7fcde0a5d81de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 300
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "1cb-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=189
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK Chart.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/library/ 153 KB
46 KB 155ms
150ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/library/Chart.js?ver=2.7.1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

849abd0086b44cc8f232c974a1902eba0a632b28c499d74e08d0b81e29760048

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 46147
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "26480-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=188
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK fusion-chart.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 5 KB
2 KB 150ms
145ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-chart.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

3deb29b8fdfdd69f4a7d19c8ac166fa0b70bd6a82315d384f654d313637caebe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 1673
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "148e-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=188
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK vimeoPlayer.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 16 KB
6 KB 149ms
146ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/vimeoPlayer.js?ver=2.2.1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

8fcca243e0633537ab5a60897b92deba38f13bc927de72f88ba65dee9fddb62e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 5389
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "4059-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=188
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK fusion-video.js Show response
www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 1 KB
1 KB 142ms
140ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-video.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

8dc2823c4500c5f0889b6b60d5f5300360d47c314d2be63a5917b1a0623f4fe3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 444
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:52 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "419-59e434f2e8700-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=184
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK jquery.hoverintent.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 1 KB
1 KB 142ms
141ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.hoverintent.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

59d3b42550f13ce9588c415cd29d0d0624ff82f0069d4bb8e673b2dafcc987d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 463
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "454-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=187
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK avada-vertical-menu-widget.js Show response
www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/ 2 KB
1 KB 148ms
141ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/avada-vertical-menu-widget.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

4a7b353345f28b2f6473cf4b09bd8630b109184e31e8d999ccea5d7e741e4351

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 459
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "75a-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=188
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK bootstrap.tooltip.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 9 KB
4 KB 144ms
139ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/bootstrap.tooltip.js?ver=3.3.5

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

5c7ff052e40a182febf1b6a082b2676f088fd360046755c2762380dc3fb93168

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 3038
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "22dc-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=187
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK bootstrap.popover.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 2 KB
1 KB 151ms
147ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/bootstrap.popover.js?ver=3.3.5

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

20ab7bdc092a81b8ddc76f31895a985835df01667588c354f831a036f55e5075

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 697
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "633-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=187
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK jquery.carouFredSel.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 53 KB
14 KB 144ms
143ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.carouFredSel.js?ver=6.2.1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

0a7ad0894de0ad3e1e3f60bb7f1acff8f0111e16898ef194de60504147c21656

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 13537
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "d555-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=187
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK jquery.easing.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 3 KB
2 KB 142ms
141ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.easing.js?ver=1.3

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

14736cc84994f28ff5106f6b8e6f017f38f94c2b42fc69f3b4e43522882c7422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 805
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "d04-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=183
Expires: Tue, 29 Mar 2022 14:24:40 GMT

GET
H/1.1 200
OK jquery.flexslider.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 22 KB
7 KB 144ms
142ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.flexslider.js?ver=2.2.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

e36fdce902bfa93a2440660eab3f9ebe225ff5d553799748955df74773e8836e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 6532
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "59f7-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=186
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK jquery.hoverflow.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 647 B
1 KB 150ms
146ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.hoverflow.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

7d505ba222682e357b9df002b34795df17ebda41a74b5d2aa0143b13ffbceb11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 336
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "287-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=187
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK jquery.placeholder.min.js Show response
www.siriuscom.com/wp-content/plugins/the-events-calendar/vendor/jquery-placeholder/ 2 KB
2 KB 157ms
145ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/the-events-calendar/vendor/jquery-placeholder/jquery.placeholder.min.js?ver=5.1.4

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

81156585e8f0e4eeeca66c3b8204462a2d38f448ea03c24d550aa6fec56e9f5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 881
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Mon, 27 Jul 2020 17:22:53 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "871-5ab6f929c7540-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=186
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK jquery.touchSwipe.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 10 KB
4 KB 141ms
139ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.touchSwipe.js?ver=1.6.6

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

54857896bdcf37a944f4bd573b0cf874eaa0aa62ee8e2e222cce3a7788bcd395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 3644
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "2787-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=186
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK fusion-alert.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 138 B
903 B 141ms
139ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-alert.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

9c1eedb49dbbf57672cbf97d7d70edf6918f89e58c57d49e71496dbda2a56df3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 131
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "8a-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=182
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK fusion-carousel.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 4 KB
2 KB 146ms
142ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-carousel.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

aa887bd82816b046c131856daa00a57eaa9172e78a62870bf2e65175ca6dbeb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 1144
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "e0c-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=186
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK fusion-flexslider.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 9 KB
2 KB 152ms
151ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-flexslider.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

0e2392fdc4987b5456a43638346618351b095182be241f698516ea298e2d96f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 1073
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "2416-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=185
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK fusion-popover.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 275 B
965 B 144ms
142ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-popover.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

ab439586de1e097863ea040904bdd2bfa31014e9294e975142a70699074d0841

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 192
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "113-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=186
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK fusion-tooltip.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 2 KB
1 KB 140ms
139ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-tooltip.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

399d2ccc7531e019f247d142f2e9e060fe8752504bdaf463028d32ec212695cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 452
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "603-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=185
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK fusion-sharing-box.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 610 B
996 B 148ms
148ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-sharing-box.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

0eb948d2111a3a8f5e1f1ad8f8ece80d0a10f8f1fc5e1c0c2e214d461a49a952

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 223
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "262-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=185
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK fusion-blog.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 9 KB
3 KB 141ms
140ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-blog.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

4dd4ba9773ddb1007653ca0abb0a4b8606035794823000db1e932ef79d79ad16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 2275
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "240e-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=181
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK fusion-button.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 231 B
942 B 142ms
141ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-button.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

f1560fb223e37341fa8b435f6c114628cadeb4ab4057f25a729fa717ad240987

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 170
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "e7-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=185
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK fusion-general-global.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 569 B
1 KB 144ms
143ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-general-global.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

fbc02a59b50dd8863fa2621ac9081e28fdd627f5476aec06784858858f05f442

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 286
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "239-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=184
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK fusion-ie1011.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 1 KB
1 KB 145ms
144ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-ie1011.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

27d5b422e5ac5a2170e6c73bcdeb86aa9320af8c7d6ef5a53d1c678720e2d598

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 526
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "4b3-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=185
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK avada-header.js Show response
www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/ 31 KB
4 KB 142ms
141ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/avada-header.js?ver=5.7.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

28f47b21fa8a95bb068b6d2b36f6fc12c622a8092af6182ca46c6338d7b7c4d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 3817
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "7cd5-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=184
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK avada-menu.js Show response
www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/ 34 KB
7 KB 149ms
148ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/avada-menu.js?ver=5.7.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

f937cef662cf12641922dee29ba5124cfc909ee6d1d3c2896c462f0c43d9c46b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 5962
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "88fa-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=184
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK fusion-scroll-to-anchor.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 4 KB
2 KB 149ms
143ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-scroll-to-anchor.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

fa2e8ed25b98183e4a8126c1fa69a8628362676c522ca8a9bbeb3adabea034d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 1424
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "1195-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=180
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK fusion-responsive-typography.js Show response
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 2 KB
1 KB 145ms
143ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-responsive-typography.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

50842be368e7865ccc110511b5ebfda87894b8162a459946d08e7a13ff4b1507

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 658
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "926-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=184
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK bootstrap.scrollspy.js Show response
www.siriuscom.com/wp-content/themes/Avada/assets/min/js/library/ 3 KB
2 KB 144ms
143ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/assets/min/js/library/bootstrap.scrollspy.js?ver=3.3.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

b6ce2750a5429b968ac4c675acacfbd7da06ddf4638fb1e73ffb0a4553b346cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 1060
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "a77-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=183
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK avada-comments.js Show response
www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/ 1 KB
1 KB 144ms
142ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/avada-comments.js?ver=5.7.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

3aeb5d27ba1347463afdea3f0a9e7332c7db1adb45377264fba3b37c0da01178

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 470
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "492-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=184
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK avada-general-footer.js Show response
www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/ 952 B
1 KB 144ms
139ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/avada-general-footer.js?ver=5.7.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

4f56a354ed72e68c9165a6b5ea38351046a0af0d713df4a090b8d4be722367cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 352
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "3b8-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=183
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK avada-quantity.js Show response
www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/ 1 KB
1 KB 147ms
146ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/avada-quantity.js?ver=5.7.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

b5609922140cafd832011effc2ec0a286db7e83ceb2cf3091cc0d306eee5328d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 576
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "525-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=183
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK avada-scrollspy.js Show response
www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/ 656 B
1 KB 147ms
144ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/avada-scrollspy.js?ver=5.7.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

1f530977f86728293d5f9aa64d48f2a3f4e9db788af2568ee54d4cb4fc332860

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 252
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "290-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=183
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK avada-select.js Show response
www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/ 501 B
1004 B 147ms
144ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/avada-select.js?ver=5.7.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

d8c237ac23e562540132de6ced5d5a5619a6ee895b0da0298bfdb6e7bbceb7b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 231
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "1f5-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=179
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK avada-sidebars.js Show response
www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/ 3 KB
1 KB 142ms
140ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/avada-sidebars.js?ver=5.7.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

8725cd37d5dfef7a1981f8972d9b2e003e5d56e8912dc53db0d4e049958c12ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 682
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "a05-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=182
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK jquery.sticky-kit.js Show response
www.siriuscom.com/wp-content/themes/Avada/assets/min/js/library/ 3 KB
2 KB 143ms
142ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/assets/min/js/library/jquery.sticky-kit.js?ver=5.7.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

1b4944b5f8a439d1e7f531888ed6eb66781561f56f84336e75b218cb31bb9af9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 1208
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "aba-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=183
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK avada-tabs-widget.js Show response
www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/ 453 B
1006 B 144ms
142ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/avada-tabs-widget.js?ver=5.7.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

f1ebf95b8c5770caa6358f4448ef42c18e17fd368a6efeff424fb801941c4da1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 233
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "1c5-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=182
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK jquery.toTop.js Show response
www.siriuscom.com/wp-content/themes/Avada/assets/min/js/library/ 1 KB
1 KB 145ms
145ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/assets/min/js/library/jquery.toTop.js?ver=1.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

132b243eb8bdb961de2dd423a678f4c12ee160c40093ff06d31d10b43145cfdf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 529
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "400-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=182
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK avada-to-top.js Show response
www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/ 222 B
927 B 147ms
140ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/avada-to-top.js?ver=5.7.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

5be6f7bd7c681c64cf19fc457ef73dda83f73becb6c7bd1a32a06846785b1128

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 155
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "de-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=178
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK avada-rev-styles.js Show response
www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/ 2 KB
1 KB 146ms
141ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/avada-rev-styles.js?ver=5.7.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

3cedf966c9e025378ad7eb2aff570d1088fdb76eb279f7a9823a001d33a3d782

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 535
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "920-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=182
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK avada-mobile-image-hover.js Show response
www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/ 454 B
1 KB 142ms
140ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/avada-mobile-image-hover.js?ver=5.7.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

95c32ab8d10589ec8af3bbe211006f02c2056dd2d611e141a2379fadff05795b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 254
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "1c6-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=181
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK jquery.elasticslider.js Show response
www.siriuscom.com/wp-content/themes/Avada/assets/min/js/library/ 4 KB
2 KB 151ms
149ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/assets/min/js/library/jquery.elasticslider.js?ver=5.7.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

efd7b1811cef4b7c13b8ae58028f93fd15f154177f1a65df59c0f2139649b9ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 1622
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "11da-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=182
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK avada-elastic-slider.js Show response
www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/ 521 B
992 B 140ms
139ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/avada-elastic-slider.js?ver=5.7.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

11a03c12927fe2110cf77b28a5d8441c0cbf639fe01f96b969aa9a0ee8350892

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 219
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "209-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=181
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK avada-events.js Show response
www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/ 2 KB
1 KB 151ms
150ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/assets/min/js/general/avada-events.js?ver=5.7.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

30ebce9a501cdca62d5361c16f023dfde0c31f5f189ee25d509f1416b2258e9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 693
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "8b9-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=181
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK avada-fusion-slider.js Show response
www.siriuscom.com/wp-content/plugins/fusion-core/js/min/ 26 KB
5 KB 150ms
148ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/fusion-core/js/min/avada-fusion-slider.js?ver=1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

5733d4e205ea28887e56a39851b592959b514b6b2d57a5f5db9cfcc518a9d23a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 3835
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:53 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "690f-59e434f3dc940-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=181
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H2 200 js Show response
maps.googleapis.com/maps/api/ 123 KB
40 KB 89ms
66ms Script
text/javascript 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?sensor=false&ver=5.3.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

8eaaf13212ddc8016ea92ee148b5d794b3a4d081d89e050f74af614b685d6f36

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 14:24:39 GMT
content-encoding: gzip
vary: Accept-Language
server: mafe
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1800
server-timing: gfet4t7; dur=47
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41075
x-xss-protection: 0
expires: Mon, 29 Mar 2021 14:54:39 GMT

GET
H/1.1 200
OK ubermenu.min.js Show response
www.siriuscom.com/wp-content/plugins/ubermenu/assets/js/ 27 KB
7 KB 149ms
147ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/ubermenu/assets/js/ubermenu.min.js?ver=3.2.1.1

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

787ac8a2efc10fc3591bbe26dac95167fb58c5ff53ba2bb22be243c815339ca4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 6886
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:06:56 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "6a22-59e434f6b9000-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=177
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H/1.1 200
OK wp-embed.min.js Show response
www.siriuscom.com/wp-includes/js/ 1 KB
1 KB 140ms
139ms Script
application/x-javascript 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-includes/js/wp-embed.min.js?ver=5.3.2

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

0284cbccebf1682452d62d06efa3665c874d642d4e03f5f5f9bb0f555da9251b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 740
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:11:10 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "577-59e435e8f4b80-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/x-javascript
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=180
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET okta-auth-js.min.js
ok1static.oktacdn.com/assets/js/sdk/okta-auth-js/1.13.0/ 0
0

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 197 KB
57 KB 53ms
32ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M4JL692

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2790cdea4752fd2789f86d80d54feef92c7cedc6681b0b721d7682e4f0841bbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 14:24:39 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58696
x-xss-protection: 0
last-modified: Mon, 29 Mar 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 29 Mar 2021 14:24:39 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0e.ttf
fonts.gstatic.com/s/opensans/v18/ 26 KB
18 KB 52ms
31ms Font
font/ttf 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0e.ttf

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/wp-content/uploads/fusion-styles/ee8facd5bf821c7504b99091546d9109.min.css?ver=5.3.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5669ca033ab68625c0cae6bcf1abb2722c02ea43a0d65323b2f7b023c7afa35e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.siriuscom.com
Referer: https://www.siriuscom.com/wp-content/uploads/fusion-styles/ee8facd5bf821c7504b99091546d9109.min.css?ver=5.3.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 05:52:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30732
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18276
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:09:22 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Mar 2022 05:52:27 GMT

GET
H/1.1 200
OK icomoon.woff
www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/fonts/icomoon/ 17 KB
11 KB 296ms
142ms Font
application/font-woff 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/themes/Avada/includes/lib/assets/fonts/icomoon/icomoon.woff

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/wp-content/uploads/fusion-styles/ee8facd5bf821c7504b99091546d9109.min.css?ver=5.3.2

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

6af107cfcc3720e22e6821a417995ae8ff5b3b745f23d2239cbf639516e11e20

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.siriuscom.com
Referer: https://www.siriuscom.com/wp-content/uploads/fusion-styles/ee8facd5bf821c7504b99091546d9109.min.css?ver=5.3.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 10774
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "4588-59e435022ab00-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/font-woff
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=31536000
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=193
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H/1.1 200
OK fontawesome-webfont.woff2
www.siriuscom.com/wp-content/plugins/ubermenu/assets/css/fontawesome/fonts/ 63 KB
64 KB 305ms
142ms Font
application/font-woff2 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.siriuscom.com/wp-content/plugins/ubermenu/assets/css/fontawesome/fonts/fontawesome-webfont.woff2?v=4.4.0

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/wp-content/plugins/ubermenu/assets/css/fontawesome/css/font-awesome.min.css?ver=4.3

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.siriuscom.com
Referer: https://www.siriuscom.com/wp-content/plugins/ubermenu/assets/css/fontawesome/css/font-awesome.min.css?ver=4.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 64466
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "fbd0-59e434f6b9000-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/font-woff2
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=31536000
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=195
Expires: Tue, 29 Mar 2022 14:24:39 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v17/ 22 KB
23 KB 30ms
11ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A%2C300%2C400%2C700&ver=5.3.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.siriuscom.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 25 Mar 2021 03:49:54 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:12 GMT
server: sffe
age: 383685
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22992
x-xss-protection: 0
expires: Fri, 25 Mar 2022 03:49:54 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v17/ 23 KB
23 KB 37ms
17ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A%2C300%2C400%2C700&ver=5.3.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.siriuscom.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 25 Mar 2021 15:17:59 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:46 GMT
server: sffe
age: 342400
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
expires: Fri, 25 Mar 2022 15:17:59 GMT

GET
H/1.0 200
OK Cookie set 7hxqz Show response
get.siriuscom.com/l/302691/2018-12-10/ Frame 351F 5 KB
3 KB 752ms
271ms Document
text/html 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://get.siriuscom.com/l/302691/2018-12-10/7hxqz
Requested by: Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 93df26a0ea3f54358764c82231a5f50f0e7cdeb0c4eebdd42c2d3f2dc9733f7f

Request headers

Host: get.siriuscom.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Set-Cookie: pardot=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0 visitor_id302691=237551213; expires=Thu, 27-Mar-2031 14:24:40 GMT; Max-Age=315360000; path=/; secure; SameSite=None visitor_id302691-hash=533c247fd37d0e8a4f54aaf23014edf7a65ea2e8fdfcc12fd726dad484e8430b141d61f66b476d665edd09dd9c2d0118cf3beb5c; expires=Thu, 27-Mar-2031 14:24:40 GMT; Max-Age=315360000; path=/; secure; SameSite=None
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Pardot-Rsp: 16/30/149
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 1887
Content-Type: text/html; charset=utf-8
X-Pardot-Route: 32427ff3465437d362f61c790f7d2406
Server: PardotServer
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
Connection: keep-alive

GET
H/1.1 200
OK Case_Study_WEB-102020-1024x683_FOOTER_02-300x200.jpg
www.siriuscom.com/wp-content/uploads/2021/01/ 20 KB
20 KB 146ms
144ms Image
image/jpeg 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.siriuscom.com/wp-content/uploads/2021/01/Case_Study_WEB-102020-1024x683_FOOTER_02-300x200.jpg

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

eda0986acdc51065ff5a6cb57709be8ec2dd077e335d0be03e2ec7bf7f7c484c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:41 GMT
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 20242
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 05 Jan 2021 22:34:22 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "4f12-5b82ecedab780"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/jpeg
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=180
Expires: Tue, 29 Mar 2022 14:24:41 GMT

GET
H3-Q050 200 jizaRExUiTo99u79D0KEwA.ttf
fonts.gstatic.com/s/ptsans/v12/ 95 KB
59 KB 33ms
16ms Font
font/ttf 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KEwA.ttf

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/wp-content/uploads/fusion-styles/ee8facd5bf821c7504b99091546d9109.min.css?ver=5.3.2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

585821c09248ddd50d0e637c331a2c1a4e81e2e0a3d88c423cbcc8ba07e018a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.siriuscom.com
Referer: https://www.siriuscom.com/wp-content/uploads/fusion-styles/ee8facd5bf821c7504b99091546d9109.min.css?ver=5.3.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 12:21:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7388
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59980
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:09:18 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Mar 2022 12:21:31 GMT

GET
H3-Q050 200 JTUSjIg1_i6t8kCHKm459Wlhzg.ttf
fonts.gstatic.com/s/montserrat/v15/ 45 KB
45 KB 52ms
36ms Font
font/ttf 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTUSjIg1_i6t8kCHKm459Wlhzg.ttf

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/wp-content/uploads/fusion-styles/ee8facd5bf821c7504b99091546d9109.min.css?ver=5.3.2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07ae7cf9c7f3bfc4bc63842bb07e5846837c0071f8d96042de9d0f4a3cc997b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.siriuscom.com
Referer: https://www.siriuscom.com/wp-content/uploads/fusion-styles/ee8facd5bf821c7504b99091546d9109.min.css?ver=5.3.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 28 Mar 2021 14:13:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:11:53 GMT
server: sffe
age: 87096
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46392
x-xss-protection: 0
expires: Mon, 28 Mar 2022 14:13:03 GMT

GET
H3-Q050 200 mem6YaGs126MiZpBA-UFUK0Zdcg.ttf
fonts.gstatic.com/s/opensans/v18/ 25 KB
17 KB 43ms
27ms Font
font/ttf 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem6YaGs126MiZpBA-UFUK0Zdcg.ttf

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/wp-content/uploads/fusion-styles/ee8facd5bf821c7504b99091546d9109.min.css?ver=5.3.2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61fdc9b2d67aa5a5ad07e5bacceb21c22a0c7bffce3f4c41eed75a1e0d84c545

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.siriuscom.com
Referer: https://www.siriuscom.com/wp-content/uploads/fusion-styles/ee8facd5bf821c7504b99091546d9109.min.css?ver=5.3.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 24 Mar 2021 23:03:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 400873
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17599
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:09:38 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 24 Mar 2022 23:03:26 GMT

GET
H3-Q050 200 mem5YaGs126MiZpBA-UN7rgOUuhs.ttf
fonts.gstatic.com/s/opensans/v18/ 28 KB
29 KB 31ms
16ms Font
font/ttf 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhs.ttf

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/wp-content/uploads/fusion-styles/ee8facd5bf821c7504b99091546d9109.min.css?ver=5.3.2

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7f8be99aee46445efcc7c49145388deca59f0dfd183ed4b3892ca111c2b401a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.siriuscom.com
Referer: https://www.siriuscom.com/wp-content/uploads/fusion-styles/ee8facd5bf821c7504b99091546d9109.min.css?ver=5.3.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 28 Mar 2021 17:04:36 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:59 GMT
server: sffe
age: 76803
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28848
x-xss-protection: 0
expires: Mon, 28 Mar 2022 17:04:36 GMT

GET
H3-Q050 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v15/ 19 KB
19 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:800%2C400%7CRoboto:400

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8767f01caa430c5bd4e3b008a8e9dfe022156a4e91a23c394fdcb05c267f1b94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.siriuscom.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 26 Mar 2021 08:14:49 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:11:52 GMT
server: sffe
age: 281390
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19172
x-xss-protection: 0
expires: Sat, 26 Mar 2022 08:14:49 GMT

GET
H3-Q050 200 JTURjIg1_i6t8kCHKm45_c5H3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v15/ 19 KB
19 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_c5H3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:800%2C400%7CRoboto:400

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c623b34dcf729895c3bc9b6e261796bbad69555a21ad6d2f9b4e7bc27b6e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.siriuscom.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 25 Mar 2021 17:12:17 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:11:08 GMT
server: sffe
age: 335542
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19440
x-xss-protection: 0
expires: Fri, 25 Mar 2022 17:12:17 GMT

GET
H2 200 hotjar-1223080.js Show response
static.hotjar.com/c/ 4 KB
2 KB 132ms
65ms Script
application/javascript 13.226.159.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1223080.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M4JL692

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.159.100 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-159-100.dus51.r.cloudfront.net

Software

Resource Hash

bfb73d3ccfa98dd832c84af27af92ce0db4938d696a5879741f5874897278b7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 14:24:39 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: DUS51-C1
etag: W/cd497dccac902336c1fa201fcd1b97e9
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
content-length: 1835
via: 1.1 77d8cf253666facea1bbe67902fcbbc1.cloudfront.net (CloudFront)
x-amz-cf-id: oS9tW591J7ITwtVYnp20LAIITYrBPrPmAHidM6VVKOEotC71L8u0qQ==

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 35 KB
14 KB 137ms
42ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M4JL692

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

bbff0182d1a1f1af97f7a7d94badc0a4df084f50c09a6213f59fa5305dc120d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 14:24:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13738
x-xss-protection: 0
server: cafe
etag: 10420051169657019655
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 29 Mar 2021 14:24:39 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M4JL692

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 572
date: Mon, 29 Mar 2021 14:15:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18980
expires: Mon, 29 Mar 2021 16:15:07 GMT

GET
H3-Q050

200

activityi;dc_pre=CM6ngaPa1e8CFROscQodn7UE5w;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-we... Show response
10117223.fls.doubleclick.net/ Frame FA22
Redirect Chain

https://10117223.fls.doubleclick.net/activityi;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone...
https://10117223.fls.doubleclick.net/activityi;dc_pre=CM6ngaPa1e8CFROscQodn7UE5w;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fww...

537 B
1013 B

109ms
63ms

Document
text/html

142.250.185.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10117223.fls.doubleclick.net/activityi;dc_pre=CM6ngaPa1e8CFROscQodn7UE5w;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M4JL692

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f6.1e100.net

Software

cafe /

Resource Hash

a21703f14c9469bec9de9858daaac7e22bd005d0108520e04a1dd9bcbbd8e4e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 10117223.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CM6ngaPa1e8CFROscQodn7UE5w;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 29 Mar 2021 14:24:40 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 412
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 29-Mar-2021 14:39:40 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 29 Mar 2021 14:24:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://10117223.fls.doubleclick.net/activityi;dc_pre=CM6ngaPa1e8CFROscQodn7UE5w;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 8ms
7ms Script
application/x-javascript 2a02:26f0:6c00:28c::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M4JL692
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28c::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 22:14:03 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=57361
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1855

GET
H2 200 launch-EN1f1d1eaf816b40e5aae7bce04ab8999c.min.js Show response
assets.adobedtm.com/ 157 KB
53 KB 28ms
10ms Script
application/x-javascript 2a02:26f0:6c00:2a6::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/launch-EN1f1d1eaf816b40e5aae7bce04ab8999c.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M4JL692
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a6::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a3d6633fb07102da2ab32fcbcf249782c2ebe32747fc788acc6925337076fde7

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 14:24:39 GMT
content-encoding: gzip
last-modified: Tue, 03 Sep 2019 18:54:35 GMT
server: AkamaiNetStorage
etag: "17d3e4884e83b1a985b0604eebcf2ed5:1567536875.935098"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.siriuscom.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 53985
expires: Mon, 29 Mar 2021 15:24:39 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 91 KB
24 KB 23ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9e7ea2b4ba8e2bcc4a964d6192e4671dc5f6863a1c7e35b52b229a3c1e67a68d

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23762
x-fb-rlafr: 0
pragma: public
x-fb-debug: L5he9kQ082kGMSGBKsDQ9kJ2rr401vxkXtnSPvDi10UpnhcjATwQ/4MMV45lltRFZQGqykll5m2C5ZGHPy2AFg==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Mon, 29 Mar 2021 14:24:39 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK pixie.js Show response
acdn.adnxs.com/dmp/up/ 7 KB
3 KB 101ms
27ms Script
application/javascript 151.101.13.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/up/pixie.js
Requested by: Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 3883ff2a5b46193da5464f5ae5fb94169d1361cfecedbd187439d459dc669f31

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:39 GMT
Content-Encoding: gzip
Age: 67556
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 2601
X-Served-By: cache-lga21958-LGA, cache-fra19126-FRA
Access-Control-Allow-Origin: *
Last-Modified: Thu, 14 May 2020 21:04:36 GMT
Server: nginx/1.13.10
X-Timer: S1617027880.925230,VS0,VE0
ETag: W/"5ebdb264-1cfb"
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 varnish, 1.1 varnish
Expires: Thu, 10 Dec 2020 19:35:03 GMT
Cache-Control: max-age=86402
Accept-Ranges: bytes
X-Cache-Hits: 3, 10068

GET
H2 200 WbpcVG5HjqxJiP1v8bHN Show response
ws.zoominfo.com/pixel/ 0
725 B 239ms
215ms Script
text/javascript 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/WbpcVG5HjqxJiP1v8bHN

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 14:24:40 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 6379c359292d323c-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
content-length: 0
cf-request-id: 091ff86bb70000323c5d825000000001

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=506118145&time=1617027879844&url=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D506118145%26time%3D1617027879844%26url%3Dhttps%253A%252F%252Fwww.siriuscom.com%25...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=506118145&time=1617027879844&url=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F&liSync=true

0
394 B

210ms
209ms

Image
application/javascript

2620:119:50e1:101::6cae:b25
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=506118145&time=1617027879844&url=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F&liSync=true
Requested by: Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:119:50e1:101::6cae:b25 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 14:24:40 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-proto: http/2
x-li-pop: prod-esv5
content-type: application/javascript
content-length: 0
x-li-uuid: 4e8rMkrWcBaAwg4QTSsAAA==

Redirect headers

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
linkedin-action: 1
content-length: 0
x-li-uuid: kw4yI0rWcBaw1Jf+fSsAAA==
pragma: no-cache
x-li-pop: afd-prod-esv5
x-msedge-ref: Ref A: 0DA3AAE80743411AB10913CA40B39096 Ref B: FRAEDGE1113 Ref C: 2021-03-29T14:24:40Z
date: Mon, 29 Mar 2021 14:24:39 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-frame-options: sameorigin
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=506118145&time=1617027879844&url=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F&liSync=true
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
104 B 20ms
20ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j88&a=737821&t=pageview&_s=1&dl=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F&ul=en-us&de=UTF-8&dt=One-Week%20Robinhood%20Ransomware%20Recovery%20%7C%20Sirius&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=2042118932&gjid=408260036&cid=2106066761.1617027880&tid=UA-73329068-1&_gid=1929630441.1617027880&_r=1&gtm=2wg3h0M4JL692&z=276073995

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 29 Mar 2021 14:24:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.siriuscom.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 522087345205331 Show response
connect.facebook.net/signals/config/ 241 KB
70 KB 59ms
57ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/522087345205331?v=2.9.33&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9763da758d5cf370ec52847a4cc08845aac52dee1d3797b4dc325c8da9518364

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr: 0
pragma: public
x-fb-debug: qqVtNh+ubLBTYR9+9LDfNVHnCnXH/BbvaYRDeQxnX4oT96asRFlCJyynjs5PL7vKbCuVIbvHs91UUV31lS/L8w==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Mon, 29 Mar 2021 14:24:39 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coop_report","max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"include_subdomains":true}, {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
cross-origin-opener-policy-report-only: same-origin-allow-popups;report-to="coop_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 387 B
1 KB 227ms
54ms XHR
application/json 34.252.115.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=3.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=73ED349955C1DC587F000101%40AdobeOrg&d_nsid=0&ts=1617027879957

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN1f1d1eaf816b40e5aae7bce04ab8999c.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.252.115.248 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-252-115-248.eu-west-1.compute.amazonaws.com

Software

Resource Hash

3ebb9381b3e7ffa49f441cd777004f105f816894ee8332f403fff534c82a33b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v090-0aa4cc226.edge-irl1.demdex.com 5.80.7.20210304103356 2ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: 8Kypgm0WR6I=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.siriuscom.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 316
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP7b005e8fe6ce4fad9dc9f6f4416906e2/ 33 KB
13 KB 7ms
6ms Script
application/x-javascript 2a02:26f0:6c00:2a6::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP7b005e8fe6ce4fad9dc9f6f4416906e2/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN1f1d1eaf816b40e5aae7bce04ab8999c.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a6::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 7f8e2cc226482ec3a71185c7334d36d8b9ec5c1779f8681cbd78022cd8e82353

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 14:24:39 GMT
content-encoding: gzip
last-modified: Mon, 05 Nov 2018 19:06:42 GMT
server: AkamaiNetStorage
etag: "17f4cef0f89e4240aae73d1b50d5774d:1541444804"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.siriuscom.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12545
expires: Mon, 29 Mar 2021 15:24:39 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 95ms
30ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN1f1d1eaf816b40e5aae7bce04ab8999c.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 14:24:40 GMT
via: 1.1 varnish
last-modified: Fri, 04 Dec 2020 00:21:46 GMT
age: 48801
etag: "cbc512946c8abb461c6215ed5b454e5f+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding: gzip
cache-control: no-cache
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 1957
x-timer: S1617027880.068397,VS0,VE0
x-served-by: cache-hhn11564-HHN

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
89 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j88&tid=UA-73329068-1&cid=2106066761.1617027880&jid=2042118932&gjid=408260036&_gid=1929630441.1617027880&_u=YEBAAEAAAAAAAC~&z=1471548780

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 29 Mar 2021 14:24:40 GMT
content-type: text/plain
access-control-allow-origin: https://www.siriuscom.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
114 B 51ms
37ms Image
image/gif 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j88&tid=UA-73329068-1&cid=2106066761.1617027880&jid=2042118932&_u=YEBAAEAAAAAAAC~&z=2001254256

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Mar 2021 14:24:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET ga-audiences
www.google.de/ads/ 0
0

GET
H/1.1 200
OK pixie
ib.adnxs.com/ 42 B
354 B 115ms
34ms Image
image/gif 37.252.172.36
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.adnxs.com/pixie?e=PageView&pi=f4202a6c-35af-4a8a-a838-a33041ef0736&it=1617027880020&v=0.0.15&u=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F&st=1617027880019&et=1617027880020&if=0
Requested by: Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 37.252.172.36 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software: nginx/1.17.9 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx/1.17.9
Connection: keep-alive
X-Proxy-Origin: 185.216.34.99; 185.216.34.99; 692.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 10.13.72.136:80
Content-Length: 42
Content-Type: image/gif

GET
H2 200 modules.35981999a656a5a28309.js Show response
script.hotjar.com/ 217 KB
58 KB 115ms
39ms Script
application/javascript 13.226.159.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.35981999a656a5a28309.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1223080.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.226.159.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-159-122.dus51.r.cloudfront.net

Software

Resource Hash

be26dc83d31ea12211104016f94a8df96762c716ff80ef9859b5d87d5ef19ba4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 24 Mar 2021 12:55:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 437372
x-cache: Hit from cloudfront
content-length: 58593
access-control-allow-origin: *
last-modified: Wed, 24 Mar 2021 12:55:01 GMT
etag: "feecc1308620f8e5b960a42433207f2e"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 8033f9c6b87a03b2eca7c2db5157e10e.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: PRSSMk1jQG2kzgz4S-mCt_aeXvupoyK5fWQ_nCJB1PTklRUhY59_Mg==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/763352758/ 2 KB
1 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/763352758/?random=1617027880034&cv=9&fst=1617027880034&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg3h0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F&tiba=One-Week%20Robinhood%20Ransomware%20Recovery%20%7C%20Sirius&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5ceb2f32f60eba3a49a5d5c3bb04261654462734cb029fdd42a0edf20b013ea4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Mar 2021 14:24:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1054
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 AppMeasurement_Module_AudienceManagement.min.js Show response
assets.adobedtm.com/extensions/EP7b005e8fe6ce4fad9dc9f6f4416906e2/ 22 KB
8 KB 11ms
10ms Script
application/x-javascript 2a02:26f0:6c00:2a6::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP7b005e8fe6ce4fad9dc9f6f4416906e2/AppMeasurement_Module_AudienceManagement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN1f1d1eaf816b40e5aae7bce04ab8999c.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a6::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 6f87fcb1685fd7b854df68bc33c004f857aedfa18981ea5cf8835a7629aa23f7

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 14:24:40 GMT
content-encoding: gzip
last-modified: Mon, 05 Nov 2018 19:06:42 GMT
server: AkamaiNetStorage
etag: "28959b0c36a57b7523eacd95f9fad2e2:1541444804"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.siriuscom.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 7953
expires: Mon, 29 Mar 2021 15:24:40 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
260 B 15ms
8ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=522087345205331&ev=PageView&dl=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F&rl=&if=false&ts=1617027880081&sw=1600&sh=1200&v=2.9.33&r=stable&ec=0&o=30&fbp=fb.1.1617027880078.1127416487&it=1617027879918&coo=false&rqm=GET

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 14:24:40 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Mon, 29 Mar 2021 14:24:40 GMT

GET
H3-Q050 200 /
www.google.com/pagead/1p-user-list/763352758/ 42 B
318 B 21ms
20ms Image
image/gif 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/763352758/?random=1617027880034&cv=9&fst=1617026400000&num=1&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg3h0&sendb=1&frm=0&url=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F&tiba=One-Week%20Robinhood%20Ransomware%20Recovery%20%7C%20Sirius&async=1&fmt=3&is_vtc=1&random=559557617&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Mar 2021 14:24:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET /
www.google.de/pagead/1p-user-list/763352758/ 0
0

GET
H2 200 dc_pre=CM6ngaPa1e8CFROscQodn7UE5w;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinho... Show response
adservice.google.com/ddm/fls/i/ Frame 2DF4 536 B
481 B 45ms
42ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CM6ngaPa1e8CFROscQodn7UE5w;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F

Requested by

Host: 10117223.fls.doubleclick.net
URL: https://10117223.fls.doubleclick.net/activityi;dc_pre=CM6ngaPa1e8CFROscQodn7UE5w;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cfb0ae4e973e29af453949db28085508af7ff8c11bbe5a1d878b99034c1ae730

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: adservice.google.com
:scheme: https
:path: /ddm/fls/i/dc_pre=CM6ngaPa1e8CFROscQodn7UE5w;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://10117223.fls.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://10117223.fls.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 29 Mar 2021 14:24:40 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 412
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050

200

dc_pre=CM6ngaPa1e8CFROscQodn7UE5w;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinho... Show response
10117223.fls.doubleclick.net/ddm/fls/r/ Frame 805C
Redirect Chain

https://adservice.google.de/ddm/fls/i/dc_pre=CM6ngaPa1e8CFROscQodn7UE5w;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fwww.siriusc...
https://10117223.fls.doubleclick.net/ddm/fls/r/dc_pre=CM6ngaPa1e8CFROscQodn7UE5w;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fww...

1 KB
1 KB

65ms
65ms

Document
text/html

142.250.185.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10117223.fls.doubleclick.net/ddm/fls/r/dc_pre=CM6ngaPa1e8CFROscQodn7UE5w;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CM6ngaPa1e8CFROscQodn7UE5w;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f6.1e100.net

Software

cafe /

Resource Hash

b4dbd152c6537f3e1998dce7ca3a8c91b44996195431f523bd7ab7767067498f

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 10117223.fls.doubleclick.net
:scheme: https
:path: /ddm/fls/r/dc_pre=CM6ngaPa1e8CFROscQodn7UE5w;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://adservice.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://adservice.google.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 29 Mar 2021 14:24:40 GMT
expires: Mon, 29 Mar 2021 14:24:40 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 794
x-xss-protection: 0
set-cookie: IDE=AHWqTUmh7aj4-Ws8gZc_xGcOePaZ8OhCsVF_cTh9M7eacmTPTTOzQgDdLv9J2DIwh90; expires=Sat, 23-Apr-2022 14:24:40 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 29 Mar 2021 14:24:40 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://10117223.fls.doubleclick.net/ddm/fls/r/dc_pre=CM6ngaPa1e8CFROscQodn7UE5w;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK Cookie set dest5.html Show response
siriuscomputerpartnersandbox.demdex.net/ Frame 6420 7 KB
3 KB 238ms
56ms Document
text/html 34.246.133.154
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://siriuscomputerpartnersandbox.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN1f1d1eaf816b40e5aae7bce04ab8999c.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.246.133.154 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-246-133-154.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: siriuscomputerpartnersandbox.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: demdex=64627915737716665072092791199589049297
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Wed, 10 Mar 2021 16:02:42 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=64627915737716665072092791199589049297;Path=/;Domain=.demdex.net;Expires=Sat, 25-Sep-2021 14:24:40 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, User-Agent
X-TID: GOUELCKESw8=
Content-Length: 2785
Connection: keep-alive

GET

ibs:dpid=411&dpuuid=YGHjKAAAAHpmkRNg
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=64627915737716665072092791199589049297
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YGHjKAAAAHpmkRNg

0
0

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 351F 2 KB
776 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans

Requested by

Host: get.siriuscom.com
URL: https://get.siriuscom.com/l/302691/2018-12-10/7hxqz

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c340f2fc9103b3a383daf2262c4c58829e4acd29f2e18e02675a823f89eef33b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://get.siriuscom.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 29 Mar 2021 13:32:31 GMT
server: ESF
date: Mon, 29 Mar 2021 14:24:40 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 29 Mar 2021 14:24:40 GMT

GET
H/1.1 200
OK piUtils.js Show response
go.pardot.com/js/ Frame 351F 341 KB
99 KB 602ms
233ms Script
application/javascript 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go.pardot.com/js/piUtils.js?ver=2020-10-19
Requested by: Host: get.siriuscom.com
URL: https://get.siriuscom.com/l/302691/2018-12-10/7hxqz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 744d368a676dabf6be331840fdf74176a9ad7a784bf3920e3f640c9ed89fc43c

Request headers

Referer: https://get.siriuscom.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
X-Pardot-Route: 32427ff3465437d362f61c790f7d2406
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
Last-Modified: Thu, 29 Oct 2020 20:44:51 GMT
Server: PardotServer
ETag: "55586-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Transfer-Encoding: chunked
Accept-Ranges: bytes
Expires: Wed, 29 Mar 2023 14:24:40 GMT

GET
H3-Q050 200 api.js Show response
www.google.com/recaptcha/ Frame 351F 850 B
656 B 17ms
16ms Script
text/javascript 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: get.siriuscom.com
URL: https://get.siriuscom.com/l/302691/2018-12-10/7hxqz

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

2717dcc1ddd778f68223461ebd53610370e7617b6c74366bfc16a1e6e979cc58

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://get.siriuscom.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 14:24:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 555
x-xss-protection: 1; mode=block
expires: Mon, 29 Mar 2021 14:24:40 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ Frame 805C 4 KB
2 KB 7ms
6ms Script
application/x-javascript 2a02:26f0:6c00:28c::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: 10117223.fls.doubleclick.net
URL: https://10117223.fls.doubleclick.net/ddm/fls/r/dc_pre=CM6ngaPa1e8CFROscQodn7UE5w;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28c::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer: https://10117223.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:40 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 22:14:03 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=57360
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1855

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 805C 91 KB
23 KB 19ms
10ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: 10117223.fls.doubleclick.net
URL: https://10117223.fls.doubleclick.net/ddm/fls/r/dc_pre=CM6ngaPa1e8CFROscQodn7UE5w;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9e7ea2b4ba8e2bcc4a964d6192e4671dc5f6863a1c7e35b52b229a3c1e67a68d

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://10117223.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23762
x-fb-rlafr: 0
pragma: public
x-fb-debug: L5he9kQ082kGMSGBKsDQ9kJ2rr401vxkXtnSPvDi10UpnhcjATwQ/4MMV45lltRFZQGqykll5m2C5ZGHPy2AFg==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Mon, 29 Mar 2021 14:24:40 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

collect
px.ads.linkedin.com/ Frame 805C
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2867641&time=1617027880345&url=https%3A%2F%2Fadservice.google.com%2F
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2867641%26time%3D1617027880345%26url%3Dhttps%253A%252F%252Fadservice.google.com%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2867641&time=1617027880345&url=https%3A%2F%2Fadservice.google.com%2F&liSync=true

0
57 B

198ms
195ms

Image
application/javascript

2620:119:50e1:101::6cae:b25
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2867641&time=1617027880345&url=https%3A%2F%2Fadservice.google.com%2F&liSync=true
Requested by: Host: 10117223.fls.doubleclick.net
URL: https://10117223.fls.doubleclick.net/ddm/fls/r/dc_pre=CM6ngaPa1e8CFROscQodn7UE5w;src=10117223;type=retar0;cat=retar0;ord=9990692986818;gtm=2wg3h0;auiddc=1020569311.1617027880;~oref=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:119:50e1:101::6cae:b25 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash

Request headers

Referer: https://10117223.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 14:24:40 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-proto: http/2
x-li-pop: prod-esv5
content-type: application/javascript
content-length: 0
x-li-uuid: EJelVErWcBaQHi3bTSsAAA==

Redirect headers

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
linkedin-action: 1
content-length: 0
x-li-uuid: FX5xQ0rWcBbw5ethfCsAAA==
pragma: no-cache
x-li-pop: afd-prod-esv5
x-msedge-ref: Ref A: 17D32A60926040C1BE6BD4D163CF933A Ref B: FRAEDGE1113 Ref C: 2021-03-29T14:24:40Z
date: Mon, 29 Mar 2021 14:24:39 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-frame-options: sameorigin
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2867641&time=1617027880345&url=https%3A%2F%2Fadservice.google.com%2F&liSync=true
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 361908628126295 Show response
connect.facebook.net/signals/config/ Frame 805C 244 KB
70 KB 69ms
67ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/361908628126295?v=2.9.33&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a546e40802b9b07291edf808d00fb9d0d5db6c8371790a0b7a74b0c7aee31cc4

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://10117223.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr: 0
pragma: public
x-fb-debug: 5f6JIiRjCRFi8V8nioG5+CDyax3oIsRVvkWGKmpyOFPu/vYp34C/D3rsboaHPQUdaU4e4sCGpiH5EzMJ8NKxfA==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Mon, 29 Mar 2021 14:24:40 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coop_report","max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"include_subdomains":true}, {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
cross-origin-opener-policy-report-only: same-origin-allow-popups;report-to="coop_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ Frame 805C 44 B
215 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=361908628126295&ev=PageView&dl=https%3A%2F%2F10117223.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCM6ngaPa1e8CFROscQodn7UE5w%3Bsrc%3D10117223%3Btype%3Dretar0%3Bcat%3Dretar0%3Bord%3D9990692986818%3Bgtm%3D2wg3h0%3Bauiddc%3D1020569311.1617027880%3B~oref%3Dhttps%253A%252F%252Fwww.siriuscom.com%252Fcase-study%252Fone-week-robinhood-ransomware-recovery%252F&rl=https%3A%2F%2Fadservice.google.com%2F&if=true&ts=1617027880501&sw=1600&sh=1200&v=2.9.33&r=stable&ec=0&o=30&it=1617027880349&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://10117223.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 14:24:40 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Mon, 29 Mar 2021 14:24:40 GMT

POST
H2 200 /
www.facebook.com/tr/ 0
63 B 17ms
11ms Other
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarypckw4aPWbGyCqOJA

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Mon, 29 Mar 2021 14:24:40 GMT
content-type: text/plain
access-control-allow-origin: https://www.siriuscom.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/ Frame 351F 332 KB
130 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec361bce3349b6cbb5e414df65c58151bf4ad12078c6fc15ffd9dffcfbfa92d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://get.siriuscom.com
Referer: https://get.siriuscom.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 13:37:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2856
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132755
x-xss-protection: 0
last-modified: Mon, 22 Mar 2021 04:06:11 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 29 Mar 2022 13:37:05 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 351F 14 KB
14 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://get.siriuscom.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 25 Mar 2021 07:39:32 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:22 GMT
server: sffe
age: 369909
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14380
x-xss-protection: 0
expires: Fri, 25 Mar 2022 07:39:32 GMT

GET
H3-Q050 200 anchor Show response
www.google.com/recaptcha/api2/ Frame E4C0 20 KB
11 KB 34ms
32ms Document
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nZXQuc2lyaXVzY29tLmNvbTo0NDM.&hl=en&v=5mNs27FP3uLBP3KBPib88r1g&size=normal&cb=ji1xi5eiw9ds

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4faae5e90007934e3dc98e6c24b01a7d43a5e7218b7f8104cb9cc207657f3893

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-kpuc2vaVfPxttQtHeNIIAQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nZXQuc2lyaXVzY29tLmNvbTo0NDM.&hl=en&v=5mNs27FP3uLBP3KBPib88r1g&size=normal&cb=ji1xi5eiw9ds
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://get.siriuscom.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://get.siriuscom.com/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 29 Mar 2021 14:24:41 GMT
content-security-policy: script-src 'report-sample' 'nonce-kpuc2vaVfPxttQtHeNIIAQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 10916
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/ Frame E4C0 50 KB
25 KB 39ms
18ms Stylesheet
text/css 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nZXQuc2lyaXVzY29tLmNvbTo0NDM.&hl=en&v=5mNs27FP3uLBP3KBPib88r1g&size=normal&cb=ji1xi5eiw9ds

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b08ea3a348838bc942ad470a757575975bd09459b63c1872c6e1129a6ca1939

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 14:11:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 22 Mar 2021 04:06:11 GMT
server: sffe
age: 790
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25479
x-xss-protection: 0
expires: Tue, 29 Mar 2022 14:11:31 GMT

GET
H3-Q050 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/ Frame E4C0 332 KB
130 KB 38ms
17ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/recaptcha__en.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec361bce3349b6cbb5e414df65c58151bf4ad12078c6fc15ffd9dffcfbfa92d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 14:00:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1440
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132755
x-xss-protection: 0
last-modified: Mon, 22 Mar 2021 04:06:11 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 29 Mar 2022 14:00:41 GMT

GET
DATA 200
OK truncated
/ Frame E4C0 14 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame E4C0 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame E4C0 2 KB
2 KB 8ms
7ms Image
image/png 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/styles__ltr.css

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 24 Mar 2021 19:52:31 GMT
x-content-type-options: nosniff
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
age: 412330
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
expires: Wed, 31 Mar 2021 19:52:31 GMT

GET
H3-Q050 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E4C0 15 KB
15 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 27 Mar 2021 01:51:55 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
age: 217966
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
expires: Sun, 27 Mar 2022 01:51:55 GMT

GET
H3-Q050 200 X8unmHfEQ3F5n2RsHjGpzlShR0zqBlJO5Q_PtwQUnPI.js Show response
www.google.com/js/bg/ Frame E4C0 14 KB
6 KB 15ms
7ms Script
text/javascript 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/bg/X8unmHfEQ3F5n2RsHjGpzlShR0zqBlJO5Q_PtwQUnPI.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fcba79877c44371799f646c1e31a9ce54a1474cea06524ee50fcfb704149cf2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nZXQuc2lyaXVzY29tLmNvbTo0NDM.&hl=en&v=5mNs27FP3uLBP3KBPib88r1g&size=normal&cb=ji1xi5eiw9ds
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 14:00:32 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 15 Mar 2021 13:00:00 GMT
server: sffe
age: 1449
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5716
x-xss-protection: 0
expires: Tue, 29 Mar 2022 14:00:32 GMT

GET
H3-Q050 200 webworker.js
www.google.com/recaptcha/api2/ Frame E4C0 102 B
159 B 19ms
15ms Other
text/javascript 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=5mNs27FP3uLBP3KBPib88r1g

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

755fc16c048c7375eb92052140a46cdb3aeb33046799cb298a0c1e3292b23071

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9nZXQuc2lyaXVzY29tLmNvbTo0NDM.&hl=en&v=5mNs27FP3uLBP3KBPib88r1g&size=normal&cb=ji1xi5eiw9ds
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 14:24:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Mon, 29 Mar 2021 14:24:41 GMT

GET
H2 200 /
www.facebook.com/tr/ Frame 805C 44 B
150 B 9ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=361908628126295&ev=Microdata&dl=https%3A%2F%2F10117223.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCM6ngaPa1e8CFROscQodn7UE5w%3Bsrc%3D10117223%3Btype%3Dretar0%3Bcat%3Dretar0%3Bord%3D9990692986818%3Bgtm%3D2wg3h0%3Bauiddc%3D1020569311.1617027880%3B~oref%3Dhttps%253A%252F%252Fwww.siriuscom.com%252Fcase-study%252Fone-week-robinhood-ransomware-recovery%252F&rl=https%3A%2F%2Fadservice.google.com%2F&if=true&ts=1617027882080&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.33&r=stable&ec=1&o=30&it=1617027880349&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://10117223.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 14:24:42 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Mon, 29 Mar 2021 14:24:42 GMT

GET
H3-Q050 200 bframe Show response
www.google.com/recaptcha/api2/ Frame 8556 7 KB
1 KB 41ms
39ms Document
text/html 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=5mNs27FP3uLBP3KBPib88r1g&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=bcklgvmsf17c

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9a7f1ce757d2c9b24b1dd5a466a89a429336498ceb31a09698a8beff8e51e675

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-MxDWeq5f4iqFFazn4RreKQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=5mNs27FP3uLBP3KBPib88r1g&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=bcklgvmsf17c
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://get.siriuscom.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=212=EBRQ9UElPf2hUO-a5oGPjr6mnjaLK59gBIpdisf6vkUkLWXW-5tSxbOjYeRhTPrWIUA-NZezMjP6J4I-U-UwMdOT-z1GFcMm4HuWLUvUsQZyG-xAEwd4xUCWsB5WAJEkl9K1U_HrH_0av8DltMOMbCDGriRRmvfTtNykSL6cMns
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://get.siriuscom.com/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 29 Mar 2021 14:24:42 GMT
content-security-policy: script-src 'report-sample' 'nonce-MxDWeq5f4iqFFazn4RreKQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1112
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 10ms
9ms Script
application/x-javascript 2a02:26f0:6c00:28c::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN1f1d1eaf816b40e5aae7bce04ab8999c.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28c::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:42 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 22:14:03 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=57358
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1855

GET
H2 200 s49442222292919 Show response
siriuscontenttest.112.2o7.net/b/ss/siriuscontenttest/10/JS-2.10.0-L9UP/ 146 B
594 B 169ms
65ms Script
application/x-javascript 15.237.136.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://siriuscontenttest.112.2o7.net/b/ss/siriuscontenttest/10/JS-2.10.0-L9UP/s49442222292919?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=29%2F2%2F2021%2016%3A24%3A42%201%20-120&d.&nsid=0&jsonv=1&.d&mid=64669610185630909872090838988823575985&aamlh=6&ce=UTF-8&pageName=One-Week%20Robinhood%20Ransomware%20Recovery%20%7C%20Sirius&g=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F&cc=USD&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&v1=article&v6=www&v7=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=73ED349955C1DC587F000101%40AdobeOrg&AQE=1

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/extensions/EP7b005e8fe6ce4fad9dc9f6f4416906e2/AppMeasurement.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.237.136.106 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-237-136-106.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

ec886fb052ef97dc3c67311d90d4649146932822d762536e711ee5dbba2a4042

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-aam-tid: 6M6vN9AYQBE=
date: Mon, 29 Mar 2021 14:24:42 GMT
x-content-type-options: nosniff
x-c: main-1451.Ibee288.M0-486
p3p: CP="This is not a P3P policy"
content-length: 146
x-xss-protection: 1; mode=block
dcs: dcs-prod-irl1-v090-06723d8c0.edge-irl1.demdex.com 5.80.7.20210304103356 5ms (+1ms)
pragma: no-cache
last-modified: Tue, 30 Mar 2021 14:24:42 GMT
server: jag
xserver: anedge-fd4497967-lqxxk
etag: 3472540936034942976-4621980759344295147
vary: *
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Sun, 28 Mar 2021 14:24:42 GMT

GET
H/1.1 200
OK loader.gif
www.siriuscom.com/wp-content/plugins/revslider/public/assets/assets/ 2 KB
3 KB 145ms
139ms Image
image/gif 67.225.132.53
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.siriuscom.com/wp-content/plugins/revslider/public/assets/assets/loader.gif

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.1.7

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

67.225.132.53 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

9034d5d34015e4b05d2c1d1a8dc9f6ec9d59bd96d305eb9e24e24e65c591a645

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.siriuscom.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.1.7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:42 GMT
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 2545
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Tue, 11 Feb 2020 02:07:01 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "9f1-59e434fb7db40"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif
Access-Control-Allow-Origin: http://get.siriuscom.com
Cache-Control: max-age=84600, public
Access-Control-Allow-Credentials: true
Permissions-Policy: geolocation(), microphone(), payment()
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=179
Expires: Tue, 29 Mar 2022 14:24:42 GMT

GET
H2 200 adsct
t.co/i/ 43 B
449 B 218ms
146ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=o090h&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F

Requested by

Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 14:24:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 113
pragma: no-cache
last-modified: Mon, 29 Mar 2021 14:24:42 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 7528e7834e9ab3c66a0afe744fd3733c
x-transaction: 003b47d80027a323
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 box-5e3cec51ed8e99df6977c199d27812d7.html Show response
vars.hotjar.com/ Frame 9362 1 KB
1 KB 40ms
31ms Document
text/html 13.226.159.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-5e3cec51ed8e99df6977c199d27812d7.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1223080.js?sv=7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-100.dus51.r.cloudfront.net
Software: /
Resource Hash: 486762d56893f9b12fdfad41c3a76f11fc745b5436e97e596a63c22ee13d2e33

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-5e3cec51ed8e99df6977c199d27812d7.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/

Response headers

content-type: text/html
content-length: 684
date: Mon, 29 Mar 2021 09:29:07 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "4e332edbbc3b46800c87f197cc7d3bb6"
last-modified: Mon, 29 Mar 2021 09:29:02 GMT
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 77d8cf253666facea1bbe67902fcbbc1.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: 47fbSdRy7VOXccIRge8wWlWnFM5X7jW5aM6Q7J-ZVTaiGQUvRfr8Hw==
age: 17735

GET
H3-Q050 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/ Frame 8556 50 KB
25 KB 8ms
8ms Stylesheet
text/css 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=5mNs27FP3uLBP3KBPib88r1g&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=bcklgvmsf17c

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b08ea3a348838bc942ad470a757575975bd09459b63c1872c6e1129a6ca1939

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 14:11:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 22 Mar 2021 04:06:11 GMT
server: sffe
age: 791
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25479
x-xss-protection: 0
expires: Tue, 29 Mar 2022 14:11:31 GMT

GET
H3-Q050 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/ Frame 8556 332 KB
130 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=5mNs27FP3uLBP3KBPib88r1g&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&cb=bcklgvmsf17c

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec361bce3349b6cbb5e414df65c58151bf4ad12078c6fc15ffd9dffcfbfa92d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 14:00:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1441
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132755
x-xss-protection: 0
last-modified: Mon, 22 Mar 2021 04:06:11 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 29 Mar 2022 14:00:41 GMT

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ Frame 351F 5 KB
2 KB 471ms
116ms Script
application/javascript 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: get.siriuscom.com
URL: https://get.siriuscom.com/l/302691/2018-12-10/7hxqz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-2-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 925be107869153b6120de872c1ae333977bfaee69a0f7c6271f32d4a8348bca8

Request headers

Referer: https://get.siriuscom.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:42 GMT
Content-Encoding: gzip
X-Pardot-Route: ea50fcd3dcf777490e1499615b883deb
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
Last-Modified: Fri, 13 Mar 2020 17:27:59 GMT
Server: PardotServer
ETag: "1442-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1842
Expires: Wed, 29 Mar 2023 14:24:42 GMT

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ 5 KB
2 KB 448ms
117ms Script
application/javascript 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: www.siriuscom.com
URL: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-2-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 925be107869153b6120de872c1ae333977bfaee69a0f7c6271f32d4a8348bca8

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 29 Mar 2021 14:24:43 GMT
Content-Encoding: gzip
X-Pardot-Route: ea50fcd3dcf777490e1499615b883deb
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
Last-Modified: Fri, 13 Mar 2020 17:27:39 GMT
Server: PardotServer
ETag: "1442-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1842
Expires: Wed, 29 Mar 2023 14:24:43 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
653 B 240ms
156ms Script
application/javascript 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=o090h&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 14:24:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
x-response-time: 115
pragma: no-cache
last-modified: Mon, 29 Mar 2021 14:24:42 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: c08d5c10d4691bedb56c850e42d76a04
x-transaction: 00d8d875001305b8
expires: Tue, 31 Mar 1981 05:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
86 B 13ms
13ms XHR
text/plain 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j88&a=737821&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F&ul=en-us&de=UTF-8&dt=One-Week%20Robinhood%20Ransomware%20Recovery%20%7C%20Sirius&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Interaction&ea=Scroll%20Depth&el=25%25&_u=aEhAAEABAAAAAC~&jid=1037616369&gjid=1973468301&cid=2106066761.1617027880&tid=UA-73329068-1&_gid=215471589.1617027883&_r=1&gtm=2wg3h0M4JL692&z=3810464

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 29 Mar 2021 14:24:42 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.siriuscom.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 24ms
24ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j88&tid=UA-73329068-1&cid=2106066761.1617027880&jid=1037616369&gjid=1973468301&_gid=215471589.1617027883&_u=aEhAAEABAAAAAC~&z=164810627

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 29 Mar 2021 14:24:42 GMT
content-type: text/plain
access-control-allow-origin: https://www.siriuscom.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
114 B 31ms
30ms Image
image/gif 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j88&tid=UA-73329068-1&cid=2106066761.1617027880&jid=1037616369&_u=aEhAAEABAAAAAC~&z=492193730

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Mar 2021 14:24:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET ga-audiences
www.google.de/ads/ 0
0

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ Frame 351F 4 KB
3 KB 224ms
223ms Script
text/javascript 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=14833&account_id=303691&title=&url=https%3A%2F%2Fget.siriuscom.com%2Fl%2F302691%2F2018-12-10%2F7hxqz&referrer=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-2-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 7ea8497a4a79634ade81bc04286a69522f95c4db5f7a425a4447257b8c0a8709

Request headers

Referer: https://get.siriuscom.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Mar 2021 14:24:43 GMT
Content-Encoding: gzip
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
X-Pardot-Rsp: 17/15/210
Vary: Accept-Encoding,User-Agent
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 1740
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ 4 KB
3 KB 391ms
390ms Script
text/javascript 52.21.178.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=5037&account_id=303691&title=One-Week%20Robinhood%20Ransomware%20Recovery%20%7C%20Sirius&url=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F&referrer=
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-2-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: 419dedd30d412a873ab0be1d287ffa3ba31b8bb78c5c4e43f127b94ff94f3a0e

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Mar 2021 14:24:43 GMT
Content-Encoding: gzip
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: 7044ba9c794aba658bc1be2f8b8ad85c
X-Pardot-Rsp: 16/79/4
Vary: Accept-Encoding,User-Agent
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 1740
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.0 200
OK analytics Show response
get.siriuscom.com/ Frame 351F 52 B
1 KB 203ms
202ms Script
text/javascript 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://get.siriuscom.com/analytics?conly=true&pi_form=true&visitor_id=237551215&visitor_id_sign=1a48fbde87cde3cbf47662207fe87f519b301f3da07a6a7ae9a10d3d37e19c2106be4ed8256208dc0968906098ea48756121d447&pi_opt_in=&campaign_id=14833&account_id=303691&title=&url=https%3A%2F%2Fget.siriuscom.com%2Fl%2F302691%2F2018-12-10%2F7hxqz&referrer=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=14833&account_id=303691&title=&url=https%3A%2F%2Fget.siriuscom.com%2Fl%2F302691%2F2018-12-10%2F7hxqz&referrer=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: eca19fb64be166fabab688d0cdb2ae946d3370f8124ff0f3f18119cc2d4eb825

Request headers

Referer: https://get.siriuscom.com/l/302691/2018-12-10/7hxqz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Mar 2021 14:24:43 GMT
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
X-Pardot-Rsp: 17/3/165
Vary: User-Agent
P3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 52
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 embed_shepherd-v1.js Show response
fast.wistia.com/static/ Frame 351F 582 KB
106 KB 224ms
7ms Script
application/javascript 2a04:4e42:1b::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/static/embed_shepherd-v1.js

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&pi_form=true&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=14833&account_id=303691&title=&url=https%3A%2F%2Fget.siriuscom.com%2Fl%2F302691%2F2018-12-10%2F7hxqz&referrer=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d15a7fc1f4d07874e7d6cfe022844a8ff24386985c54388eb26a67428d950d0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://get.siriuscom.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 14:24:43 GMT
content-encoding: br
vary: Accept-Encoding
age: 337
x-cache: HIT, HIT
content-length: 108101
x-served-by: cache-dca12925-DCA, cache-hhn4074-HHN
access-control-allow-origin: *
x-browser-version: 89
last-modified: Sat, 27 Mar 2021 15:51:28 GMT
x-timer: S1617027884.750835,VS0,VE0
etag: "605f5480-1a645"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 3, 12

GET
H/1.0 200
OK analytics Show response
get.siriuscom.com/ 52 B
1 KB 261ms
221ms Script
text/javascript 35.174.151.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://get.siriuscom.com/analytics?conly=true&visitor_id=237551217&visitor_id_sign=be7a0e2133a836dbb2f00395e122ad2e36a505093cdc6ae83c3ab2323b90312afd7ce86e8b8fcb7335796830277ba724ea42dd7f&pi_opt_in=&campaign_id=5037&account_id=303691&title=One-Week%20Robinhood%20Ransomware%20Recovery%20%7C%20Sirius&url=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F&referrer=
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=5037&account_id=303691&title=One-Week%20Robinhood%20Ransomware%20Recovery%20%7C%20Sirius&url=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F&referrer=
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.151.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-4-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: eca19fb64be166fabab688d0cdb2ae946d3370f8124ff0f3f18119cc2d4eb825

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 29 Mar 2021 14:24:43 GMT
X-Pardot-Route: d5a18e4517a9c8ba62b77de366a4cdb5
X-Pardot-LB: a5df88223e39cf9fcb783877fed82f24
X-Pardot-Rsp: 17/15/210
Vary: User-Agent
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 52
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 embed_shepherd-v1.js Show response
fast.wistia.com/static/ 582 KB
106 KB 67ms
15ms Script
application/javascript 2a04:4e42:1b::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/static/embed_shepherd-v1.js

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=5037&account_id=303691&title=One-Week%20Robinhood%20Ransomware%20Recovery%20%7C%20Sirius&url=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F&referrer=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d15a7fc1f4d07874e7d6cfe022844a8ff24386985c54388eb26a67428d950d0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 14:24:43 GMT
content-encoding: br
vary: Accept-Encoding
age: 337
x-cache: HIT, HIT
content-length: 108101
x-served-by: cache-dca12925-DCA, cache-hhn4074-HHN
access-control-allow-origin: *
x-browser-version: 89
last-modified: Sat, 27 Mar 2021 15:51:28 GMT
x-timer: S1617027884.750862,VS0,VE0
etag: "605f5480-1a645"
strict-transport-security: max-age=0
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 3, 12

GET
H2 200 common.js Show response
maps.googleapis.com/maps-api-v3/api/js/44/7/ 77 KB
28 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/44/7/common.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?sensor=false&ver=5.3.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76137e151522c10ed6442b778b741263572ca78aa8f2fa2b8a60bb6d42908686

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 24 Mar 2021 17:47:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 22 Mar 2021 19:09:36 GMT
server: sffe
age: 419817
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28989
x-xss-protection: 0
expires: Thu, 24 Mar 2022 17:47:50 GMT

GET
H2 200 util.js Show response
maps.googleapis.com/maps-api-v3/api/js/44/7/ 146 KB
54 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/44/7/util.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?sensor=false&ver=5.3.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32da82f1c3b0beefb674019834e12ec2f3978773c2140cfd24f9c8c2deb5c6a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 29 Mar 2021 10:51:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 22 Mar 2021 19:09:36 GMT
server: sffe
age: 12788
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55472
x-xss-protection: 0
expires: Tue, 29 Mar 2022 10:51:39 GMT

GET
H3-Q050 200 AuthenticationService.Authenticate Show response
maps.googleapis.com/maps/api/js/ 62 B
406 B 54ms
36ms Script
text/javascript 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttps%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F&5shttps%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F&callback=_xdc_._e5l968&token=54953

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps-api-v3/api/js/44/7/common.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

27fc598e61eca7b8d1e79932c0f592865d4fc84589665f9035d3a47f8d8408ed

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.siriuscom.com/case-study/one-week-robinhood-ransomware-recovery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Mar 2021 14:24:47 GMT
content-encoding: gzip
server: mafe
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: no-cache, must-revalidate
content-disposition: attachment
server-timing: gfet4t7; dur=8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 63
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ok1static.oktacdn.com
URL: https://ok1static.oktacdn.com/assets/js/sdk/okta-auth-js/1.13.0/okta-auth-js.min.js

Domain: www.google.de
URL: https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j88&tid=UA-73329068-1&cid=2106066761.1617027880&jid=2042118932&_u=YEBAAEAAAAAAAC~&z=2001254256

Domain: www.google.de
URL: https://www.google.de/pagead/1p-user-list/763352758/?random=1617027880034&cv=9&fst=1617026400000&num=1&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg3h0&sendb=1&frm=0&url=https%3A%2F%2Fwww.siriuscom.com%2Fcase-study%2Fone-week-robinhood-ransomware-recovery%2F&tiba=One-Week%20Robinhood%20Ransomware%20Recovery%20%7C%20Sirius&async=1&fmt=3&is_vtc=1&random=559557617&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Domain: dpm.demdex.net
URL: https://dpm.demdex.net/ibs:dpid=411&dpuuid=YGHjKAAAAHpmkRNg

Domain: www.google.de
URL: https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j88&tid=UA-73329068-1&cid=2106066761.1617027880&jid=1037616369&_u=aEhAAEABAAAAAC~&z=492193730

Verdicts & Comments Add Verdict or Comment

236 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.google.com/	1970-01-19 21:33:59	Name: NID Value: 212=EBRQ9UElPf2hUO-a5oGPjr6mnjaLK59gBIpdisf6vkUkLWXW-5tSxbOjYeRhTPrWIUA-NZezMjP6J4I-U-UwMdOT-z1GFcMm4HuWLUvUsQZyG-xAEwd4xUCWsB5WAJEkl9K1U_HrH_0av8DltMOMbCDGriRRmvfTtNykSL6cMns
.doubleclick.net/	1970-01-20 02:32:03	Name: IDE Value: AHWqTUmh7aj4-Ws8gZc_xGcOePaZ8OhCsVF_cTh9M7eacmTPTTOzQgDdLv9J2DIwh90
.demdex.net/	1970-01-19 21:29:39	Name: demdex Value: 64627915737716665072092791199589049297
.siriuscom.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.siriuscom.com/	1970-01-19 19:20:03	Name: _fbp Value: fb.1.1617027880595.926111038

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.siriuscom.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1
console-api	warning	URL: https://maps.googleapis.com/maps-api-v3/api/js/44/7/util.js(Line 227) Message: Google Maps JavaScript API warning: NoApiKeys https://developers.google.com/maps/documentation/javascript/error-messages#no-api-keys
console-api	warning	URL: https://maps.googleapis.com/maps-api-v3/api/js/44/7/util.js(Line 227) Message: Google Maps JavaScript API warning: SensorNotRequired https://developers.google.com/maps/documentation/javascript/error-messages#sensor-not-required

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://maps.googleapis.com https://distillery.wistia.com https://pipedream.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://dpm.demdex.net https://in.hotjar.com https://vc.hotjar.io https://embedwistia-a.akamaihd.net https://embed-ssl.wistia.com https://www.facebook.com siriuscom.okta.com https://.akamaihd.net https://www.google-analytics.com https://stats.g.doubleclick.net https://api.tiles.mapbox.com https://e.issuu.com/; font-src 'self' https://fonts.gstatic.com 'unsafe-inline' https://fonts.googleapis.com data:; script-src 'self' https://.wistia.com blob: https://.doubleclick.net https://.mapbox.com 'unsafe-eval' https://.akamaihd.net https://www.siriuscom.com 'unsafe-inline' https://fast.wistia.net https://e.issuu.com/ https://www.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://pi.pardot.com https://www.google.com https://snap.licdn.com https://assets.adobedtm.com https://acdn.adnxs.com https://ws.zoominfo.com https://static.hotjar.com https://connect.facebook.net https://cm.everesttech.net https://siriuscontenttest.112.2o7.net https://siriuscomputerpartnersandbox.demdex.net https://get.siriuscom.com https://static.ads-twitter.com https://script.hotjar.com https://analytics.twitter.com https://www.googleadservices.com; style-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' https://fonts.gstatic.com https://.mapbox.com https://api.tiles.mapbox.com; img-src data: 'unsafe-inline' 'unsafe-eval' 'self' https://.wistia.com https://.akamaihd.net https://.google-analytics.com https://.adnxs.com https://.facebook.com https://www.google.com https://.linkedin.com https://t.co https://www.googletagmanager.com https://unpkg.com https://.mapbox.com https://cm.everesttech.net; media-src 'unsafe-inline' https://www.siriuscom.com blob: 'self' https://www.youtube.com https://e.issuu.com/; object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob https://.siriuscom.com https://www.facebook.com https://vars.hotjar.com https://api.tiles.mapbox.com https://*.doubleclick.net https://www.youtube.com https://siriuscom.okta.com https://fast.wistia.net https://e.issuu.com/ https://siriuscomputerpartnersandbox.demdex.net;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10117223.fls.doubleclick.net
acdn.adnxs.com
adservice.google.com
adservice.google.de
analytics.twitter.com
assets.adobedtm.com
connect.facebook.net
dpm.demdex.net
fast.wistia.com
fonts.googleapis.com
fonts.gstatic.com
get.siriuscom.com
go.pardot.com
googleads.g.doubleclick.net
ib.adnxs.com
link.getsiriuscom.com
maps.googleapis.com
ok1static.oktacdn.com
pi.pardot.com
px.ads.linkedin.com
script.hotjar.com
siriuscomputerpartnersandbox.demdex.net
siriuscontenttest.112.2o7.net
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
vars.hotjar.com
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.siriuscom.com
dpm.demdex.net
ok1static.oktacdn.com
www.google.de
104.244.42.197
104.244.42.3
13.226.159.100
13.226.159.122
142.250.185.134
15.237.136.106
151.101.13.108
167.89.123.124
172.217.16.130
199.232.136.157
2606:4700::6810:a852
2620:119:50e1:101::6cae:b25
2620:1ec:21::14
2a00:1450:4001:800::2002
2a00:1450:4001:802::200e
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::2004
2a00:1450:4001:810::2003
2a00:1450:4001:812::2004
2a00:1450:4001:813::2008
2a00:1450:4001:827::2002
2a00:1450:4001:827::200a
2a00:1450:4001:828::200a
2a00:1450:4001:829::200a
2a00:1450:4001:82a::2003
2a00:1450:4001:82b::200e
2a00:1450:400c:c00::9d
2a02:26f0:6c00:28c::25ea
2a02:26f0:6c00:2a6::1e80
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:1b::622
34.246.133.154
34.252.115.248
35.174.151.106
37.252.172.36
52.21.178.134
67.225.132.53
0284cbccebf1682452d62d06efa3665c874d642d4e03f5f5f9bb0f555da9251b
051295687c256d4bf401a70a2fd455ee85f8b7272e2cd133c00a40ba282dab4c
07ae7cf9c7f3bfc4bc63842bb07e5846837c0071f8d96042de9d0f4a3cc997b6
08370201daee47824e2271d06f0300abe6dffa78df2a5913eae613bc9f375bcd
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e
09f06f00d804cf6abd02fef131e6ce9f79401ba96ee40324dfd28fa286498e58
0a7ad0894de0ad3e1e3f60bb7f1acff8f0111e16898ef194de60504147c21656
0b6b1cd454ac76a80fe115f90ee1950f48e6c2a143e4a96176adbb520c40c80b
0c2d6aa51d3d04b3e548b51fec1d00d7e7ae1d2cced71ba4e2bb154a6871d6c7
0d91ab1e931555efe756f470940e387c4086500cda43af0228c86361f0d9fc7c
0e2392fdc4987b5456a43638346618351b095182be241f698516ea298e2d96f8
0eb948d2111a3a8f5e1f1ad8f8ece80d0a10f8f1fc5e1c0c2e214d461a49a952
0f158ed2f9a3b0126d41b4013a4f746eea09663c6214b79877e19016129aa4e6
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11a03c12927fe2110cf77b28a5d8441c0cbf639fe01f96b969aa9a0ee8350892
132b243eb8bdb961de2dd423a678f4c12ee160c40093ff06d31d10b43145cfdf
14736cc84994f28ff5106f6b8e6f017f38f94c2b42fc69f3b4e43522882c7422
168642741cf6acd34501d09c8cc1c7e6be332ca9222f3223419bd1664b381839
173a42f3468eebc25191bc4aaa1e86fb422b56337682ce4b38bd2ca4229b8543
180677466c59e0765b841f9f10c92f5c9c6f79a581f24694a0e1cfe2dcb5160b
19e0e2d6c132908a423d543aa056a7e534b1fa23ea556cfa468508768527013c
1a351abc3f3b435497ddb8a55f09268d3e641dc22455deac06cf0181a4de52ee
1b4944b5f8a439d1e7f531888ed6eb66781561f56f84336e75b218cb31bb9af9
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1ce4f8d5df8a1ce74880c49985a908f0becf10b36cffb45fa09e27d129e970e0
1d35b97cb8449be02c40553556f1031c7a300781586bc3a3447c197aafd6e1ff
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1f530977f86728293d5f9aa64d48f2a3f4e9db788af2568ee54d4cb4fc332860
20ab7bdc092a81b8ddc76f31895a985835df01667588c354f831a036f55e5075
21c7fbaab48c021744f6706e9bae69d6d6859ed25365c96167cd10a9ae61d452
2717dcc1ddd778f68223461ebd53610370e7617b6c74366bfc16a1e6e979cc58
277dc6e850dd5e48fab1d78d28416a77b99c0375f91d33427c1c23a6958c59ab
2790cdea4752fd2789f86d80d54feef92c7cedc6681b0b721d7682e4f0841bbc
27d5b422e5ac5a2170e6c73bcdeb86aa9320af8c7d6ef5a53d1c678720e2d598
27fc598e61eca7b8d1e79932c0f592865d4fc84589665f9035d3a47f8d8408ed
28f47b21fa8a95bb068b6d2b36f6fc12c622a8092af6182ca46c6338d7b7c4d8
29da3233a309dd74c144f872b66ba470472579a0aca0e2362f5c5cc8f0e7a385
2f2ca1625d190a0b70d8632dfabc0e4a5558266c9f03386da097fe3819af8de7
30ebce9a501cdca62d5361c16f023dfde0c31f5f189ee25d509f1416b2258e9d
32da82f1c3b0beefb674019834e12ec2f3978773c2140cfd24f9c8c2deb5c6a1
3369709d20d9c1c487738adf334cb5307e82d15948fa2241cfdcb6906b3e85f7
346467f0ba1b9a43b33c78f0663942aa96d5cc8c8064e470665d9308c45a3d91
3699e9a8168525eb97795c72bb6315a198b4b18d9c914cc9f3a17fb2c79d1615
385ed18e3673b41dfdee7ac701af87a1a7b29b8ef4bc095ded29f9bdd5775b9b
3883ff2a5b46193da5464f5ae5fb94169d1361cfecedbd187439d459dc669f31
399d2ccc7531e019f247d142f2e9e060fe8752504bdaf463028d32ec212695cf
3aeb5d27ba1347463afdea3f0a9e7332c7db1adb45377264fba3b37c0da01178
3c0bfb5a3db6967755accf4f7d045f8529e546a3b713281cac8a3088b51f6bda
3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019
3cedf966c9e025378ad7eb2aff570d1088fdb76eb279f7a9823a001d33a3d782
3deb29b8fdfdd69f4a7d19c8ac166fa0b70bd6a82315d384f654d313637caebe
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3ebb9381b3e7ffa49f441cd777004f105f816894ee8332f403fff534c82a33b2
4025727c5cdf69ebebb78196e38a76144968ff27b9dfe789968f23f69d51e2cd
419dedd30d412a873ab0be1d287ffa3ba31b8bb78c5c4e43f127b94ff94f3a0e
420ee754b9fcc27b697e456eeb20d7477de443a5e7076da842cd64fb8c4fd459
4303c58fd1ed8315421c091d6bf0c651916e752a08ac1eb65af7fcde0a5d81de
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27
445ea6c21f8315829dc221101d38913120bd14090456441789562763763dc7b1
447f8762021b0e2726cea6977b09f5448684bf078d66cf5718f681bd2e1cec4f
486762d56893f9b12fdfad41c3a76f11fc745b5436e97e596a63c22ee13d2e33
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4a768695e2001c056e6f8f20f4904e49bbd0471d060b47bbd3cf026ac74e8d5d
4a7b353345f28b2f6473cf4b09bd8630b109184e31e8d999ccea5d7e741e4351
4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a
4dd4ba9773ddb1007653ca0abb0a4b8606035794823000db1e932ef79d79ad16
4e935df82f460a420d80cde9d91b1b145e1bee3bcc1bb7d31a074d9d7f37b5b7
4f56a354ed72e68c9165a6b5ea38351046a0af0d713df4a090b8d4be722367cc
4faae5e90007934e3dc98e6c24b01a7d43a5e7218b7f8104cb9cc207657f3893
50842be368e7865ccc110511b5ebfda87894b8162a459946d08e7a13ff4b1507
512e43cff32041e14e69d9030c2eb73871e61aba905c1968eda47ae0cef9cb7b
5338acdbe16862e5d826ff614549d8463ae7e26ef1fc27b5d7fee45193ac05b5
547dda3c14b284819be511be1e410da94a5efc6ccc4a9afe1c75394f9333191a
54857896bdcf37a944f4bd573b0cf874eaa0aa62ee8e2e222cce3a7788bcd395
55e73025135c57554b904284f1b93ef31386cba5e7b70794a2df6b989f3584d8
5669ca033ab68625c0cae6bcf1abb2722c02ea43a0d65323b2f7b023c7afa35e
5733d4e205ea28887e56a39851b592959b514b6b2d57a5f5db9cfcc518a9d23a
57376344235f987c935c8fedbf63597857d4c2357ffd48a0d4a7dfa4b7eb4794
576f08290e6492215c31e059a5b8dbc6b9d9c801886d44ecab93624f070acb07
57a50c99a31ef4e89e86664e96f6dfbdde163a2eb96e88b3b492c49aa4be2f37
57f3316599c6cb279ffb4fb239393035f0bb68fb16302f9bfb2b122acc282e4a
585821c09248ddd50d0e637c331a2c1a4e81e2e0a3d88c423cbcc8ba07e018a2
58d7740a2472d8be9c3f9c48f1a70ffa83340192e0124fbdd8062fe5a80efba3
59d3b42550f13ce9588c415cd29d0d0624ff82f0069d4bb8e673b2dafcc987d9
5a8c623b34dcf729895c3bc9b6e261796bbad69555a21ad6d2f9b4e7bc27b6e7
5be6f7bd7c681c64cf19fc457ef73dda83f73becb6c7bd1a32a06846785b1128
5c7438ec740fa9bea75de44a0fbbbc78c14351010ab6ff42ed13b96c7c777d37
5c7ff052e40a182febf1b6a082b2676f088fd360046755c2762380dc3fb93168
5ceb2f32f60eba3a49a5d5c3bb04261654462734cb029fdd42a0edf20b013ea4
5e52f996d47eb5f321896cfc9a10153c1a47415b3e3b4c1b31a6ec736adadb5e
5ead963d94c060ee77069d99d883e33ae92872b2271dc3846248756971c7b48a
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2
5fcba79877c44371799f646c1e31a9ce54a1474cea06524ee50fcfb704149cf2
61fdc9b2d67aa5a5ad07e5bacceb21c22a0c7bffce3f4c41eed75a1e0d84c545
67e0d4919ff70c1c3eabd2801c690bcfce99ef1926119f86d812c7a6b951ce28
6af107cfcc3720e22e6821a417995ae8ff5b3b745f23d2239cbf639516e11e20
6b08ea3a348838bc942ad470a757575975bd09459b63c1872c6e1129a6ca1939
6e746a03bc3330d32fb71d7fd89fc6aa4de6214664ca21bf6b643bd444cc1415
6f87fcb1685fd7b854df68bc33c004f857aedfa18981ea5cf8835a7629aa23f7
744d368a676dabf6be331840fdf74176a9ad7a784bf3920e3f640c9ed89fc43c
74f49a4a14494563c06ff8da97a0bdb4fb7be6396fc222a5473cef3234549cee
755fc16c048c7375eb92052140a46cdb3aeb33046799cb298a0c1e3292b23071
76137e151522c10ed6442b778b741263572ca78aa8f2fa2b8a60bb6d42908686
787ac8a2efc10fc3591bbe26dac95167fb58c5ff53ba2bb22be243c815339ca4
78a380367f24325466b6bfc6e989971ecabc00333757e69b87bc490726bfbc5f
79f9e42444d9457065d364f319e9e4b1a880dece2f66d72b71046944be9ddaf3
7a2dd21532e68bb69249e38f9f22315cd53843f618a78b6169c3ae64ac02294f
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7d505ba222682e357b9df002b34795df17ebda41a74b5d2aa0143b13ffbceb11
7ea8497a4a79634ade81bc04286a69522f95c4db5f7a425a4447257b8c0a8709
7f8e2cc226482ec3a71185c7334d36d8b9ec5c1779f8681cbd78022cd8e82353
81156585e8f0e4eeeca66c3b8204462a2d38f448ea03c24d550aa6fec56e9f5c
849abd0086b44cc8f232c974a1902eba0a632b28c499d74e08d0b81e29760048
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
872454cbfd47b444a3fa6cfa9a74b0f57e5f6b3a47b9870108d2b0e5ce4aace5
8725cd37d5dfef7a1981f8972d9b2e003e5d56e8912dc53db0d4e049958c12ab
8767f01caa430c5bd4e3b008a8e9dfe022156a4e91a23c394fdcb05c267f1b94
8cab7e21e2a3105ef06fd43c875a614bc0ffd170ab3f8bffd2044c03ed44bcea
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
8dc2823c4500c5f0889b6b60d5f5300360d47c314d2be63a5917b1a0623f4fe3
8eaaf13212ddc8016ea92ee148b5d794b3a4d081d89e050f74af614b685d6f36
8fcca243e0633537ab5a60897b92deba38f13bc927de72f88ba65dee9fddb62e
9034d5d34015e4b05d2c1d1a8dc9f6ec9d59bd96d305eb9e24e24e65c591a645
925be107869153b6120de872c1ae333977bfaee69a0f7c6271f32d4a8348bca8
936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829
93df26a0ea3f54358764c82231a5f50f0e7cdeb0c4eebdd42c2d3f2dc9733f7f
95964a671c48db6c37a4e687e492f77e37ac3419c23dbd183b648561f881dfd9
95c32ab8d10589ec8af3bbe211006f02c2056dd2d611e141a2379fadff05795b
9763da758d5cf370ec52847a4cc08845aac52dee1d3797b4dc325c8da9518364
9883e503c2916e2bfa5aff13d031f28e0ca6124cf47ac81dc8013efe4e5d702c
9a7f1ce757d2c9b24b1dd5a466a89a429336498ceb31a09698a8beff8e51e675
9ae3cc738ad24787d1be7330037d215c1383e2b15dcde127431f915e9dbcba1c
9c1eedb49dbbf57672cbf97d7d70edf6918f89e58c57d49e71496dbda2a56df3
9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52
9e7ea2b4ba8e2bcc4a964d6192e4671dc5f6863a1c7e35b52b229a3c1e67a68d
a21703f14c9469bec9de9858daaac7e22bd005d0108520e04a1dd9bcbbd8e4e9
a3d6633fb07102da2ab32fcbcf249782c2ebe32747fc788acc6925337076fde7
a546e40802b9b07291edf808d00fb9d0d5db6c8371790a0b7a74b0c7aee31cc4
aa887bd82816b046c131856daa00a57eaa9172e78a62870bf2e65175ca6dbeb1
aaf7459b1edac4b185d892f870a27efaae51e60692771f04347298b157c2afaa
ab1a025da75807a57c2e8ecfcc301f78bd002f4916f992dc520e043a25d47434
ab439586de1e097863ea040904bdd2bfa31014e9294e975142a70699074d0841
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
adb4dc173de9c49530f9d50131c359628af6011197caebdeea767de0a9aae7c3
ae0f1b690df343a956c0c38f10cdfba1b9caa9f5850ee066caa5e6aa4ea1fe04
b0ca3d367f3b06e94078cbe3132c948b43c31576c2513693a1790a5ab2c61598
b1a7be6cf478f7d4228fc455a370f1be8ac6e37acade5fd382c1e1992b51433f
b4dbd152c6537f3e1998dce7ca3a8c91b44996195431f523bd7ab7767067498f
b5609922140cafd832011effc2ec0a286db7e83ceb2cf3091cc0d306eee5328d
b6443f12a07a199cced0c9d1506093b41835cd831937332df384a781eca8977f
b6ce2750a5429b968ac4c675acacfbd7da06ddf4638fb1e73ffb0a4553b346cb
b7be203f69d78fc9333697062bac50e776a77e549c326aeeb2f619f799f054d4
b9996b32165e1ee5de0a45e370b05addb9fb6aec3fb6141c73c1cecfda4de66d
bae5b45edb131342b9a2cee40445e32518286acf0497886f024108637cb8a823
bbff0182d1a1f1af97f7a7d94badc0a4df084f50c09a6213f59fa5305dc120d9
bc71c403dc6113c8597e111a99d6a6a197dd2f2355402f8392ca4812dca57d3d
be26dc83d31ea12211104016f94a8df96762c716ff80ef9859b5d87d5ef19ba4
bfb73d3ccfa98dd832c84af27af92ce0db4938d696a5879741f5874897278b7b
c340f2fc9103b3a383daf2262c4c58829e4acd29f2e18e02675a823f89eef33b
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
cfb0ae4e973e29af453949db28085508af7ff8c11bbe5a1d878b99034c1ae730
d15a7fc1f4d07874e7d6cfe022844a8ff24386985c54388eb26a67428d950d0c
d7f8be99aee46445efcc7c49145388deca59f0dfd183ed4b3892ca111c2b401a
d8c237ac23e562540132de6ced5d5a5619a6ee895b0da0298bfdb6e7bbceb7b2
d9662b4b9ba6c2c3691ce0acd4572e027366eb97d6070550a13429262bb0037f
d9ae8b314f45d9835f8738dd75713d6c267768b18a3fb072dd6b7a195ea045ee
dd1fad41f2891919876ec7b3fc3057b7b89fad8e8ff8b5d03815838bb8e7e497
dd5ceb190d2852ad363c91ce58749aff3a6dd46e0c9fa299cdf9a8ecfcfaca7a
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e36fdce902bfa93a2440660eab3f9ebe225ff5d553799748955df74773e8836e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8a066351f19240f0fec8b70708aa8dec4928a741ef520a76e90a4ad75f1ec0b
ec361bce3349b6cbb5e414df65c58151bf4ad12078c6fc15ffd9dffcfbfa92d6
ec886fb052ef97dc3c67311d90d4649146932822d762536e711ee5dbba2a4042
eca19fb64be166fabab688d0cdb2ae946d3370f8124ff0f3f18119cc2d4eb825
eda0986acdc51065ff5a6cb57709be8ec2dd077e335d0be03e2ec7bf7f7c484c
ef01f6c9d515df0151de5d55bf3a60ea0f5b0b5387af0f602f1310851828f114
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efd7b1811cef4b7c13b8ae58028f93fd15f154177f1a65df59c0f2139649b9ee
f1560fb223e37341fa8b435f6c114628cadeb4ab4057f25a729fa717ad240987
f1ebf95b8c5770caa6358f4448ef42c18e17fd368a6efeff424fb801941c4da1
f6524d3bc9f7ad5378a1957b540a60fe820e502ce1474bbb053d6b56e89a9102
f8ea3fd0ebc9772c51df0b61b519677aa0c38bcc9ab0b1b818d949c1baf46a00
f937cef662cf12641922dee29ba5124cfc909ee6d1d3c2896c462f0c43d9c46b
f9438ea9ccbbf28b6c15eaf985acf6907f507f93147d5ebd4b6efa59d16800cd
f98a3db3d376370ded7f085974e5b16af1c56904159fe522ebb0bbced062038b
fa0aa801b4f145613e631853cf697527783bd5af01eead6494563d0521de99a6
fa2e8ed25b98183e4a8126c1fa69a8628362676c522ca8a9bbeb3adabea034d9
fbc02a59b50dd8863fa2621ac9081e28fdd627f5476aec06784858858f05f442
fe900285f00d103c1e94cb6001929b683ff4503c37d3408264f8ce8e4feb7b92

www.siriuscom.com Open in urlscan Pro 67.225.132.53 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

214 Requests

98 %HTTPS

58 %IPv6

26 Domains

39 Subdomains

36 IPs

5 Countries

2540 kBTransfer

7628 kBSize

5 Cookies

15 Outgoing links

Page URL History

Redirected requests

214 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.siriuscom.com Open in urlscan Pro
67.225.132.53 Public Scan

Screenshot
Live screenshot

Full Image

214
Requests

98 %
HTTPS

58 %
IPv6

26
Domains

39
Subdomains

36
IPs

5
Countries

2540 kB
Transfer

7628 kB
Size

5
Cookies

214 HTTP transactions
2 data transactions