www.sangfor.com Open in urlscan Pro
2a04:4e42:400::645 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Submission: On October 14 via api (October 14th 2024, 6:37:15 am UTC) from IN — Scanned from US

Summary HTTP 142 Redirects Links 40 Behaviour Indicators

Summary

This website contacted 25 IPs in 3 countries across 17 domains to perform 142 HTTP transactions. The main IP is 2a04:4e42:400::645, located in United States and belongs to FASTLY, US. The main domain is www.sangfor.com. The Cisco Umbrella rank of the primary domain is 947920.
TLS certificate: Issued by Certainly Intermediate R1 on September 27th 2024. Valid for: a month.

This is the only time www.sangfor.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
76	2a04:4e42:400... 2a04:4e42:400::645	54113 (FASTLY) (FASTLY)
2	2600:1408:c40... 2600:1408:c400:16::17d4:f805	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	2607:f8b0:400... 2607:f8b0:400d:c0d::61	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:f5cb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2607:f8b0:400... 2607:f8b0:400d:c0b::93	15169 (GOOGLE) (GOOGLE)
3	23.13.153.20 23.13.153.20	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2607:3f40:ff0... 2607:3f40:ff08::7ff	54994 (ML-1432-5...) (ML-1432-54994)
3	2607:f8b0:400... 2607:f8b0:400d:c0b::66	15169 (GOOGLE) (GOOGLE)
3	2600:1408:c40... 2600:1408:c400:389::f09	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2607:f8b0:400... 2607:f8b0:400d:c0f::5e	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f00... 2a03:2880:f003:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2600:1408:c40... 2600:1408:c400:5::17c7:3716	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2607:f8b0:400... 2607:f8b0:4004:c1d::9a	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:38::181	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:400d:c0e::9a	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4004:c1b::9c	15169 (GOOGLE) (GOOGLE)
4 6	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2607:f8b0:400... 2607:f8b0:400d:c0b::69	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f10... 2a03:2880:f103:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	192.29.201.57 192.29.201.57	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1	2606:4700:20:... 2606:4700:20::681a:92c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	23.212.251.218 23.212.251.218	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	69.164.193.241 69.164.193.241	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
142	25

76 2a04:4e42:400::645 (United States)

ASN54113 (FASTLY, US)

www.sangfor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1408:c400:16::17d4:f805 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)

consent.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:400d:c0d::61 (Morganton, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:f5cb (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:400d:c0b::93 (Morganton, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.13.153.20 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-13-153-20.deploy.static.akamaitechnologies.com

img06.en25.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:3f40:ff08::7ff (Canada)

ASN54994 (ML-1432-54994, CA)

download.sangfor.com.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:400d:c0b::66 (Morganton, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1408:c400:389::f09 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)

consentcdn.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
imgsct.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:400d:c0f::5e (Morganton, United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f003:100:face:b00c:0:3 (Ashburn, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1408:c400:5::17c7:3716 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4004:c1d::9a (Washington, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:38::181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:400d:c0e::9a (Morganton, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4004:c1b::9c (Washington, United States)

ASN15169 (GOOGLE, US)

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:400d:c0b::69 (Morganton, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f103:83:face:b00c:0:25de (Ashburn, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.29.201.57 (Amsterdam, Netherlands)

ASN31898 (ORACLE-BMC-31898, US)

s757079.t.eloqua.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:92c (United States)

ASN13335 (CLOUDFLARENET, US)

ipapi.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.212.251.218 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-212-251-218.deploy.static.akamaitechnologies.com

images.sangfor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 69.164.193.241 (Richardson, United States)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 69-164-193-241.ip.linodeusercontent.com

wa.arounddeal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
77	sangfor.com www.sangfor.com — Cisco Umbrella Rank: 947920 images.sangfor.com	2 MB
10	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 42 td.doubleclick.net — Cisco Umbrella Rank: 192 Failed stats.g.doubleclick.net — Cisco Umbrella Rank: 136	10 KB
8	google.com www.google.com — Cisco Umbrella Rank: 3 analytics.google.com — Cisco Umbrella Rank: 147	2 KB
7	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 321 www.linkedin.com — Cisco Umbrella Rank: 646 px4.ads.linkedin.com — Cisco Umbrella Rank: 6828	4 KB
6	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	588 KB
5	arounddeal.com wa.arounddeal.com	2 KB
5	cookiebot.com consent.cookiebot.com — Cisco Umbrella Rank: 4618 consentcdn.cookiebot.com — Cisco Umbrella Rank: 5320 imgsct.cookiebot.com — Cisco Umbrella Rank: 5372	139 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 180	72 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 34	22 KB
3	en25.com img06.en25.com — Cisco Umbrella Rank: 66886	42 KB
2	eloqua.com s757079.t.eloqua.com	2 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 113	4 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 784	14 KB
2	gstatic.com www.gstatic.com	216 KB
2	sangfor.com.cn download.sangfor.com.cn — Cisco Umbrella Rank: 957441	10 KB
1	ipapi.co ipapi.co — Cisco Umbrella Rank: 16407	939 B
1	unpkg.com unpkg.com — Cisco Umbrella Rank: 797	2 KB
142	17

	Domain	Requested by
76	www.sangfor.com	www.sangfor.com consent.cookiebot.com
6	www.google.com	www.sangfor.com www.gstatic.com consent.cookiebot.com
6	www.googletagmanager.com	www.sangfor.com www.googletagmanager.com
5	wa.arounddeal.com	www.sangfor.com wa.arounddeal.com
5	px.ads.linkedin.com	3 redirects snap.licdn.com
4	td.doubleclick.net	www.googletagmanager.com consent.cookiebot.com
4	googleads.g.doubleclick.net	www.googletagmanager.com consent.cookiebot.com
4	connect.facebook.net	www.sangfor.com connect.facebook.net consent.cookiebot.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	img06.en25.com	www.sangfor.com consent.cookiebot.com
2	s757079.t.eloqua.com	www.sangfor.com
2	www.facebook.com	www.sangfor.com
2	stats.g.doubleclick.net	www.googletagmanager.com
2	analytics.google.com	www.googletagmanager.com
2	snap.licdn.com	www.sangfor.com
2	www.gstatic.com	www.google.com consent.cookiebot.com
2	consentcdn.cookiebot.com	consent.cookiebot.com
2	download.sangfor.com.cn	www.sangfor.com
2	consent.cookiebot.com	www.sangfor.com consent.cookiebot.com
1	images.sangfor.com	www.sangfor.com
1	ipapi.co	www.sangfor.com
1	imgsct.cookiebot.com
1	px4.ads.linkedin.com	www.sangfor.com
1	www.linkedin.com	1 redirects
1	unpkg.com	www.sangfor.com
142	25

This site contains links to these domains. Also see Links.

Domain
www.cookiebot.com
www.gartner.com
business.safety.google
www.linkedin.com
www.spreaker.com
www.statista.com
www.surveymonkey.co.uk
www.hotjar.com
newrelic.com
www.facebook.com
www.oracle.com
www.sangfor.com.cn
sangfor.co.kr
sangfor.es
sangfor.it
sangfor.co.th
sangfor.id
sangfor.com.tr
community.sangfor.com
supportportal.sangfor.com
direct.lc.chat
partnerportal.sangfor.com
active.sangfor.com
connect.sangfor.com
twitter.com
www.youtube.com
www.instagram.com

Subject Issuer	Validity	Valid
*.sangfor.com Certainly Intermediate R1	`2024-09-27` - `2024-10-27`	a month	crt.sh
consent.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2024-02-28` - `2025-02-27`	a year	crt.sh
*.google-analytics.com WR2	`2024-09-24` - `2024-12-17`	3 months	crt.sh
unpkg.com WE1	`2024-09-25` - `2024-12-24`	3 months	crt.sh
www.google.com WR2	`2024-09-24` - `2024-12-17`	3 months	crt.sh
*.en25.com DigiCert TLS RSA SHA256 2020 CA1	`2024-07-30` - `2025-07-29`	a year	crt.sh
*.sangfor.com.cn GeoTrust CN RSA CA G1	`2024-01-24` - `2025-02-23`	a year	crt.sh
*.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2024-02-26` - `2025-02-26`	a year	crt.sh
*.gstatic.com WR2	`2024-09-24` - `2024-12-17`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-07-23` - `2024-10-21`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-09-24` - `2024-12-17`	3 months	crt.sh
*.google.com WR2	`2024-09-24` - `2024-12-17`	3 months	crt.sh
*.doubleclick.net WR2	`2024-09-24` - `2024-12-17`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-09-11` - `2025-03-11`	6 months	crt.sh
*.t.eloqua.com DigiCert TLS RSA SHA256 2020 CA1	`2024-03-26` - `2025-04-10`	a year	crt.sh
ipapi.co WE1	`2024-09-02` - `2024-12-01`	3 months	crt.sh
images.sangfor.com Go Daddy Secure Certificate Authority - G2	`2024-04-23` - `2025-05-21`	a year	crt.sh
wa.arounddeal.com E6	`2024-10-08` - `2025-01-06`	3 months	crt.sh

This page contains 8 frames:

Primary Page: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Frame ID: 2CB2C4825C08054489360E8445599E84
Requests: 132 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: 81D0647673931DA212A17CA105BBAB42
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/11481739312?random=1728887828404&cv=11&fst=1728887828404&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9176098020za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&did=dMDhkMT&gdid=dMDhkMT&npa=0&us_privacy=1YNY&pscdl=noapi&auid=1967345616.1728887828&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config%3Bpage_placeholder%3DPLACEHOLDER_page_location
Frame ID: 8ADE26D2AAF29E039288ABDF6EE93DAD
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-21N5DLV7PF&gacid=1552816344.1728887829&gtm=45je4a90v894187644za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101671035~101686685&z=197380221
Frame ID: 1462D92C9070AC313A53ADED0C4389B4
Requests: 2 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/11481739312?random=1728887828404&cv=11&fst=1728887828404&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9176098020za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&did=dMDhkMT&gdid=dMDhkMT&npa=0&us_privacy=1YNY&pscdl=noapi&auid=1967345616.1728887828&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config%3Bpage_placeholder%3DPLACEHOLDER_page_location
Frame ID: 2802697F7EE0C3A8DF04F8ED80A11889
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/658559639?random=1728887828661&cv=11&fst=1728887828661&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v888876710z8834067541za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&npa=0&us_privacy=1YNY&pscdl=noapi&auid=1967345616.1728887828&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 92BAE8086DE96DA37AD5F8159CBE29BC
Requests: 2 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-SS797RGCZV&gacid=1552816344.1728887829&gtm=45be4a90v888876710z8834067541za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101671035~101686685&z=732667535
Frame ID: 13A6F1F26692486E21835C0C1A912AB7
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LczTogeAAAAAA5eA9bXICZ0-6LDyr2C5kFjBakY&co=aHR0cHM6Ly93d3cuc2FuZ2Zvci5jb206NDQz&hl=en&v=aR-zv8WjtWx4lAw-tRCA-zca&size=invisible&cb=u876f7rjp4sl
Frame ID: EE3F46E2520B66932114751C4CA6138A
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

New RCRU64 Ransomware Variant Discovered by Sangfor FarSight Labs | Sangfor

Detected technologies

Alpine.js (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

/alpine(?:\.min)?\.js

Cookiebot (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

consent\.cookiebot\.com

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

142
Requests

95 %
HTTPS

79 %
IPv6

17
Domains

25
Subdomains

25
IPs

3
Countries

2674 kB
Transfer

7147 kB
Size

15
Cookies

40 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cookiebot.com/en/what-is-behind-powered-by-cookiebot/

Search URL Search Domain Scan URL

URL: https://www.cookiebot.com/goto/privacy-policy/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.gartner.com/en/about/policies/privacy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://business.safety.google/privacy/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/legal/privacy-policy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.spreaker.com/privacy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.statista.com/imprint/#privacy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.surveymonkey.co.uk/mp/legal/privacy-policy/?ut_source=footer
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.hotjar.com/legal/policies/privacy/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://newrelic.com/termsandconditions/privacy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.facebook.com/policy.php/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.oracle.com/legal/privacy/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.cookiebot.com/
Title: Cookiebot

Search URL Search Domain Scan URL

URL: https://www.sangfor.com.cn/
Title: ● Chinese (中文)

Search URL Search Domain Scan URL

URL: https://sangfor.co.kr/
Title: ● Korean (한국어)

Search URL Search Domain Scan URL

URL: https://sangfor.es/
Title: ● Spanish (Español)

Search URL Search Domain Scan URL

URL: https://sangfor.it/
Title: ● Italy (Italiano)

Search URL Search Domain Scan URL

URL: https://sangfor.co.th/
Title: ● Thai (ไทย)

Search URL Search Domain Scan URL

URL: https://sangfor.id/
Title: ● Indonesian (Bahasa ID)

Search URL Search Domain Scan URL

URL: https://sangfor.com.tr/
Title: ● Turkish (Türkiye)

Search URL Search Domain Scan URL

URL: https://community.sangfor.com/
Title: Sangfor Support Community

Search URL Search Domain Scan URL

URL: https://supportportal.sangfor.com/#/login
Title: Open a Support Ticket

Search URL Search Domain Scan URL

URL: https://community.sangfor.com/plugin.php?id=sangfor_databases%3Aindex
Title: Sangfor Technical Documents

Search URL Search Domain Scan URL

URL: https://direct.lc.chat/9691255/1
Title: Sangfor Live Chat

Search URL Search Domain Scan URL

URL: https://partnerportal.sangfor.com/securePartner/
Title: Sangfor Partner Portal

Search URL Search Domain Scan URL

URL: https://community.sangfor.com/member.php?mod=logging&action=login&from=elearning
Title: Partner e-Learning

Search URL Search Domain Scan URL

URL: https://active.sangfor.com/feedback-and-complaint
Title: Submit a Feedback

Search URL Search Domain Scan URL

URL: https://connect.sangfor.com/cyberratings-enterprise-firewall-test-2024?utm_source=Website&utm_medium=Sangfor
Title: DOWNLOAD THE REPORT

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant&title=new-rcru64-ransomware-variant&summary=new-rcru64-ransomware-variant&source=https://www.sangfor.com

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Sangfor

Search URL Search Domain Scan URL

URL: https://twitter.com/SANGFOR

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/sangfor-technologies

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/SangforTechnologies

Search URL Search Domain Scan URL

URL: https://www.instagram.com/sangfortechnologies

Search URL Search Domain Scan URL

URL: https://partnerportal.sangfor.com/securePartner/#/login
Title: Sangfor Partner Portal

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Sangfor/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCeCn-ronoA24BDRtzAvjuaQ?sub_confirmation=1

Search URL Search Domain Scan URL

URL: https://www.instagram.com/sangfortechnologies/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 97

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728887828765&li_adsId=f47fa835-c4a0-4e23-b2a5-5830332ae58a&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728887828765&li_adsId=f47fa835-c4a0-4e23-b2a5-5830332ae58a&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D701411%26time%3D1728887828765%26li_adsId%3Df47fa835-c4a0-4e23-b2a5-5830332ae58a%26url%3Dhttps%253A%252F%252Fwww.sangfor.com%252Ffarsight-labs-threat-intelligence%252Fcybersecurity%252Fnew-rcru64-ransomware-variant%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728887828765&li_adsId=f47fa835-c4a0-4e23-b2a5-5830332ae58a&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728887828765&li_adsId=f47fa835-c4a0-4e23-b2a5-5830332ae58a&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&cookiesTest=true&liSync=true&e_ipv6=AQLyOpw_XqUQpQAAAZKJvrNgeyeu36TlX30wxVYc3HWbId3MGabBeVv_qFko-kXZnn_58TQUX0U

142 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request new-rcru64-ransomware-variant Show response
www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/ 281 KB
53 KB 276ms
112ms Document
text/html 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

1419f43d240049ef0b962f7d84526f0b41e4fd3c5376f21e75fc195895a203d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 1249
cache-control: max-age=21600, public
content-encoding: gzip
content-language: en
content-length: 53525
content-type: text/html; charset=UTF-8
date: Mon, 14 Oct 2024 06:37:07 GMT
etag: W/"1728886577"
expires: Sun, 19 Nov 1978 05:00:00 GMT
last-modified: Mon, 14 Oct 2024 06:16:17 GMT
link: <https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant>; rel="canonical"
permissions-policy: interest-cohort=()
server: nginx
strict-transport-security: max-age=300
vary: Accept-Encoding, Cookie, Cookie, Cookie
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: HIT, MISS, MISS
x-cache-hits: 5, 0, 0
x-content-type-options: nosniff
x-drupal-cache: MISS
x-drupal-dynamic-cache: MISS
x-frame-options: SAMEORIGIN
x-generator: Drupal 9 (https://www.drupal.org)
x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-j2fs9
x-served-by: cache-ams21062-AMS, cache-ewr-kewr1740047-EWR, cache-ewr-kewr1740021-EWR
x-styx-req-id: d2d652e3-89f3-11ef-b947-c6e297b52812
x-timer: S1728887827.450135,VS0,VE87
x-ua-compatible: IE=edge

GET
H2 200 uc.js Show response
consent.cookiebot.com/ 110 KB
34 KB 214ms
69ms Script
application/javascript 2600:1408:c400:16::17d4:f805
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/uc.js
Requested by: Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:c400:16::17d4:f805 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: b30b70e2067e407e427ac15a978091acb030d9b2db360ea2a3ce3eec6ef474e5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

access-control-expose-headers: Request-Context
cache-control: public, max-age=78
content-encoding: gzip
etag: "42d4c62e8219db1:0"
cross-origin-resource-policy: cross-origin
request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
expires: Mon, 14 Oct 2024 06:38:25 GMT
accept-ranges: bytes
content-length: 34533
date: Mon, 14 Oct 2024 06:37:07 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 13:01:25 GMT
vary: Accept-Encoding

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 208 KB
76 KB 220ms
73ms Script
application/javascript 2607:f8b0:400d:c0d::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-15510522-1

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0d::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9521d52a5d391974ca8ce810fdee73bb5e87e6c2d92638d81c5a2ee01711cffb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 14 Oct 2024 06:37:07 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 14 Oct 2024 06:37:07 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 76779
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 css_9m8-tA3IQf8ThlLQYTTZUyEweCvyR908Tg0XCbKYOfY.css
www.sangfor.com/sites/default/files/css/ 7 KB
2 KB 38ms
35ms Stylesheet
text/css 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/sites/default/files/css/css_9m8-tA3IQf8ThlLQYTTZUyEweCvyR908Tg0XCbKYOfY.css

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

f66f3eb40dc841ff138652d06134d9532130782bf247dd3c4e0d1709b29839f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-59f96d5596-thd5g
content-encoding: gzip
etag: W/"66e3ad6f-1b00"
age: 174099
expires: Tue, 23 Sep 2025 00:47:15 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:07 GMT
content-type: text/css
last-modified: Fri, 13 Sep 2024 03:11:43 GMT
x-served-by: cache-ams21040-AMS, cache-ewr-kewr1740050-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 29, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.820079,VS0,VE8
x-styx-req-id: 363489ad-787c-11ef-9be8-dad7acecdb5d
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 2153
server: nginx

GET
H2 200 css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css
www.sangfor.com/sites/default/files/css/ 254 KB
45 KB 130ms
127ms Stylesheet
text/css 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ca976922a5bc02835846fc4b6243e2f110320afe24279c3dc022d4df3c24a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5644f9474c-t5trq
content-encoding: gzip
etag: W/"66f56a4e-3f7a5"
age: 0
expires: Sat, 27 Sep 2025 14:06:07 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:07 GMT
content-type: text/css
last-modified: Thu, 26 Sep 2024 14:06:06 GMT
x-served-by: cache-ams21022-AMS, cache-ewr-kewr1740052-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 5, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.828337,VS0,VE87
x-styx-req-id: 799712e0-7c10-11ef-ae48-9e12fbb5ed48
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 46063
server: nginx

GET
H2 200 js_DnvkTEg3ZbpAvbj7eRQvcDWT9BHsE4-MJYsCXEbFg8A.js Show response
www.sangfor.com/sites/default/files/js/ 9 KB
3 KB 45ms
42ms Script
application/x-javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/sites/default/files/js/js_DnvkTEg3ZbpAvbj7eRQvcDWT9BHsE4-MJYsCXEbFg8A.js

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

0e7be44c483765ba40bdb8fb79142f703593f411ec138f8c258b025c46c583c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-c65c4c55-z6qqz
content-encoding: gzip
etag: W/"66f0ca9b-259c"
age: 174137
expires: Wed, 24 Sep 2025 01:56:08 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:07 GMT
content-type: application/x-javascript
last-modified: Mon, 23 Sep 2024 01:55:39 GMT
x-served-by: cache-ams2100091-AMS, cache-ewr-kewr1740023-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 52, 14, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.828324,VS0,VE7
x-styx-req-id: 0074ee66-794f-11ef-b005-6237ede9c4d6
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 3185
server: nginx

GET
H2 200 min.js Show response
unpkg.com/@ungap/url-search-params@0.2.2/ 4 KB
2 KB 219ms
75ms Script
application/javascript 2606:4700::6811:f5cb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/@ungap/url-search-params@0.2.2/min.js

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:f5cb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65caebd5a0a65049f5509277b50ec0b57e5b087c08ca8ba7c65e2a4643f7a08a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: "112b-YrUV36eppRXZgpD0iI7NtWvmFK0"
age: 2034297
x-content-type-options: nosniff
date: Mon, 14 Oct 2024 06:37:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01J887VG9FWPTFS3AJ1AG2FHAG-lga
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000
via: 1.1 fly.io
cf-ray: 8d258f1cdc63c484-EWR
access-control-allow-origin: *
server: cloudflare

GET
H2 200 js_yBWa1rtNCgnUGgvuctTEhrLMfO_6qC-cCY7JJAoD2ig.js Show response
www.sangfor.com/sites/default/files/js/ 2 KB
1 KB 43ms
42ms Script
application/x-javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/sites/default/files/js/js_yBWa1rtNCgnUGgvuctTEhrLMfO_6qC-cCY7JJAoD2ig.js

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c8159ad6bb4d0a09d41a0bee72d4c486b2cc7ceffaa82f9c098ec9240a03da28

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-7d6684fc85-mdm8c
content-encoding: gzip
etag: W/"66f0ca9b-721"
age: 174099
expires: Fri, 03 Oct 2025 13:50:41 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:07 GMT
content-type: application/x-javascript
last-modified: Mon, 23 Sep 2024 01:55:39 GMT
x-served-by: cache-ams21070-AMS, cache-ewr-kewr1740065-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.828142,VS0,VE7
x-styx-req-id: 501d626d-80c5-11ef-a245-625df8b79e6e
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 711
server: nginx

GET
H2 200 languages.png
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/ 168 B
551 B 44ms
42ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/languages.png

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

19ba61e585dc696f1222273bb4dea2f9ea0475e7e587fc41f09a9f6a5d0100e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-796985df48-m7flh
fastly-io-info: ifsz=341 idim=16x16 ifmt=png ofsz=168 odim=16x16 ofmt=webp
etag: "Orb1dmJDFtP/N6yT675aKKOa6zcmdgPShBSZpcNIYOo"
age: 2308742
expires: Sun, 07 Sep 2025 19:36:18 GMT
x-cache: MISS, MISS, HIT, HIT
date: Mon, 14 Oct 2024 06:37:07 GMT
content-type: image/webp
x-served-by: cache-ams2100109-AMS, cache-chi-klot8100067-CHI, cache-chi-kigq8000104-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 16, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.828103,VS0,VE1
x-styx-req-id: 497a19d6-6c87-11ef-bc6c-0ab8f0a9d395
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 168
fastly-io-served-by: vpop-kiad7010210
server: nginx

GET
H2 200 languages-sticky.png
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/ 216 B
675 B 42ms
41ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/languages-sticky.png

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

284aa1609b16851463de01ab149eb88b09375632c13713e662e0830abddf8bec

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-5f576dcdd9-cw48b
fastly-io-info: ifsz=496 idim=16x16 ifmt=png ofsz=216 odim=16x16 ofmt=webp
etag: "dO9oA19TM1eYAGDkkCUlSCnaB/KGW6gs2NTNH83AEaw"
age: 3236450
expires: Sun, 07 Sep 2025 19:32:29 GMT
x-cache: HIT, MISS, HIT, HIT
date: Mon, 14 Oct 2024 06:37:07 GMT
content-type: image/webp
x-served-by: cache-ams2100089-AMS, cache-chi-kigq8000084-CHI, cache-chi-klot8100097-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 686, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.828082,VS0,VE1
x-styx-req-id: c0f43d7f-6c86-11ef-b380-c656f0ebc924
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 216
fastly-io-served-by: vpop-kiad7010211
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant4074.jpg
www.sangfor.com/sites/default/files/inline-images/ 39 KB
39 KB 57ms
55ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant4074.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

8c861ea0c6c43eb8839b5dcbb171bc584c342268fcb203ab9c45d339fd7f400e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-59f96d5596-qrghr
fastly-io-info: ifsz=74401 idim=830x512 ifmt=jpeg ofsz=39704 odim=830x512 ofmt=webp
etag: "vPRJY3tyG0wUr0caBLNxjgQn8TjEXxhY9SyEHv8aZaw"
age: 1008804
expires: Thu, 25 Sep 2025 13:04:51 GMT
x-cache: MISS, HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:07 GMT
content-type: image/webp
x-served-by: cache-ams21070-AMS, cache-chi-klot8100129-CHI, cache-chi-kigq8000130-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 1, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.937646,VS0,VE18
x-styx-req-id: 95aa10ca-7a75-11ef-9d35-86258012481b
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 39704
fastly-io-served-by: vpop-kiad7010215
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant4134.jpg
www.sangfor.com/sites/default/files/inline-images/ 25 KB
25 KB 163ms
149ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant4134.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

30b0f26470c915ef09c50d127690c860685641df1f66409f0aec3d260186d388

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-5f576dcdd9-kc686
fastly-io-info: ifsz=54446 idim=831x431 ifmt=jpeg ofsz=25392 odim=831x431 ofmt=webp
etag: "P7QTR8TyVfDk+j1pWwH7J1BlajfY/wzSoGkOQ+g33io"
age: 1802550
expires: Tue, 26 Aug 2025 03:57:06 GMT
x-cache: MISS, HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams21060-AMS, cache-chi-klot8100068-CHI, cache-chi-klot8100068-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 12, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.053926,VS0,VE18
x-styx-req-id: 1894c842-6296-11ef-a932-3a5fb9dd45f7
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 25392
fastly-io-served-by: vpop-kiad7010217
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant4171.jpg
www.sangfor.com/sites/default/files/inline-images/ 33 KB
33 KB 133ms
119ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant4171.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

43a82cd8f2c063b414db0ad551d1c7a2ec384f4347d300609e5b490b4c8c40a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-86bbdf8544-w54cj
fastly-io-info: ifsz=62172 idim=831x242 ifmt=jpeg ofsz=33796 odim=831x242 ofmt=webp
etag: "c2G0NlxLVy/fGyp2Obg7AYzArew1O0MAJyU7C4OvAwI"
age: 1217072
expires: Wed, 01 Oct 2025 04:32:35 GMT
x-cache: HIT, MISS, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams2100108-AMS, cache-chi-klot8100120-CHI, cache-chi-klot8100090-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 7, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.053361,VS0,VE18
x-styx-req-id: 042829b3-7ee5-11ef-980d-c25078f00740
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 33796
fastly-io-served-by: vpop-kiad7010249
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant4571.jpg
www.sangfor.com/sites/default/files/inline-images/ 40 KB
41 KB 144ms
130ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant4571.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cc639c62a725f411cbfa123171585ae887e67acbfc7cec1aadb033eeb4c998a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-c65c4c55-lpzvk
fastly-io-info: ifsz=81306 idim=831x484 ifmt=jpeg ofsz=41406 odim=831x484 ofmt=webp
etag: "GGEwZRoISTnJoPukjMTxcNlZHt9u4oZ6/SHfmJyIsqw"
age: 577716
expires: Sun, 14 Sep 2025 18:39:14 GMT
x-cache: MISS, HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams21042-AMS, cache-chi-kigq8000114-CHI, cache-chi-klot8100153-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 7, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.053710,VS0,VE18
x-styx-req-id: 798aeb40-71ff-11ef-9e40-5a355862b94c
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 41406
fastly-io-served-by: img06-us-east4
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant4798.jpg
www.sangfor.com/sites/default/files/inline-images/ 12 KB
12 KB 129ms
115ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant4798.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c7e56b6438ce7b0803d9c06b7ee1c8ce6db280dac58e0f8f56490336c2bec194

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-84d775db57-6h676
fastly-io-info: ifsz=24948 idim=830x200 ifmt=jpeg ofsz=12140 odim=830x200 ofmt=webp
etag: "C09xH7m9zhhbkyAVmMrUt++pwRn0MxhMLt4I+a7V7Js"
age: 577716
expires: Wed, 08 Oct 2025 14:08:31 GMT
x-cache: MISS, MISS, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams21082-AMS, cache-chi-kigq8000041-CHI, cache-chi-klot8100051-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 6, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.053126,VS0,VE18
x-styx-req-id: a25f22bf-84b5-11ef-918d-de3234677e8a
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 12140
fastly-io-served-by: vpop-kiad7010229
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant4881.jpg
www.sangfor.com/sites/default/files/inline-images/ 23 KB
23 KB 82ms
68ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant4881.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

1dae51845d58e1f038ca809955fa1f4a3b2114a05d9071a06ffe5f3e2d2dc816

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-5f576dcdd9-7thdz
fastly-io-info: ifsz=46360 idim=731x499 ifmt=jpeg ofsz=23552 odim=731x499 ofmt=webp
etag: "OibGN3fOnaBskhGe1Byo3OdrqTiuP1PF1dLfdykJOgQ"
age: 1802550
expires: Fri, 15 Aug 2025 13:09:01 GMT
x-cache: MISS, MISS, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams21048-AMS, cache-chi-kigq8000101-CHI, cache-chi-kigq8000164-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 14, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.053392,VS0,VE18
x-styx-req-id: 5fea3c14-5a3e-11ef-8bfb-8e36a993e3a1
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 23552
fastly-io-served-by: vpop-kiad7010215
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant5081.jpg
www.sangfor.com/sites/default/files/inline-images/ 12 KB
12 KB 130ms
116ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant5081.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

1ab18b6349502e2ff94ae18400f17f3e453a7f14dd3ba45f88751e78ddc47a0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5644f9474c-2sw7v
fastly-io-info: ifsz=21824 idim=820x94 ifmt=jpeg ofsz=12388 odim=820x94 ofmt=webp
etag: "jrQJMi5d8tKYSCSSfmbam95QUrEjXBhlzSIj3xLhajM"
age: 1217073
expires: Wed, 01 Oct 2025 04:32:35 GMT
x-cache: HIT, MISS, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams2100105-AMS, cache-chi-klot8100148-CHI, cache-chi-klot8100127-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 7, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.053361,VS0,VE18
x-styx-req-id: 0427de6f-7ee5-11ef-8cee-12ad23927ad3
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 12388
fastly-io-served-by: vpop-kiad7010231
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant5263.jpg
www.sangfor.com/sites/default/files/inline-images/ 30 KB
30 KB 88ms
75ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant5263.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

6e8ea35cfdff4770e3e0d3c98e9e78f8818f4c5f44561274dca027fd1e3fe41b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-c65c4c55-z6qqz
fastly-io-info: ifsz=55526 idim=831x286 ifmt=jpeg ofsz=30618 odim=831x286 ofmt=webp
etag: "Io2bOiL68s5uO9ipMHXRrlv2V3UJ2LcQUeubzpjH7i0"
age: 1802550
expires: Wed, 17 Sep 2025 08:25:56 GMT
x-cache: HIT, HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams21031-AMS, cache-chi-kigq8000048-CHI, cache-chi-kigq8000048-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 13, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.053053,VS0,VE18
x-styx-req-id: 4bcb0056-7405-11ef-88a4-6237ede9c4d6
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 30618
fastly-io-served-by: vpop-kiad7010213
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant5647.jpg
www.sangfor.com/sites/default/files/inline-images/ 43 KB
44 KB 80ms
67ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant5647.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

acc56b2df173f77e03fbd422205fa16c2067e01f996313c37d301146f12d67cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-796985df48-p55wm
fastly-io-info: ifsz=79416 idim=831x397 ifmt=jpeg ofsz=44428 odim=831x397 ofmt=webp
etag: "iOZqCxWV7xxYn+vnL5F/Yfq8hwWrvZUg1h/U+4if7jU"
age: 1802550
expires: Wed, 03 Sep 2025 03:59:38 GMT
x-cache: MISS, MISS, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams21063-AMS, cache-chi-klot8100161-CHI, cache-chi-kigq8000164-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 14, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.053039,VS0,VE18
x-styx-req-id: c6856691-68df-11ef-8016-76ae21b829dd
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 44428
fastly-io-served-by: vpop-kiad7010214
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant5977.jpg
www.sangfor.com/sites/default/files/inline-images/ 14 KB
15 KB 79ms
66ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant5977.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

76383787d84ba9588f39fa845cfd80b0d645719f3f9ac32be4fc92b18b1d148c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5b9775c78-49rqw
fastly-io-info: ifsz=23076 idim=830x64 ifmt=jpeg ofsz=14556 odim=830x64 ofmt=webp
etag: "Zexde0HuUaT2CwLLb7LdM3qMjjkQ8BcwCCLpy5PZ4gE"
age: 297153
expires: Wed, 08 Oct 2025 14:08:32 GMT
x-cache: MISS, MISS, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams2100097-AMS, cache-chi-klot8100111-CHI, cache-chi-kigq8000020-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 3, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.052967,VS0,VE18
x-styx-req-id: a260db97-84b5-11ef-991b-de16ede6e430
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 14556
fastly-io-served-by: vpop-kiad7010250
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant6104.jpg
www.sangfor.com/sites/default/files/inline-images/ 31 KB
31 KB 144ms
131ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant6104.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

9e337c7f8bc51113fb2f0eb2585f03a7b3b0588f3661a2f51c4025d4b17d2a40

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5644f9474c-2sw7v
fastly-io-info: ifsz=56532 idim=831x316 ifmt=jpeg ofsz=31590 odim=831x316 ofmt=webp
etag: "ke4re1m6hv/HbPouLNvhu1imkl737YF0ZGemlLz7TVU"
age: 1217072
expires: Wed, 01 Oct 2025 04:32:35 GMT
x-cache: HIT, MISS, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams21075-AMS, cache-chi-klot8100062-CHI, cache-chi-klot8100147-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 6, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.052950,VS0,VE19
x-styx-req-id: 0427f13c-7ee5-11ef-8cee-12ad23927ad3
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 31590
fastly-io-served-by: vpop-kiad7010212
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant6371.jpg
www.sangfor.com/sites/default/files/inline-images/ 13 KB
13 KB 210ms
198ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant6371.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

6fbbf1e444fd365c5c0d4c96461eee486e5a33784b3f199d92fe69567e932770

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-796985df48-m7flh
fastly-io-info: ifsz=29122 idim=830x180 ifmt=jpeg ofsz=12948 odim=830x180 ofmt=webp
etag: "Qeby48NyJPPXHAxu5JE2sRFoEgoQYlbscAIciKOJBgg"
age: 1802550
expires: Mon, 01 Sep 2025 21:56:56 GMT
x-cache: MISS, MISS, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams2100145-AMS, cache-chi-klot8100153-CHI, cache-chi-kigq8000148-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 14, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.078119,VS0,VE18
x-styx-req-id: f072e77a-67e3-11ef-bc6c-0ab8f0a9d395
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 12948
fastly-io-served-by: vpop-kiad7010250
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant6539.jpg
www.sangfor.com/sites/default/files/inline-images/ 11 KB
12 KB 209ms
196ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant6539.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3c3b0fdb91418f8c6538ec2a686c6d49b619494effc576611c2ccdb1440e7b2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-c65c4c55-9tcfg
fastly-io-info: ifsz=24600 idim=831x124 ifmt=jpeg ofsz=11728 odim=831x124 ofmt=webp
etag: "FcRwIJhQo/stYvJ8o0FIOctQlq63PyuC/+0xLvM8CWY"
age: 577716
expires: Sun, 14 Sep 2025 18:39:14 GMT
x-cache: MISS, HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams2100105-AMS, cache-chi-kigq8000119-CHI, cache-chi-kigq8000093-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 6, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.077894,VS0,VE18
x-styx-req-id: 799847db-71ff-11ef-927a-1a02874bc4b6
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 11728
fastly-io-served-by: vpop-kiad7010214
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant7581.jpg
www.sangfor.com/sites/default/files/inline-images/ 23 KB
23 KB 212ms
199ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant7581.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

dd33484b1c193c68f5616a406865d1754ca67353899a46ce65400470a7dd084c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-c65c4c55-7skd9
fastly-io-info: ifsz=36874 idim=830x169 ifmt=jpeg ofsz=23290 odim=830x169 ofmt=webp
etag: "Lt8vLYHkDb4MjZ51SnSuHZFBL5TCVoSpT4YaWIkZoqU"
age: 1802550
expires: Wed, 17 Sep 2025 08:25:57 GMT
x-cache: HIT, HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams2100087-AMS, cache-chi-kigq8000104-CHI, cache-chi-kigq8000104-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 12, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.078139,VS0,VE18
x-styx-req-id: 4c21346c-7405-11ef-aa69-a6bd2d28ddea
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 23290
fastly-io-served-by: vpop-kiad7010247
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant7855.jpg
www.sangfor.com/sites/default/files/inline-images/ 46 KB
46 KB 211ms
198ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant7855.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

a8342a4c16e3fddd19edb61bdf17e984a875a520d408e9ff24f989d8ee4b4021

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5b9775c78-s5hrd
fastly-io-info: ifsz=72346 idim=830x246 ifmt=jpeg ofsz=46668 odim=830x246 ofmt=webp
etag: "Q2FYjyjc1deswf5p73lKHRQPeCqY8ptIylcg4v7IC9k"
age: 864711
expires: Sun, 05 Oct 2025 06:25:17 GMT
x-cache: MISS, MISS, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams2100147-AMS, cache-chi-kigq8000136-CHI, cache-chi-klot8100153-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 6, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.078153,VS0,VE19
x-styx-req-id: 6c2c45c0-8219-11ef-af2b-0af51c2c7f7c
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 46668
fastly-io-served-by: vpop-kiad7010231
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant8022.jpg
www.sangfor.com/sites/default/files/inline-images/ 19 KB
19 KB 210ms
197ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant8022.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5b63874935b493559810133aff35028591cd64ce758994e710d8347a4b0d401d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5644f9474c-h4wt2
fastly-io-info: ifsz=35298 idim=830x240 ifmt=jpeg ofsz=19248 odim=830x240 ofmt=webp
etag: "8muIL594oCMAqUuUyQ/82J6BPDxkKi0Qout42YRZV5s"
age: 1217073
expires: Wed, 01 Oct 2025 04:32:35 GMT
x-cache: HIT, MISS, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams21067-AMS, cache-chi-klot8100046-CHI, cache-chi-kigq8000155-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 8, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.078139,VS0,VE18
x-styx-req-id: 04278146-7ee5-11ef-9df6-bef268001cb5
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 19248
fastly-io-served-by: vpop-kiad7010213
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant8432.jpg
www.sangfor.com/sites/default/files/inline-images/ 15 KB
15 KB 212ms
200ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant8432.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5b34b175179a2b7207902dfb82f3bd5ddcecffed15372771abc7ac81941a89a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-59f96d5596-qrghr
fastly-io-info: ifsz=28264 idim=831x232 ifmt=jpeg ofsz=15324 odim=831x232 ofmt=webp
etag: "lIuWvobaZIDyAC5buxJLShklxVLXTMVp55hqZSNrM3E"
age: 1007748
expires: Sun, 14 Sep 2025 18:39:14 GMT
x-cache: HIT, MISS, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams2100109-AMS, cache-chi-klot8100022-CHI, cache-chi-kigq8000083-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 8, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.078500,VS0,VE18
x-styx-req-id: 799a2be2-71ff-11ef-9d35-86258012481b
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 15324
fastly-io-served-by: vpop-kiad7010248
server: nginx

GET
H2 200 image%201_0_0.png
www.sangfor.com/sites/default/files/inline-images/ 120 KB
120 KB 213ms
201ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/image%201_0_0.png

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

ebaccbb59ffac8f54448f61dae2a3cca80036be36348f2e116d25056d83a7e76

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-7d6684fc85-mvp8s
fastly-io-info: ifsz=133580 idim=723x785 ifmt=png ofsz=122622 odim=723x785 ofmt=webp
etag: "gDqVcMmzx4aBADq1m1o8KL+mIEKwUJzf0J5x5V6FMLg"
age: 1007747
expires: Fri, 03 Oct 2025 14:41:20 GMT
x-cache: MISS, MISS, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams21045-AMS, cache-chi-klot8100099-CHI, cache-chi-klot8100118-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 8, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.077732,VS0,VE19
x-styx-req-id: 63955fb0-80cc-11ef-876a-32120c29c299
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 122622
fastly-io-served-by: vpop-kiad7010217
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant15503.jpg
www.sangfor.com/sites/default/files/inline-images/ 27 KB
27 KB 208ms
196ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant15503.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

42fcc2e1fa91f2656f4fe39ab0ce936e6358d9ea1a3847baa4abaeb30fc6340e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-6995bc9c6b-vbkmq
fastly-io-info: ifsz=51293 idim=807x663 ifmt=jpeg ofsz=27248 odim=807x663 ofmt=webp
etag: "7oYqFKix13JQrRx6N1tLlMUjUgeU4mkX2nn7pJMAOmo"
age: 1802550
expires: Thu, 07 Aug 2025 11:12:57 GMT
x-cache: MISS, MISS, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams2100093-AMS, cache-chi-klot8100045-CHI, cache-chi-kigq8000092-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 13, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.077722,VS0,VE18
x-styx-req-id: d5938363-53e4-11ef-aca7-42e95ec37499
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 27248
fastly-io-served-by: vpop-kiad7010211
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant16236_1.jpg
www.sangfor.com/sites/default/files/inline-images/ 44 KB
44 KB 213ms
202ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant16236_1.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

4ef8764b15fc01e7dab43f9b379996e763ecee58df1115f69142d4db17194cbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-5f576dcdd9-zz8fm
fastly-io-info: ifsz=83145 idim=831x924 ifmt=jpeg ofsz=44732 odim=831x924 ofmt=webp
etag: "tTpGMS/2xK9gWgck5klJhzw2BvYTtt8cBeInq86lOh4"
age: 3
expires: Fri, 05 Sep 2025 14:37:03 GMT
x-cache: MISS, HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams2100141-AMS, cache-chi-klot8100049-CHI, cache-chi-klot8100058-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 1, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.077665,VS0,VE19
x-styx-req-id: 270040e7-6acb-11ef-bcc9-e60246f3375c
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 44732
fastly-io-served-by: vpop-kiad7010229
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant16834.jpg
www.sangfor.com/sites/default/files/inline-images/ 85 KB
85 KB 211ms
200ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant16834.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

a9794eb161a19e97283a6b27ad43932837f5638f85a3cf08cec9ef6a9cd9c721

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-c65c4c55-z6qqz
fastly-io-info: ifsz=141119 idim=830x600 ifmt=jpeg ofsz=86580 odim=830x600 ofmt=webp
etag: "x9tzINiSFzkUDyQK2HpStDcz4U6ZE17j80w23GmY8Cg"
age: 2412669
expires: Wed, 17 Sep 2025 08:25:58 GMT
x-cache: HIT, MISS, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams2100091-AMS, cache-chi-klot8100154-CHI, cache-chi-klot8100089-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 11, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.077645,VS0,VE19
x-styx-req-id: 4cef31c4-7405-11ef-88a4-6237ede9c4d6
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 86580
fastly-io-served-by: vpop-kiad7010214
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant16895.jpg
www.sangfor.com/sites/default/files/inline-images/ 72 KB
73 KB 212ms
201ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant16895.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cedb71958c703923a2df24aff20e6250b7d506e60c5f8931f5f4a82ff3f8cef4

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-hh9nd
fastly-io-info: ifsz=128436 idim=830x1006 ifmt=jpeg ofsz=73896 odim=830x1006 ofmt=webp
etag: "+hFf3vdZnXdr57/p5mLpKZ7/RofFj06bn9/MLZ7KbjE"
age: 3
expires: Wed, 15 Oct 2025 06:37:04 GMT
x-cache: MISS, MISS, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams2100103-AMS, cache-chi-klot8100153-CHI, cache-chi-klot8100114-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 1, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.077632,VS0,VE19
x-styx-req-id: b9fa6cae-89f6-11ef-8218-3208fd4d7f88
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 73896
fastly-io-served-by: vpop-kiad7010217
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant18132.jpg
www.sangfor.com/sites/default/files/inline-images/ 67 KB
67 KB 209ms
198ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant18132.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

eafbdcc4eab9ccd535cebb16f2f960eecc341496cc3edede446bf5d90321660b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-59f96d5596-qrghr
fastly-io-info: ifsz=110828 idim=831x355 ifmt=jpeg ofsz=68464 odim=831x355 ofmt=webp
etag: "jCs1QW0BsNX9awyoU5s8yLfnIGSxvWr/qlWl4SWlAXo"
age: 1098226
expires: Wed, 24 Sep 2025 09:54:37 GMT
x-cache: MISS, HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams2100117-AMS, cache-chi-klot8100155-CHI, cache-chi-kigq8000160-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 9, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.079848,VS0,VE18
x-styx-req-id: d857f080-7991-11ef-9d35-86258012481b
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 68464
fastly-io-served-by: vpop-kiad7010210
server: nginx

GET
H2 200 2.4%20Sangfor%20Solution.jpg
www.sangfor.com/sites/default/files/inline-images/ 91 KB
92 KB 209ms
199ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/inline-images/2.4%20Sangfor%20Solution.jpg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

ec1637554b155c6bec0d5c076d76866f2e584c17d2dbd4c55f7cc13c6477b210

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-hh9nd
fastly-io-info: ifsz=101788 idim=1000x903 ifmt=jpeg ofsz=93364 odim=1000x903 ofmt=webp
etag: "PEHlSlbLdB49DZRbsrcpOFMDCeLSmyeT7shOibnnM/Y"
age: 3
expires: Wed, 15 Oct 2025 06:37:04 GMT
x-cache: MISS, MISS, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams2100085-AMS, cache-chi-klot8100056-CHI, cache-chi-kigq8000094-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 1, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.079747,VS0,VE18
x-styx-req-id: b9fa78c7-89f6-11ef-8218-3208fd4d7f88
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 93364
fastly-io-served-by: vpop-kiad7010212
server: nginx

GET
H2 200 sangfor_building.jpg.webp
www.sangfor.com/sites/default/files/styles/webp/public/2022-10/ 48 KB
49 KB 159ms
149ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/styles/webp/public/2022-10/sangfor_building.jpg.webp?itok=Wz2JzIYx

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

d19d0a77d9895780fe41eb1b9bc0e086f513cbec51c97a3d74fd245be5d2ea68

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-c9497cf79-g7j5s
fastly-io-info: ifsz=49628 idim=757x800 ifmt=webp ofsz=49628 odim=757x800 ofmt=webp
etag: "l+6GahIm93mxoyxrHnvXlULT+bg+3EP2/Flk1jo1GkM"
age: 2228445
expires: Wed, 16 Jul 2025 19:19:25 GMT
x-cache: MISS, MISS, HIT, HIT
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams2100134-AMS, cache-chi-kigq8000162-CHI, cache-chi-kigq8000128-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 343, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
fastly-io-warning: Failed to shrink image
x-timer: S1728887828.079655,VS0,VE1
x-styx-req-id: 26083df3-42df-11ef-a67c-923788c6f370
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 49628
fastly-io-served-by: vpop-kiad7010214
server: nginx

GET
H2 200 logo-fb.svg
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/ 397 B
500 B 179ms
169ms Image
image/svg+xml 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/logo-fb.svg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

aac00b0dd1b83a91bb40a96104b60a1a76bbf7887ecdc78f824a751533f8d9f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-mqsgn
content-encoding: gzip
etag: W/"67091a90-18d"
age: 173879
expires: Mon, 13 Oct 2025 06:19:09 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/svg+xml
last-modified: Fri, 11 Oct 2024 12:31:12 GMT
x-served-by: cache-ams2100125-AMS, cache-ewr-kewr1740066-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.079643,VS0,VE8
x-styx-req-id: e4325a13-8861-11ef-bce7-5a768933f673
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 275
server: nginx

GET
H2 200 logo-twitter.svg
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/ 596 B
728 B 178ms
169ms Image
image/svg+xml 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/logo-twitter.svg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

fbb8fad500a2857ce80ec8fb10d2d9bcf96becf86d9cbafad061aceae07c2f53

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-j2fs9
content-encoding: gzip
etag: W/"6709c64a-254"
age: 173879
expires: Mon, 13 Oct 2025 06:19:09 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/svg+xml
last-modified: Sat, 12 Oct 2024 00:43:54 GMT
x-served-by: cache-ams21025-AMS, cache-ewr-kewr1740072-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.079670,VS0,VE8
x-styx-req-id: e432833e-8861-11ef-b947-c6e297b52812
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 387
server: nginx

GET
H2 200 logo-linkedin.svg
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/ 683 B
635 B 177ms
168ms Image
image/svg+xml 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/logo-linkedin.svg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5a399207c12d45df8892cffc11528a6666e85d182999f90c97f654c1f7b4d5b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-rkcnz
content-encoding: gzip
etag: W/"6709a3e0-2ab"
age: 174135
expires: Mon, 13 Oct 2025 06:14:53 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/svg+xml
last-modified: Fri, 11 Oct 2024 22:17:04 GMT
x-served-by: cache-ams21029-AMS, cache-ewr-kewr1740037-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.079736,VS0,VE8
x-styx-req-id: 4bb4137d-8861-11ef-b957-86ae226cd428
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 368
server: nginx

GET
H2 200 icon-youtube-author.svg
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/ 925 B
773 B 179ms
171ms Image
image/svg+xml 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/icon-youtube-author.svg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

818f9cbde752ad72e51413c9230dd1526c1f6ea916c034d597d551ce979f831f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-wzbxl
content-encoding: gzip
etag: W/"6709c64a-39d"
age: 173879
expires: Mon, 13 Oct 2025 06:19:09 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/svg+xml
last-modified: Sat, 12 Oct 2024 00:43:54 GMT
x-served-by: cache-ams21067-AMS, cache-ewr-kewr1740037-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 1, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.079549,VS0,VE6
x-styx-req-id: e432d694-8861-11ef-b87b-7eaec3dbcd23
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 506
server: nginx

GET
H2 200 logo-ig-author.svg
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/ 2 KB
1 KB 175ms
167ms Image
image/svg+xml 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/logo-ig-author.svg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

83bd6fedd1fe68e130019dcc9ac407bc349c9f6f36874716c7e73be94dc9e462

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-rkcnz
content-encoding: gzip
etag: W/"67093249-7e7"
age: 173879
expires: Mon, 13 Oct 2025 06:19:09 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/svg+xml
last-modified: Fri, 11 Oct 2024 14:12:25 GMT
x-served-by: cache-ams2100126-AMS, cache-ewr-kewr1740069-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.079518,VS0,VE4
x-styx-req-id: e4329573-8861-11ef-b957-86ae226cd428
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1017
server: nginx

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 1 KB
1 KB 229ms
92ms Script
text/javascript 2607:f8b0:400d:c0b::93
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LczTogeAAAAAA5eA9bXICZ0-6LDyr2C5kFjBakY

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0b::93 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2ef14706d7ea03c01ea58bc28980cd3c345b2814e38d9fa9051d3cccf245bbd8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: private, max-age=300
content-encoding: gzip
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options: nosniff
expires: Mon, 14 Oct 2024 06:37:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date: Mon, 14 Oct 2024 06:37:08 GMT
x-xss-protection: 0
content-type: text/javascript; charset=utf-8
server: ESF
x-frame-options: SAMEORIGIN

GET
H/1.1 200
OK livevalidation_standalone.compressed.js Show response
img06.en25.com/i/ 13 KB
14 KB 247ms
74ms Script
application/x-javascript 23.13.153.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://img06.en25.com/i/livevalidation_standalone.compressed.js

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.13.153.20 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-13-153-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

36ef1cf6246ce3d596a572d7b0e947a7088eefb1af6373f1a0669c9189a6728e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Robots-Tag: noindex, nofollow
Cache-Control: no-store
Pragma: no-cache
ETag: "32e442741dd4da1:0"
Connection: keep-alive
X-Content-Type-Options: nosniff
Expires: Mon, 14 Oct 2024 06:37:08 GMT
Accept-Ranges: bytes
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Length: 13723
X-XSS-Protection: 1; mode=block
Date: Mon, 14 Oct 2024 06:37:08 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 12 Jul 2024 05:36:33 GMT

GET
H/1.1 200
OK c19159723c724342a4382da50f1f4b57.gif
download.sangfor.com.cn/ 9 KB
10 KB 1853ms
42ms Image
image/gif 2607:3f40:ff08::7ff
ML-1432-54994

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://download.sangfor.com.cn/c19159723c724342a4382da50f1f4b57.gif?la=zh-CN&rev=a25ec929e048423290e67e4d0fc251ac&hash=D70C6C0954BDC063F85CC911025BBEF0
Requested by: Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2607:3f40:ff08::7ff , Canada, ASN54994 (ML-1432-54994, CA),
Reverse DNS
Software: WS-web-server /
Resource Hash: 6879f6200421154baabd4682320d1a1ff600830520ff73697f61c1c8759a6a3f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

X-Reqid: 202126410028724620240126085349sgXMnhVpsampled
x-ws-request-id: 670cbc15_PS-IAD-012Ee33_8310-21248
x-via: 1.1 dianxun187:6 (Cdn Cache Server V2.0), 1.1 PS-JFK-01sPK201:3 (Cdn Cache Server V2.0), 1.1 PS-IAD-012Ee33:7 (Cdn Cache Server V2.0)
ETag: "Fvo1Tz1ZcS0MNBtuJBgE-dYZksmL"
Age: 237944
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 9481
Date: Mon, 14 Oct 2024 06:37:09 GMT
Content-Type: image/gif;charset=UTF-8
Last-Modified: Wed, 31 Aug 2022 03:37:37 GMT
Server: WS-web-server

GET
H2 200 eloqua.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/eloqua_js/ 5 KB
2 KB 175ms
168ms Script
application/x-javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/eloqua_js/eloqua.js

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

6fe067bf4e83889b5dc2d32f88835854a7e5ee95fec799ba1558a20cfb5e6f3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-rkcnz
content-encoding: gzip
etag: W/"67091a90-1539"
age: 174098
expires: Mon, 13 Oct 2025 06:15:29 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript
last-modified: Fri, 11 Oct 2024 12:31:12 GMT
x-served-by: cache-ams21033-AMS, cache-ewr-kewr1740076-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 18, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.079508,VS0,VE5
x-styx-req-id: 60f0c3e7-8861-11ef-b957-86ae226cd428
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 1856
server: nginx

GET
H2 200 HeroBanner.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/widgets/ 1 KB
780 B 175ms
168ms Script
application/x-javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/widgets/HeroBanner.js?v=2.7

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

7434fc40a30edaa357cb3873be0c68e0e6ac7bce734c4b3a458368d0865d9205

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-hh9nd
content-encoding: gzip
etag: W/"6709a3e0-435"
age: 174098
expires: Mon, 13 Oct 2025 06:15:29 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript
last-modified: Fri, 11 Oct 2024 22:17:04 GMT
x-served-by: cache-ams21076-AMS, cache-ewr-kewr1740047-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 20, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.079463,VS0,VE5
x-styx-req-id: 60f0b52d-8861-11ef-8218-3208fd4d7f88
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 580
server: nginx

GET
H2 200 header.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/pages/ 5 KB
2 KB 177ms
170ms Script
application/x-javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/pages/header.js?v=2.7

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

098fc51c00b27479bf9564ff913f642e836ac863b346c43819f09a80936ec0a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-pcz5l
content-encoding: gzip
etag: W/"67091a90-141f"
age: 174098
expires: Mon, 13 Oct 2025 03:02:55 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript
last-modified: Fri, 11 Oct 2024 12:31:12 GMT
x-served-by: cache-ams21026-AMS, cache-ewr-kewr1740041-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 39, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.079475,VS0,VE9
x-styx-req-id: 7a51d78c-8846-11ef-806f-86327059ab4c
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 1521
server: nginx

GET
H2 200 runtime.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/ 3 KB
2 KB 173ms
167ms Script
application/x-javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/runtime.js?v=2.7

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

41a49f5e2794f7440f5a4cca9a3384eeec0505922b2f21b6dfd1299bc275ef95

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-hh9nd
content-encoding: gzip
etag: W/"6709a3e0-cec"
age: 174138
expires: Mon, 13 Oct 2025 03:02:56 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript
last-modified: Fri, 11 Oct 2024 22:17:04 GMT
x-served-by: cache-ams21081-AMS, cache-ewr-kewr1740060-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 39, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.079397,VS0,VE4
x-styx-req-id: 7b07f24a-8846-11ef-8218-3208fd4d7f88
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 1750
server: nginx

GET
H2 200 main.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/ 3 KB
1 KB 178ms
172ms Script
application/x-javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/main.js?v=2.7

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

873798cf5a9cc4cd81e7fc20017683455be4e1bbf14553aa56182e1f05a6bfd5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-pcz5l
content-encoding: gzip
etag: W/"67091a90-b65"
age: 174098
expires: Sun, 12 Oct 2025 12:40:58 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript
last-modified: Fri, 11 Oct 2024 12:31:12 GMT
x-served-by: cache-ams2100147-AMS, cache-ewr-kewr1740057-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 38, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.079359,VS0,VE7
x-styx-req-id: 10bff563-87ce-11ef-806f-86327059ab4c
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 1010
server: nginx

GET
H2 200 vendor-main.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/ 418 KB
145 KB 176ms
171ms Script
application/x-javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/vendor-main.js?v=2.7

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

125917e83a2fdc404792d691b5f572c72408a1fbc6bea8c8c5ea76efc952f8b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-j2fs9
content-encoding: gzip
etag: W/"67093249-689f2"
age: 174099
expires: Mon, 13 Oct 2025 06:15:29 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript
last-modified: Fri, 11 Oct 2024 14:12:25 GMT
x-served-by: cache-ams21079-AMS, cache-ewr-kewr1740052-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.081030,VS0,VE4
x-styx-req-id: 60f1bea2-8861-11ef-b947-c6e297b52812
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 148414
server: nginx

GET
H2 200 footer.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/pages/ 12 KB
5 KB 175ms
170ms Script
application/x-javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/pages/footer.js?v=2.7

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5e6e5066c2153c8e15f1bb3051b8dfd7dfd1e5b947a80e0ec16c266b5ab50369

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-wzbxl
content-encoding: gzip
etag: W/"67093249-2f05"
age: 174138
expires: Mon, 13 Oct 2025 03:05:34 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript
last-modified: Fri, 11 Oct 2024 14:12:25 GMT
x-served-by: cache-ams2100104-AMS, cache-ewr-kewr1740041-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 34, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.080710,VS0,VE7
x-styx-req-id: d8fbb66b-8846-11ef-b87b-7eaec3dbcd23
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 4485
server: nginx

GET
H2 200 article.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/widgets/ 17 KB
6 KB 177ms
172ms Script
application/x-javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/widgets/article.js?v=2.7

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

14054a79120f273f1fe554b4d62296e779e36fa70da6f9a159919b533b808443

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-pcz5l
content-encoding: gzip
etag: W/"6709c64a-42c0"
age: 174098
expires: Mon, 13 Oct 2025 03:07:30 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript
last-modified: Sat, 12 Oct 2024 00:43:54 GMT
x-served-by: cache-ams21060-AMS, cache-ewr-kewr1740029-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 25, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.080698,VS0,VE6
x-styx-req-id: 1e4e12e6-8847-11ef-806f-86327059ab4c
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 5707
server: nginx

GET
H2 200 js_2KlXA4Z5El1IQFVPxDN1aX5mIoMSFWGv3vwsP77K9yk.js Show response
www.sangfor.com/sites/default/files/js/ 2 B
277 B 65ms
50ms Script
application/x-javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/sites/default/files/js/js_2KlXA4Z5El1IQFVPxDN1aX5mIoMSFWGv3vwsP77K9yk.js

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

d8a957038679125d4840554fc43375697e662283121561afdefc2c3fbecaf729

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-59f96d5596-5kz6f
content-encoding: gzip
etag: "66e3ad6a-2"
age: 174099
expires: Sun, 14 Sep 2025 03:11:40 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript
last-modified: Fri, 13 Sep 2024 03:11:38 GMT
x-served-by: cache-ams21052-AMS, cache-ewr-kewr1740060-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 5, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.054155,VS0,VE6
x-styx-req-id: e516ec89-717d-11ef-904b-2a95c218e6a7
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 22
server: nginx

GET
H2 200 alpine.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/vendor/ 38 KB
16 KB 177ms
171ms Script
application/x-javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/vendor/alpine.js?v=2.7

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

01b80650d5df17eac7605ba1d5feac89fdba2a6496ceedf58ba0eb3ee5d8dbe9

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-mqsgn
content-encoding: gzip
etag: W/"67091a90-9658"
age: 174098
expires: Mon, 13 Oct 2025 03:05:33 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript
last-modified: Fri, 11 Oct 2024 12:31:12 GMT
x-served-by: cache-ams21077-AMS, cache-ewr-kewr1740044-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 34, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.080690,VS0,VE5
x-styx-req-id: d8ac922e-8846-11ef-bce7-5a768933f673
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 16064
server: nginx

GET
H2 200 js_bzB0iLngivU62X37QpI6Gpz7k3EkyXaTOnQh7orgZbo.js Show response
www.sangfor.com/sites/default/files/js/ 96 KB
38 KB 61ms
46ms Script
application/x-javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/sites/default/files/js/js_bzB0iLngivU62X37QpI6Gpz7k3EkyXaTOnQh7orgZbo.js

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

6f307488b9e08af53ad97dfb42923a1a9cfb937124c976933a7421ee8ae065ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5644f9474c-2sw7v
content-encoding: gzip
etag: W/"66f56a4c-17ec1"
age: 174099
expires: Thu, 02 Oct 2025 09:15:28 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript
last-modified: Thu, 26 Sep 2024 14:06:04 GMT
x-served-by: cache-ams2100114-AMS, cache-ewr-kewr1740067-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.053392,VS0,VE6
x-styx-req-id: b37e08bb-7fd5-11ef-8cee-12ad23927ad3
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 38682
server: nginx

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 345 KB
111 KB 100ms
95ms Script
application/javascript 2607:f8b0:400d:c0d::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MCTHSDB

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0d::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f7ec5d37f5deb02a98d039ab265e68de620420bc74ac0f64e2d3bd2788e9751e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Mon, 14 Oct 2024 06:37:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Mon, 14 Oct 2024 06:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 113580
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 unsplash_BfrQnKBulYQ.png.webp
www.sangfor.com/sites/default/files/styles/webp/public/2022-02/ 52 KB
52 KB 152ms
150ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/styles/webp/public/2022-02/unsplash_BfrQnKBulYQ.png.webp?itok=wmrgQS0X

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

fe32d73e471032dfa34593cc106238ecbf6b7bd859eb13256fd00bacb32da0dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-59f96d5596-qrghr
fastly-io-info: ifsz=53422 idim=1440x560 ifmt=webp ofsz=52952 odim=1440x560 ofmt=webp
etag: "4Mkqjlll4hmGleu1KZjzE/3DbK58irON6grL4oDEmMg"
age: 2235052
expires: Fri, 19 Sep 2025 09:46:15 GMT
x-cache: MISS, MISS, HIT, HIT
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams2100118-AMS, cache-chi-kigq8000118-CHI, cache-chi-kigq8000068-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 185, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.080658,VS0,VE1
x-styx-req-id: d8d0d9bd-75a2-11ef-9d35-86258012481b
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 52952
fastly-io-served-by: vpop-kiad7010249
server: nginx

GET
DATA 200
OK truncated
/ 231 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90473a1a619e183dde264afd0632ecbaa69a98ce8a4ed8be947417e47a666670

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H2 200 rectangle_956_0.png.webp
www.sangfor.com/sites/default/files/styles/webp/public/2022-10/ 5 KB
5 KB 162ms
162ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/styles/webp/public/2022-10/rectangle_956_0.png.webp?itok=LvndLHnT

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

bc58caa4613d0c671ee8347e5925bcf6022f662ac917a845f1227e46c5fb6979

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-bd959c788-7ph88
fastly-io-info: ifsz=5346 idim=1440x625 ifmt=webp ofsz=5022 odim=1440x625 ofmt=webp
etag: "Jc6VQcQRm2fdh7duoRPY6jAJ39g0R1AjY3HneUhl7ac"
age: 3001085
expires: Mon, 11 Aug 2025 14:59:42 GMT
x-cache: MISS, HIT, HIT, HIT
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams21046-AMS, cache-chi-klot8100115-CHI, cache-chi-klot8100115-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 509, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.080637,VS0,VE3
x-styx-req-id: 2c9510c3-5729-11ef-8b3c-26d717ceb0e3
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 5022
fastly-io-served-by: vpop-kiad7010227
server: nginx

GET
H2 200 RedHatDisplay-SemiBold.woff2
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/ 19 KB
19 KB 236ms
233ms Font
font/woff2 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/RedHatDisplay-SemiBold.woff2

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

effa68298eeabf7434140c33108e997e9ac91a3d03d81398cdf471172ee50a7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.sangfor.com
Referer: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-hhx26
etag: "6709a3df-4d10"
age: 174099
expires: Mon, 13 Oct 2025 06:15:29 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: font/woff2
last-modified: Fri, 11 Oct 2024 22:17:03 GMT
x-served-by: cache-ams2100139-AMS, cache-ewr-kewr1740067-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 20, 0, 0
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.115948,VS0,VE4
x-styx-req-id: 612bb387-8861-11ef-848d-ee31b65f8c59
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19728
server: nginx

GET
H2 200 RedHatDisplay-Bold.woff2
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/ 19 KB
20 KB 235ms
233ms Font
font/woff2 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/RedHatDisplay-Bold.woff2

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

2632350150729e5432013ca98c01588c89c707f4dcf359076ce8b90cbf369dc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.sangfor.com
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-hhx26
etag: "67091a90-4ce8"
age: 174135
expires: Mon, 13 Oct 2025 06:14:53 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: font/woff2
last-modified: Fri, 11 Oct 2024 12:31:12 GMT
x-served-by: cache-ams2100136-AMS, cache-ewr-kewr1740072-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 23, 0, 0
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.116093,VS0,VE3
x-styx-req-id: 4b67a845-8861-11ef-848d-ee31b65f8c59
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19688
server: nginx

GET
H2 200 flaticon.ttf
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/ 16 KB
10 KB 236ms
234ms Font
application/x-font-ttf 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/flaticon.ttf

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

1c04a80bf1f07f432ebf3f677b015e854b58efd124649588ea04f136e3eb3554

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.sangfor.com
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-hhx26
content-encoding: gzip
etag: W/"6709a3df-3ecc"
age: 174135
expires: Mon, 13 Oct 2025 06:14:53 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-font-ttf
last-modified: Fri, 11 Oct 2024 22:17:03 GMT
x-served-by: cache-ams2100116-AMS, cache-ewr-kewr1740037-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 23, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.115911,VS0,VE4
x-styx-req-id: 4b67b9bd-8861-11ef-848d-ee31b65f8c59
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 9927
server: nginx

GET
H2 200 RedHatDisplay-Medium.woff2
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/ 19 KB
20 KB 306ms
304ms Font
font/woff2 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/RedHatDisplay-Medium.woff2

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

82254875473203cbd5e10c02ca9677baf7ab978a518f6b1cc6acc7a8b1872b63

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.sangfor.com
Referer: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-wzbxl
etag: "67091a90-4d20"
age: 174134
expires: Mon, 13 Oct 2025 06:14:53 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: font/woff2
last-modified: Fri, 11 Oct 2024 12:31:12 GMT
x-served-by: cache-ams2100091-AMS, cache-ewr-kewr1740045-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 23, 0, 0
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.115763,VS0,VE11
x-styx-req-id: 4bbcba8e-8861-11ef-b87b-7eaec3dbcd23
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19744
server: nginx

GET
H2 200 RedHatDisplay-ExtraBold.woff2
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/ 19 KB
20 KB 305ms
304ms Font
font/woff2 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/RedHatDisplay-ExtraBold.woff2

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

300e0a19f0415d8cbbb83d10272bc792632f48175d9be777937bee14825e419b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.sangfor.com
Referer: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-mqsgn
etag: "67093249-4d68"
age: 174135
expires: Mon, 13 Oct 2025 06:14:53 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: font/woff2
last-modified: Fri, 11 Oct 2024 14:12:25 GMT
x-served-by: cache-ams21076-AMS, cache-ewr-kewr1740046-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 23, 0, 0
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.115608,VS0,VE10
x-styx-req-id: 4b690d46-8861-11ef-bce7-5a768933f673
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19816
server: nginx

GET
H2 200 RedHatDisplay-Black.woff2
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/ 18 KB
19 KB 235ms
234ms Font
font/woff2 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/RedHatDisplay-Black.woff2

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

221f8c9253e16004a0fc662867a8c9ca2f8626ee34643314be21511b500fd35d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.sangfor.com
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-wzbxl
etag: "67091a90-4910"
age: 174135
expires: Mon, 13 Oct 2025 06:10:49 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: font/woff2
last-modified: Fri, 11 Oct 2024 12:31:12 GMT
x-served-by: cache-ams2100147-AMS, cache-ewr-kewr1740065-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 24, 0, 0
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.116081,VS0,VE4
x-styx-req-id: ba61441d-8860-11ef-b87b-7eaec3dbcd23
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18704
server: nginx

GET
H2 200 RedHatDisplay-Regular.woff2
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/ 19 KB
19 KB 304ms
303ms Font
font/woff2 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/RedHatDisplay-Regular.woff2

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

60df6999405b8e3907c141cf4fb76812e272d0890b9e759ea66d1343cfaa20dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.sangfor.com
Referer: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-j2fs9
etag: "67093249-4a50"
age: 174135
expires: Mon, 13 Oct 2025 03:05:33 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: font/woff2
last-modified: Fri, 11 Oct 2024 14:12:25 GMT
x-served-by: cache-ams21028-AMS, cache-ewr-kewr1740022-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 34, 0, 0
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.115599,VS0,VE7
x-styx-req-id: d8be0569-8846-11ef-b947-c6e297b52812
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19024
server: nginx

GET
H2 200 Primary%20Sangfor%20Logo.png
www.sangfor.com/sites/default/files/ 4 KB
4 KB 177ms
176ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/sites/default/files/Primary%20Sangfor%20Logo.png

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

71c4d85ab6e7bd8471cb0bed91b04311f338dddd2aa3827f0c4790e8b7b53d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-796985df48-kjk68
fastly-io-info: ifsz=4968 idim=430x144 ifmt=png ofsz=4176 odim=430x144 ofmt=webp
etag: "a01RxrnGV3D32I/tbK92cRx2QOijheMXOlAUlG4zUTc"
age: 1702694
expires: Thu, 28 Aug 2025 15:47:07 GMT
x-cache: MISS, MISS, HIT, HIT
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams21073-AMS, cache-chi-kigq8000040-CHI, cache-chi-klot8100121-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 505, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.107291,VS0,VE1
x-styx-req-id: 9d14a6a7-648b-11ef-8c75-9e049ca68b1f
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 4176
fastly-io-served-by: vpop-kiad7010231
server: nginx

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 241 KB
87 KB 102ms
102ms Script
application/javascript 2607:f8b0:400d:c0d::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-SS797RGCZV&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-15510522-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0d::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

22c2033df0cf6028b91f63121567a2b836fdd7e6ba1b89808c549c75414746ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 14 Oct 2024 06:37:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Mon, 14 Oct 2024 06:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 88984
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 318ms
106ms Script
text/javascript 2607:f8b0:400d:c0b::66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-15510522-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0b::66 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: gzip
age: 585
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Mon, 14 Oct 2024 08:27:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 14 Oct 2024 06:27:23 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 249 KB
88 KB 168ms
166ms Script
application/javascript 2607:f8b0:400d:c0d::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-11481739312&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-15510522-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0d::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

134c71e05c2550194cb5336c0eee6c75b310e7fdc07c5f335d74be5b86f6a8b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 14 Oct 2024 06:37:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Mon, 14 Oct 2024 06:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 90196
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 371 KB
121 KB 369ms
367ms Script
application/javascript 2607:f8b0:400d:c0d::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-658559639&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-15510522-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0d::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

970cfbb5d95a7f46ad5ecf330447a96d40afb93b84e652f5c98cb4aadf5048bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 14 Oct 2024 06:37:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 123649
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 309 KB
105 KB 258ms
257ms Script
application/javascript 2607:f8b0:400d:c0d::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-21N5DLV7PF&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-15510522-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0d::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

30843462ee19ff85eb7baced3273d98dc442b14593ab1623698795b0d36136f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 14 Oct 2024 06:37:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 107009
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 bc-v4.min.html
consentcdn.cookiebot.com/sdk/ Frame 81D0 0
0 345ms
161ms Document
text/html 2600:1408:c400:389::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:c400:389::f09 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash

Request headers

Referer: https://www.sangfor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=30527037
content-encoding: gzip
content-length: 392
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 14 Oct 2024 06:37:08 GMT
etag: "3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163"
expires: Thu, 02 Oct 2025 14:21:05 GMT
last-modified: Mon, 04 Apr 2022 07:23:49 GMT
server: AkamaiNetStorage
server-timing: cdn-cache; desc=HIT edge; dur=1 ak_p; desc="1728887828274_400219288_1864526471_18_663_20_104_255";dur=1
vary: Accept-Encoding
x-akamai-transformed: 9 - 0 pmb=mRUM,1

GET
H2 200 configuration.js Show response
consentcdn.cookiebot.com/consentconfig/7029b9e8-6353-4e6a-a7ff-84ac8be1e142/sangfor.com/ 4 KB
1 KB 278ms
89ms Script
application/x-javascript 2600:1408:c400:389::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consentcdn.cookiebot.com/consentconfig/7029b9e8-6353-4e6a-a7ff-84ac8be1e142/sangfor.com/configuration.js
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:c400:389::f09 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 23e4d60cfac088ba6eb24b76c0726eec2077c2f164c17f4e9906f43c3ac4d4ca

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: max-age=65783
content-encoding: gzip
etag: "0d91b97de9e543541bad1f34cf1169a1:1727103406.542376"
cross-origin-resource-policy: cross-origin
expires: Tue, 15 Oct 2024 00:53:31 GMT
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1728887828277_400219288_1864526469_24_638_20_100_146";dur=1
content-length: 980
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript
last-modified: Mon, 23 Sep 2024 14:56:46 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H2 200 cc.js Show response
consent.cookiebot.com/7029b9e8-6353-4e6a-a7ff-84ac8be1e142/ 359 KB
103 KB 376ms
370ms Script
application/x-javascript 2600:1408:c400:16::17d4:f805
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/7029b9e8-6353-4e6a-a7ff-84ac8be1e142/cc.js?renew=false&referer=www.sangfor.com&dnt=false&init=false&culture=EN
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:c400:16::17d4:f805 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: eb2d6259ac2f866deac13948fab57b7c3b59625d11561b2cd39941da98e9ffb1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: private, max-age=1200
access-control-expose-headers: Request-Context
content-encoding: gzip
cross-origin-resource-policy: cross-origin
request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
content-length: 105494
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 14 Oct 2024 06:37:08 GMT
vary: Accept-Encoding

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/aR-zv8WjtWx4lAw-tRCA-zca/ 546 KB
216 KB 254ms
100ms Script
text/javascript 2607:f8b0:400d:c0f::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/aR-zv8WjtWx4lAw-tRCA-zca/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LczTogeAAAAAA5eA9bXICZ0-6LDyr2C5kFjBakY

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0f::5e Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f75bfbfbf0c7cac2c87d6ca5de0661aedc188b0900b6cef5efbaea134b53302

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.sangfor.com
Referer: https://www.sangfor.com/

Response headers

content-encoding: gzip
age: 344228
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options: nosniff
expires: Fri, 10 Oct 2025 07:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 10 Oct 2024 07:00:00 GMT
last-modified: Mon, 07 Oct 2024 04:02:51 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges: bytes
access-control-allow-origin: *
content-length: 220951
x-xss-protection: 0
server: sffe

GET
H2 200 languages-sticky.png
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/ 216 B
0 0ms
0ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/languages-sticky.png
Requested by: Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 284aa1609b16851463de01ab149eb88b09375632c13713e662e0830abddf8bec

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-5f576dcdd9-cw48b
fastly-io-info: ifsz=496 idim=16x16 ifmt=png ofsz=216 odim=16x16 ofmt=webp
etag: "dO9oA19TM1eYAGDkkCUlSCnaB/KGW6gs2NTNH83AEaw"
age: 3236450
expires: Sun, 07 Sep 2025 19:32:29 GMT
x-cache: HIT, MISS, HIT, HIT
date: Mon, 14 Oct 2024 06:37:07 GMT
content-type: image/webp
x-served-by: cache-ams2100089-AMS, cache-chi-kigq8000084-CHI, cache-chi-klot8100097-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 686, 0
vary: Accept
fastly-stats: io=1
cache-control: max-age=31622400
x-timer: S1728887828.828082,VS0,VE1
x-styx-req-id: c0f43d7f-6c86-11ef-b380-c656f0ebc924
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 216
fastly-io-served-by: vpop-kiad7010211
server: nginx

GET
H2 200 twitter-alt.svg
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images-optimize/ 910 B
835 B 531ms
530ms Image
image/svg+xml 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images-optimize/twitter-alt.svg

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c0db478481c2f2dd767a0b11d2407e6466f3a833c14b219bc1311089b5e51ac9

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-hhx26
content-encoding: gzip
etag: W/"6709a3df-38e"
age: 174128
expires: Mon, 13 Oct 2025 06:14:59 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/svg+xml
last-modified: Fri, 11 Oct 2024 22:17:03 GMT
x-served-by: cache-ams21025-AMS, cache-ewr-kewr1740038-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 20, 0, 0
vary: Accept-Encoding
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887828.260710,VS0,VE9
x-styx-req-id: 4f326379-8861-11ef-848d-ee31b65f8c59
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 509
server: nginx

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 226 KB
58 KB 251ms
100ms Script
application/x-javascript 2a03:2880:f003:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

48ba1993011db4834882d81b2153753437607292f704a6543d4466c0f6d1372a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'unsafe-inline' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'unsafe-inline' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=90, rtx=0, c=23, mss=1232, tbw=5677, tp=10, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: U7lVxx6ajLqLT8dVaVAcOLFuBkdfg8S3wOSsgqLmpukzTBzOFNlqUnIIZHLLe79+Yhi2hafoctZz2i4XP7pOUw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 59131
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 296ms
102ms Script
application/javascript 2600:1408:c400:5::17c7:3716
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:c400:5::17c7:3716 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: max-age=55810
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14628
date: Mon, 14 Oct 2024 06:37:08 GMT
last-modified: Thu, 22 Aug 2024 11:06:54 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/11481739312/ 5 KB
2 KB 351ms
92ms Script
text/javascript 2607:f8b0:4004:c1d::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11481739312/?random=1728887828404&cv=11&fst=1728887828404&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9176098020za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&did=dMDhkMT&gdid=dMDhkMT&npa=0&us_privacy=1YNY&pscdl=noapi&auid=1967345616.1728887828&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config%3Bpage_placeholder%3DPLACEHOLDER_page_location&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-11481739312&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1d::9a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7236974403f4de92b57dad0062fc9b7640731caf5b4319675cebfe47390e7082

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2457
date: Mon, 14 Oct 2024 06:37:08 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET 11481739312
td.doubleclick.net/td/rul/ Frame 8ADE 0
0

POST
H2 204 collect
analytics.google.com/g/ 0
0 305ms
88ms Fetch
text/plain 2001:4860:4802:38::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-21N5DLV7PF&gtm=45je4a90v894187644za200&_p=1728887827930&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101671035~101686685&gdid=dMDhkMT&cid=1552816344.1728887829&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1728887828&sct=1&seg=0&dl=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&dt=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.page_placeholder=PLACEHOLDER_page_location&tfd=1292
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-21N5DLV7PF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:38::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.sangfor.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
545 B 333ms
105ms Ping
text/plain 2607:f8b0:400d:c0e::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-21N5DLV7PF&cid=1552816344.1728887829&gtm=45je4a90v894187644za200&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101671035~101686685
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-21N5DLV7PF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:400d:c0e::9a Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.sangfor.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: text/plain
server: Golfe2

GET rul
td.doubleclick.net/td/ga/ Frame 1462 0
0

GET
H2 200 11481739312
td.doubleclick.net/td/rul/ Frame 2802 0
0 165ms
89ms Document
text/html 2607:f8b0:4004:c1b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/11481739312?random=1728887828404&cv=11&fst=1728887828404&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9176098020za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&did=dMDhkMT&gdid=dMDhkMT&npa=0&us_privacy=1YNY&pscdl=noapi&auid=1967345616.1728887828&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config%3Bpage_placeholder%3DPLACEHOLDER_page_location

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sangfor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 14 Oct 2024 06:37:08 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame 1462 0
0 161ms
88ms Document
text/html 2607:f8b0:4004:c1b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-21N5DLV7PF&gacid=1552816344.1728887829&gtm=45je4a90v894187644za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101671035~101686685&z=197380221

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sangfor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 14 Oct 2024 06:37:08 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK c19159723c724342a4382da50f1f4b57.gif
download.sangfor.com.cn/ 9 KB
0 1293ms
1293ms Image
image/gif 2607:3f40:ff08::7ff
ML-1432-54994

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://download.sangfor.com.cn/c19159723c724342a4382da50f1f4b57.gif?la=zh-CN&rev=a25ec929e048423290e67e4d0fc251ac&hash=D70C6C0954BDC063F85CC911025BBEF0
Requested by: Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2607:3f40:ff08::7ff , Canada, ASN54994 (ML-1432-54994, CA),
Reverse DNS
Software: WS-web-server /
Resource Hash: 6879f6200421154baabd4682320d1a1ff600830520ff73697f61c1c8759a6a3f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

X-Reqid: 202126410028724620240126085349sgXMnhVpsampled
x-ws-request-id: 670cbc15_PS-IAD-012Ee33_8310-21248
x-via: 1.1 dianxun187:6 (Cdn Cache Server V2.0), 1.1 PS-JFK-01sPK201:3 (Cdn Cache Server V2.0), 1.1 PS-IAD-012Ee33:7 (Cdn Cache Server V2.0)
ETag: "Fvo1Tz1ZcS0MNBtuJBgE-dYZksmL"
Age: 237944
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 9481
Date: Mon, 14 Oct 2024 06:37:09 GMT
Content-Type: image/gif;charset=UTF-8
Last-Modified: Wed, 31 Aug 2022 03:37:37 GMT
Server: WS-web-server

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
419 B 95ms
94ms XHR
text/plain 2607:f8b0:400d:c0b::66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=1200876514&t=pageview&_s=1&dl=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&ul=en-us&de=UTF-8&dt=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1817307948&gjid=395772024&cid=1552816344.1728887829&tid=UA-15510522-1&_gid=868717447.1728887829&_r=1&gtm=457e4a90za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&did=dMDhkMT&gdid=dMDhkMT&jsscut=1&z=545914465

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c0b::66 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.sangfor.com/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 14 Oct 2024 06:37:08 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://www.sangfor.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 1
server: Golfe2

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/658559639/ 5 KB
2 KB 98ms
91ms Script
text/javascript 2607:f8b0:4004:c1d::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/658559639/?random=1728887828661&cv=11&fst=1728887828661&bg=ffffff&guid=ON&async=1&gtm=45be4a90v888876710z8834067541za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&npa=0&us_privacy=1YNY&pscdl=noapi&auid=1967345616.1728887828&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-658559639&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1d::9a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

98725c392741143e9beb6712d5a165f2e7d08725b75ec57b0da55465e75be4da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2413
date: Mon, 14 Oct 2024 06:37:08 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET 658559639
td.doubleclick.net/td/rul/ Frame 92BA 0
0

POST
H2 204 collect
analytics.google.com/g/ 0
0 155ms
89ms Fetch
text/plain 2001:4860:4802:38::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-SS797RGCZV&gtm=45be4a90v888876710z8834067541za200&_p=1728887827930&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101671035~101686685&cid=1552816344.1728887829&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1728887828&sct=1&seg=0&dl=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&dt=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&en=page_view&_fv=1&_ss=1&tfd=1444
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-658559639&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:38::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.sangfor.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
57 B 182ms
106ms Ping
text/plain 2607:f8b0:400d:c0e::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-SS797RGCZV&cid=1552816344.1728887829&gtm=45be4a90v888876710z8834067541za200&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101671035~101686685
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-658559639&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:400d:c0e::9a Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.sangfor.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: text/plain
server: Golfe2

GET rul
td.doubleclick.net/td/ga/ Frame 13A6 0
0

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 57ms
56ms Fetch
text/plain 2607:f8b0:400d:c0b::66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-NP5KMJMZXN&gtm=45be4a90v888876710z8834067541za200&_p=1728887827930&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101671035~101686685&cid=1552816344.1728887829&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1728887828&sct=1&seg=0&dl=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&dt=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&en=page_view&_fv=1&_ss=1&tfd=1452
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-658559639&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:400d:c0b::66 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.sangfor.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 658559639
td.doubleclick.net/td/rul/ Frame 92BA 0
0 108ms
108ms Document
text/html 2607:f8b0:4004:c1b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/658559639?random=1728887828661&cv=11&fst=1728887828661&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v888876710z8834067541za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&npa=0&us_privacy=1YNY&pscdl=noapi&auid=1967345616.1728887828&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sangfor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 14 Oct 2024 06:37:08 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame 13A6 0
0 53ms
52ms Document
text/html 2607:f8b0:4004:c1b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-SS797RGCZV&gacid=1552816344.1728887829&gtm=45be4a90v888876710z8834067541za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101671035~101686685&z=732667535

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sangfor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 14 Oct 2024 06:37:08 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 422012601626408 Show response
connect.facebook.net/signals/config/ 73 KB
15 KB 122ms
115ms Script
application/x-javascript 2a03:2880:f003:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/422012601626408?v=2.9.170&r=stable&domain=www.sangfor.com&hme=d82868061a8c707cd31395a3055e7449daa03bd520872727258c39e6af34523e&ex_m=70%2C120%2C106%2C110%2C61%2C4%2C99%2C69%2C16%2C96%2C88%2C51%2C54%2C171%2C174%2C186%2C182%2C183%2C185%2C29%2C100%2C53%2C77%2C184%2C166%2C169%2C179%2C180%2C187%2C130%2C41%2C34%2C142%2C15%2C50%2C193%2C192%2C132%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C92%2C17%2C14%2C95%2C91%2C90%2C107%2C52%2C109%2C39%2C108%2C30%2C93%2C26%2C167%2C170%2C139%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C101%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C103%2C102%2C104%2C97%2C10%2C20%2C3%2C38%2C74%2C19%2C85%2C56%2C83%2C33%2C73%2C0%2C94%2C32%2C82%2C87%2C47%2C46%2C86%2C37%2C5%2C89%2C81%2C44%2C35%2C84%2C2%2C36%2C63%2C42%2C105%2C45%2C79%2C68%2C111%2C60%2C59%2C31%2C98%2C58%2C55%2C49%2C78%2C72%2C24%2C112

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d478514d87108ae2bd2bad44e2d1e6f8f70c35aa7b9fac92591f939fa16449af

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'unsafe-inline' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'unsafe-inline' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=95, rtx=0, c=74, mss=1232, tbw=68445, tp=63, tpl=0, uplat=86, ullat=0
pragma: public
x-fb-debug: leQuDNaR/l6ngx+SNt+D207uxeCnq9Vob2k1UCvyhUBAiGYjrlYFcLc2zIMZL2C8ee6l6DxCmn+i/8BWBQZ/rw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
763 B 317ms
103ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=701411&time=1728887828765&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: *
Referer: https://www.sangfor.com/

Response headers

x-li-pop: afd-prod-lva1-x
content-encoding: gzip
x-fs-uuid: 0006246a10e76773af491cfe4b1c350e
x-msedge-ref: Ref A: 44B9FD2C5B9E41D9AB3CC9E960AD6CD6 Ref B: PHL30EDGE0214 Ref C: 2024-10-14T06:37:08Z
x-li-fabric: prod-lva1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYkahDnZ3OvSRz+Sxw1Dg==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728887828765&li_adsId=f47fa835-c4a0-4e23-b2a5-5830332ae58a&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcy...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728887828765&li_adsId=f47fa835-c4a0-4e23-b2a5-5830332ae58a&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcy...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D701411%26time%3D1728887828765%26li_adsId%3Df47fa835-c4a0-4e23-b2a5-5830332ae58a%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728887828765&li_adsId=f47fa835-c4a0-4e23-b2a5-5830332ae58a&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcy...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728887828765&li_adsId=f47fa835-c4a0-4e23-b2a5-5830332ae58a&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fc...

0
489 B

285ms
109ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728887828765&li_adsId=f47fa835-c4a0-4e23-b2a5-5830332ae58a&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&cookiesTest=true&liSync=true&e_ipv6=AQLyOpw_XqUQpQAAAZKJvrNgeyeu36TlX30wxVYc3HWbId3MGabBeVv_qFko-kXZnn_58TQUX0U
Requested by: Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: FABF802EA006479A8100D43F5A2FAA27 Ref B: PHL30EDGE0413 Ref C: 2024-10-14T06:37:09Z
x-li-fabric: prod-ltx1
x-li-uuid: AAYkahDxrIvGKQGIq2GIOA==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728887828765&li_adsId=f47fa835-c4a0-4e23-b2a5-5830332ae58a&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&cookiesTest=true&liSync=true&e_ipv6=AQLyOpw_XqUQpQAAAZKJvrNgeyeu36TlX30wxVYc3HWbId3MGabBeVv_qFko-kXZnn_58TQUX0U
x-msedge-ref: Ref A: 4A6D26FC441F497F9C662E7BBE86D505 Ref B: PHL30EDGE0220 Ref C: 2024-10-14T06:37:09Z
x-li-fabric: prod-ltx1
x-li-uuid: AAYkahDskFQzXDmfkoz5Lw==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Mon, 14 Oct 2024 06:37:08 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/658559639/ 42 B
64 B 65ms
64ms Image
image/gif 2607:f8b0:400d:c0b::93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/658559639/?random=1728887828661&cv=11&fst=1728885600000&bg=ffffff&guid=ON&async=1&gtm=45be4a90v888876710z8834067541za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&npa=0&us_privacy=1YNY&pscdl=noapi&auid=1967345616.1728887828&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfXwB4HxiMcbEzGBhw4N4spa1-_EOVgw&random=245922759&rmt_tld=0&ipr=y

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0b::93 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 14 Oct 2024 06:37:08 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.google.com/pagead/1p-user-list/11481739312/ 42 B
64 B 44ms
42ms Image
image/gif 2607:f8b0:400d:c0b::93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/11481739312/?random=1728887828404&cv=11&fst=1728885600000&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9176098020za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&did=dMDhkMT&gdid=dMDhkMT&npa=0&us_privacy=1YNY&pscdl=noapi&auid=1967345616.1728887828&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config%3Bpage_placeholder%3DPLACEHOLDER_page_location&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfx1Hx4aPFr7JFcLJdTx1eM3YXnpY7dQ&random=2213092453&rmt_tld=0&ipr=y

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0b::93 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 14 Oct 2024 06:37:08 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 sangfor-logo.png
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/ 34 KB
34 KB 29ms
25ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/sangfor-logo.png

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

6737f2f0ac1fb89f6a3f645062d8f504cd5f78fefff2be86ae82bc544de8fa24

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-7968478984-xqlzx
fastly-io-info: ifsz=44278 idim=1250x1250 ifmt=png ofsz=34436 odim=1250x1250 ofmt=webp
etag: "t575pKpQ3B2dYvYBYiXmVCPQ5KEwON8GgT6CMF4eyh8"
age: 1771602
expires: Fri, 02 May 2025 12:03:04 GMT
x-cache: HIT, MISS, HIT, HIT
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams12763-AMS, cache-chi-klot8100140-CHI, cache-chi-kigq8000169-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 681, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887829.883125,VS0,VE1
x-styx-req-id: c43c6b4a-07b2-11ef-ab86-b648d5ad88f3
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 34436
fastly-io-served-by: vpop-kiad7010228
server: nginx

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e96f4f4298c7d1a94f2fd78ad214ecc6bdfbc7632c1e4927e8c32b29914fdaed

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 293 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET anchor
www.google.com/recaptcha/api2/ Frame EE3F 0
0

GET
H3 200 anchor
www.google.com/recaptcha/api2/ Frame EE3F 0
0 192ms
61ms Document
text/html 2607:f8b0:400d:c0b::69
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LczTogeAAAAAA5eA9bXICZ0-6LDyr2C5kFjBakY&co=aHR0cHM6Ly93d3cuc2FuZ2Zvci5jb206NDQz&hl=en&v=aR-zv8WjtWx4lAw-tRCA-zca&size=invisible&cb=u876f7rjp4sl

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0b::69 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-pf9J_CSLq8TNN7Z7z2lBLQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sangfor.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-pf9J_CSLq8TNN7Z7z2lBLQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Mon, 14 Oct 2024 06:37:09 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 /
www.facebook.com/tr/ 0
273 B 157ms
44ms Image
text/plain 2a03:2880:f103:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=422012601626408&ev=PageView&dl=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&rl=&if=false&ts=1728887829015&sw=1600&sh=1200&v=2.9.170&r=stable&ec=0&o=4126&fbp=fb.1.1728887829012.54625023860543207&cs_est=true&ler=empty&cdl=API_unavailable&it=1728887828762&coo=false&rqm=GET

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=9, rtx=0, c=10, mss=1392, tbw=2901, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Mon, 14 Oct 2024 06:37:09 GMT
content-type: text/plain
server: proxygen-bolt

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 288ms
176ms Image
image/png 2a03:2880:f103:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=422012601626408&ev=PageView&dl=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&rl=&if=false&ts=1728887829015&sw=1600&sh=1200&v=2.9.170&r=stable&ec=0&o=4126&fbp=fb.1.1728887829012.54625023860543207&cs_est=true&ler=empty&cdl=API_unavailable&it=1728887828762&coo=false&rqm=FGET

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7425516684351332980"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 14 Oct 2024 06:37:09 GMT
content-type: image/png
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7425516684351332980", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-debug: JAE+g7UiVbpmElzTt3O9H1rfkEPqiAdqBR/6mDU4O6ADii11mw/37wv9P8DQNZJqlkCbMM6M3Vsng+rK5ywxmQ==
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=9, rtx=0, c=10, mss=1392, tbw=3218, tp=-1, tpl=-1, uplat=110, ullat=0
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?0

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
197 B 97ms
96ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.sangfor.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 60941868EEC240AC978F5657FFC4DFE8 Ref B: PHL30EDGE0220 Ref C: 2024-10-14T06:37:09Z
x-li-fabric: prod-ltx1
access-control-allow-credentials: true
x-li-uuid: AAYkahDzSeAtZyDnDJwmFA==
x-li-proto: http/2
access-control-allow-origin: https://www.sangfor.com
x-cache: CONFIG_NOCACHE
date: Mon, 14 Oct 2024 06:37:09 GMT
vary: Origin

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/aR-zv8WjtWx4lAw-tRCA-zca/ 546 KB
0 0ms
0ms Script
text/javascript 2607:f8b0:400d:c0f::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/aR-zv8WjtWx4lAw-tRCA-zca/recaptcha__en.js

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0f::5e Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f75bfbfbf0c7cac2c87d6ca5de0661aedc188b0900b6cef5efbaea134b53302

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.sangfor.com
Referer: https://www.sangfor.com/

Response headers

content-encoding: gzip
age: 344228
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options: nosniff
expires: Fri, 10 Oct 2025 07:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 10 Oct 2024 07:00:00 GMT
last-modified: Mon, 07 Oct 2024 04:02:51 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges: bytes
access-control-allow-origin: *
content-length: 220951
x-xss-protection: 0
server: sffe

GET
H2 200 1.gif
imgsct.cookiebot.com/ 35 B
479 B 33ms
31ms Image
image/gif 2600:1408:c400:389::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imgsct.cookiebot.com/1.gif?dgi=7029b9e8-6353-4e6a-a7ff-84ac8be1e142
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:c400:389::f09 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: *
x-goog-hash: crc32c=rX4K2g==, md5=whlt6LpBLGDCKrSRr3sUCQ==
etag: "c2196de8ba412c60c22ab491af7b1409"
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 35
date: Mon, 14 Oct 2024 06:37:10 GMT
last-modified: Mon, 23 Oct 2023 11:39:32 GMT
content-type: image/gif
x-guploader-uploadid: AHmUCY2iaqJUTLWSeE9ITzw96bRhfjT09_wmf_YUAhT8eLByE7Spi67kkp6SVuoySgcI6XopFl-FOe2-dw
cache-control: public,max-age=1800
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1698061172769999
content-length: 35
server: UploadServer

GET
H2 200 favicon-32x32_0.png
www.sangfor.com/sites/default/files/ 1 KB
2 KB 29ms
28ms Other
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/sites/default/files/favicon-32x32_0.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c30e4b76b88aba11e97e78e219d797b895179efbc93b99dc9d6c440c0511b505

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-75d6d4fb59-s9h46
fastly-io-info: ifsz=1320 idim=32x32 ifmt=png ofsz=1140 odim=32x32 ofmt=webp
etag: "jWAmTR2Ap7vCgaD2O9sKUfv5CW7fzlmW4/aPmY5PIB4"
age: 3481999
expires: Mon, 30 Jun 2025 05:09:01 GMT
x-cache: MISS, MISS, HIT, HIT
date: Mon, 14 Oct 2024 06:37:10 GMT
content-type: image/webp
x-served-by: cache-ams21079-AMS, cache-chi-kigq8000085-CHI, cache-chi-kigq8000110-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 398, 0
vary: Accept
fastly-stats: io=1
strict-transport-security: max-age=300
cache-control: max-age=31622400
x-timer: S1728887831.816148,VS0,VE1
x-styx-req-id: b2d36b57-35d5-11ef-92be-3697a1d76678
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 1140
fastly-io-served-by: vpop-kiad7010250
server: nginx

GET
H/1.1 200
OK livevalidation_standalone.compressed.js Show response
img06.en25.com/i/ 13 KB
14 KB 55ms
55ms Script
application/x-javascript 23.13.153.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://img06.en25.com/i/livevalidation_standalone.compressed.js

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.13.153.20 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-13-153-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

36ef1cf6246ce3d596a572d7b0e947a7088eefb1af6373f1a0669c9189a6728e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Robots-Tag: noindex, nofollow
Cache-Control: no-store
Pragma: no-cache
ETag: "32e442741dd4da1:0"
Connection: keep-alive
X-Content-Type-Options: nosniff
Expires: Mon, 14 Oct 2024 06:37:10 GMT
Accept-Ranges: bytes
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Length: 13723
X-XSS-Protection: 1; mode=block
Date: Mon, 14 Oct 2024 06:37:10 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 12 Jul 2024 05:36:33 GMT

GET
H/1.1 200
OK livevalidation_standalone.compressed.js Show response
img06.en25.com/i/ 13 KB
14 KB 40ms
40ms Script
application/x-javascript 23.13.153.20
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://img06.en25.com/i/livevalidation_standalone.compressed.js

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.13.153.20 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-13-153-20.deploy.static.akamaitechnologies.com

Software

Resource Hash

36ef1cf6246ce3d596a572d7b0e947a7088eefb1af6373f1a0669c9189a6728e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Robots-Tag: noindex, nofollow
Cache-Control: no-store
Pragma: no-cache
ETag: "32e442741dd4da1:0"
Connection: keep-alive
X-Content-Type-Options: nosniff
Expires: Mon, 14 Oct 2024 06:37:10 GMT
Accept-Ranges: bytes
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Length: 13723
X-XSS-Protection: 1; mode=block
Date: Mon, 14 Oct 2024 06:37:10 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 12 Jul 2024 05:36:33 GMT

GET
H2 200 eloqua.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/eloqua_js/ 5 KB
0 0ms
0ms Script
application/x-javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sangfor.com/themes/custom/sangfor/front-end/eloqua_js/eloqua.js
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 6fe067bf4e83889b5dc2d32f88835854a7e5ee95fec799ba1558a20cfb5e6f3a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-rkcnz
content-encoding: gzip
etag: W/"67091a90-1539"
age: 174098
expires: Mon, 13 Oct 2025 06:15:29 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript
last-modified: Fri, 11 Oct 2024 12:31:12 GMT
x-cache-hits: 18, 0, 0
x-served-by: cache-ams21033-AMS, cache-ewr-kewr1740076-EWR, cache-ewr-kewr1740021-EWR
vary: Accept-Encoding
cache-control: max-age=31622400
x-timer: S1728887828.079508,VS0,VE5
x-styx-req-id: 60f0c3e7-8861-11ef-b957-86ae226cd428
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 1856
server: nginx

GET
H/1.1 200
OK formsubmittoken Show response
s757079.t.eloqua.com/e/ 703 B
1 KB 475ms
216ms XHR
text/html 192.29.201.57
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://s757079.t.eloqua.com/e/formsubmittoken?elqSiteID=757079

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/themes/custom/sangfor/front-end/eloqua_js/eloqua.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

192.29.201.57 Amsterdam, Netherlands, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

Resource Hash

542059a8e32aefde36e9a4aabb94e6c14925613ddd1b5dd1b807afb18f6ee8a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Robots-Tag: noindex, nofollow
Cache-Control: no-store
Content-Encoding: gzip
Pragma: no-cache
X-Content-Type-Options: nosniff
Expires: -1
Access-Control-Allow-Origin: *
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Length: 575
X-Xss-Protection: 1; mode=block
Date: Mon, 14 Oct 2024 06:37:10 GMT
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding

GET
H2 200 HeroBanner.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/widgets/ 1 KB
0 0ms
0ms Script
application/x-javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/widgets/HeroBanner.js?v=2.7
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 7434fc40a30edaa357cb3873be0c68e0e6ac7bce734c4b3a458368d0865d9205

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-hh9nd
content-encoding: gzip
etag: W/"6709a3e0-435"
age: 174098
expires: Mon, 13 Oct 2025 06:15:29 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript
last-modified: Fri, 11 Oct 2024 22:17:04 GMT
x-cache-hits: 20, 0, 0
x-served-by: cache-ams21076-AMS, cache-ewr-kewr1740047-EWR, cache-ewr-kewr1740021-EWR
vary: Accept-Encoding
cache-control: max-age=31622400
x-timer: S1728887828.079463,VS0,VE5
x-styx-req-id: 60f0b52d-8861-11ef-8218-3208fd4d7f88
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 580
server: nginx

GET
H2 200 header.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/pages/ 5 KB
0 0ms
0ms Script
application/x-javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/pages/header.js?v=2.7
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 098fc51c00b27479bf9564ff913f642e836ac863b346c43819f09a80936ec0a5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-pcz5l
content-encoding: gzip
etag: W/"67091a90-141f"
age: 174098
expires: Mon, 13 Oct 2025 03:02:55 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript
last-modified: Fri, 11 Oct 2024 12:31:12 GMT
x-cache-hits: 39, 0, 0
x-served-by: cache-ams21026-AMS, cache-ewr-kewr1740041-EWR, cache-ewr-kewr1740021-EWR
vary: Accept-Encoding
cache-control: max-age=31622400
x-timer: S1728887828.079475,VS0,VE9
x-styx-req-id: 7a51d78c-8846-11ef-806f-86327059ab4c
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 1521
server: nginx

GET
H2 200 js_2KlXA4Z5El1IQFVPxDN1aX5mIoMSFWGv3vwsP77K9yk.js Show response
www.sangfor.com/sites/default/files/js/ 2 B
0 0ms
0ms Script
application/x-javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sangfor.com/sites/default/files/js/js_2KlXA4Z5El1IQFVPxDN1aX5mIoMSFWGv3vwsP77K9yk.js
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: d8a957038679125d4840554fc43375697e662283121561afdefc2c3fbecaf729

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-59f96d5596-5kz6f
content-encoding: gzip
etag: "66e3ad6a-2"
age: 174099
expires: Sun, 14 Sep 2025 03:11:40 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript
last-modified: Fri, 13 Sep 2024 03:11:38 GMT
x-cache-hits: 5, 0, 0
x-served-by: cache-ams21052-AMS, cache-ewr-kewr1740060-EWR, cache-ewr-kewr1740021-EWR
vary: Accept-Encoding
cache-control: max-age=31622400
x-timer: S1728887828.054155,VS0,VE6
x-styx-req-id: e516ec89-717d-11ef-904b-2a95c218e6a7
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 22
server: nginx

GET
H2 200 js_bzB0iLngivU62X37QpI6Gpz7k3EkyXaTOnQh7orgZbo.js Show response
www.sangfor.com/sites/default/files/js/ 96 KB
0 0ms
0ms Script
application/x-javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sangfor.com/sites/default/files/js/js_bzB0iLngivU62X37QpI6Gpz7k3EkyXaTOnQh7orgZbo.js
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 6f307488b9e08af53ad97dfb42923a1a9cfb937124c976933a7421ee8ae065ba

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5644f9474c-2sw7v
content-encoding: gzip
etag: W/"66f56a4c-17ec1"
age: 174099
expires: Thu, 02 Oct 2025 09:15:28 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript
last-modified: Thu, 26 Sep 2024 14:06:04 GMT
x-cache-hits: 0, 0, 0
x-served-by: cache-ams2100114-AMS, cache-ewr-kewr1740067-EWR, cache-ewr-kewr1740021-EWR
vary: Accept-Encoding
cache-control: max-age=31622400
x-timer: S1728887828.053392,VS0,VE6
x-styx-req-id: b37e08bb-7fd5-11ef-8cee-12ad23927ad3
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 38682
server: nginx

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 226 KB
0 0ms
0ms Script
application/x-javascript 2a03:2880:f003:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

48ba1993011db4834882d81b2153753437607292f704a6543d4466c0f6d1372a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'unsafe-inline' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'unsafe-inline' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=90, rtx=0, c=23, mss=1232, tbw=5677, tp=10, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: U7lVxx6ajLqLT8dVaVAcOLFuBkdfg8S3wOSsgqLmpukzTBzOFNlqUnIIZHLLe79+Yhi2hafoctZz2i4XP7pOUw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 59131
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
0 0ms
0ms Script
application/javascript 2600:1408:c400:5::17c7:3716
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:c400:5::17c7:3716 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: max-age=55810
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14628
date: Mon, 14 Oct 2024 06:37:08 GMT
last-modified: Thu, 22 Aug 2024 11:06:54 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/11481739312/ 5 KB
2 KB 53ms
53ms Script
text/javascript 2607:f8b0:4004:c1d::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1d::9a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9afd79d1ad4d894bc977e6fa8e6eb7a31a41e9c5d21b8c87fdba4515202533ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2474
date: Mon, 14 Oct 2024 06:37:11 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H3 200 /
www.google.com/pagead/1p-user-list/11481739312/ 42 B
64 B 44ms
44ms Image
image/gif 2607:f8b0:400d:c0b::93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/11481739312/?random=1728887828404&cv=11&fst=1728885600000&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9176098020za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&did=dMDhkMT&gdid=dMDhkMT&npa=0&us_privacy=1YNY&pscdl=noapi&auid=1967345616.1728887828&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config%3Bpage_placeholder%3DPLACEHOLDER_page_location&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfSZgzmBQVh3JTr9ijcOKrSs3c1h0IRzZd4qCWD-a0bY-ONTEe&random=2685638072&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0b::93 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 14 Oct 2024 06:37:11 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/658559639/ 5 KB
2 KB 54ms
51ms Script
text/javascript 2607:f8b0:4004:c1d::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1d::9a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

051c9e51deecfbb113807a3be756691b52e59279d2019e606f945d4ca6576cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2432
date: Mon, 14 Oct 2024 06:37:11 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H3 200 /
www.google.com/pagead/1p-user-list/658559639/ 42 B
64 B 42ms
42ms Image
image/gif 2607:f8b0:400d:c0b::93
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/658559639/?random=1728887828661&cv=11&fst=1728885600000&bg=ffffff&guid=ON&async=1&gtm=45be4a90v888876710z8834067541za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&npa=0&us_privacy=1YNY&pscdl=noapi&auid=1967345616.1728887828&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfoKu72TsLmoD4IsJlsgYNaPnO5V4zOgZZviYa9t3_y5gGm7Q1&random=3049482494&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c0b::93 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 14 Oct 2024 06:37:11 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 422012601626408 Show response
connect.facebook.net/signals/config/ 73 KB
0 0ms
0ms Script
application/x-javascript 2a03:2880:f003:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d478514d87108ae2bd2bad44e2d1e6f8f70c35aa7b9fac92591f939fa16449af

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'unsafe-inline' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'unsafe-inline' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=95, rtx=0, c=74, mss=1232, tbw=68445, tp=63, tpl=0, uplat=86, ullat=0
pragma: public
x-fb-debug: leQuDNaR/l6ngx+SNt+D207uxeCnq9Vob2k1UCvyhUBAiGYjrlYFcLc2zIMZL2C8ee6l6DxCmn+i/8BWBQZ/rw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H/1.1 200
OK formsubmittoken Show response
s757079.t.eloqua.com/e/ 703 B
1 KB 403ms
135ms XHR
text/html 192.29.201.57
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://s757079.t.eloqua.com/e/formsubmittoken?elqSiteID=757079

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

192.29.201.57 Amsterdam, Netherlands, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

Resource Hash

1850a20e5902e53c0a71cda7279da39593a5f9db540175118e4e7d8a59ea8482

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Robots-Tag: noindex, nofollow
Cache-Control: no-store
Content-Encoding: gzip
Pragma: no-cache
X-Content-Type-Options: nosniff
Expires: -1
Access-Control-Allow-Origin: *
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Length: 577
X-Xss-Protection: 1; mode=block
Date: Mon, 14 Oct 2024 06:37:10 GMT
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding

GET
H2 200 runtime.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/ 3 KB
0 0ms
0ms Script
application/x-javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/runtime.js?v=2.7
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 41a49f5e2794f7440f5a4cca9a3384eeec0505922b2f21b6dfd1299bc275ef95

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-hh9nd
content-encoding: gzip
etag: W/"6709a3e0-cec"
age: 174138
expires: Mon, 13 Oct 2025 03:02:56 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript
last-modified: Fri, 11 Oct 2024 22:17:04 GMT
x-cache-hits: 39, 0, 0
x-served-by: cache-ams21081-AMS, cache-ewr-kewr1740060-EWR, cache-ewr-kewr1740021-EWR
vary: Accept-Encoding
cache-control: max-age=31622400
x-timer: S1728887828.079397,VS0,VE4
x-styx-req-id: 7b07f24a-8846-11ef-8218-3208fd4d7f88
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 1750
server: nginx

GET
H2 200 main.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/ 3 KB
0 0ms
0ms Script
application/x-javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/main.js?v=2.7
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 873798cf5a9cc4cd81e7fc20017683455be4e1bbf14553aa56182e1f05a6bfd5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-pcz5l
content-encoding: gzip
etag: W/"67091a90-b65"
age: 174098
expires: Sun, 12 Oct 2025 12:40:58 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript
last-modified: Fri, 11 Oct 2024 12:31:12 GMT
x-cache-hits: 38, 0, 0
x-served-by: cache-ams2100147-AMS, cache-ewr-kewr1740057-EWR, cache-ewr-kewr1740021-EWR
vary: Accept-Encoding
cache-control: max-age=31622400
x-timer: S1728887828.079359,VS0,VE7
x-styx-req-id: 10bff563-87ce-11ef-806f-86327059ab4c
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 1010
server: nginx

GET
H2 200 vendor-main.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/ 418 KB
0 0ms
0ms Script
application/x-javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/vendor-main.js?v=2.7
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 125917e83a2fdc404792d691b5f572c72408a1fbc6bea8c8c5ea76efc952f8b5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-j2fs9
content-encoding: gzip
etag: W/"67093249-689f2"
age: 174099
expires: Mon, 13 Oct 2025 06:15:29 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript
last-modified: Fri, 11 Oct 2024 14:12:25 GMT
x-cache-hits: 0, 0, 0
x-served-by: cache-ams21079-AMS, cache-ewr-kewr1740052-EWR, cache-ewr-kewr1740021-EWR
vary: Accept-Encoding
cache-control: max-age=31622400
x-timer: S1728887828.081030,VS0,VE4
x-styx-req-id: 60f1bea2-8861-11ef-b947-c6e297b52812
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 148414
server: nginx

GET
H2 200 footer.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/pages/ 12 KB
0 0ms
0ms Script
application/x-javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/pages/footer.js?v=2.7
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 5e6e5066c2153c8e15f1bb3051b8dfd7dfd1e5b947a80e0ec16c266b5ab50369

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-wzbxl
content-encoding: gzip
etag: W/"67093249-2f05"
age: 174138
expires: Mon, 13 Oct 2025 03:05:34 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript
last-modified: Fri, 11 Oct 2024 14:12:25 GMT
x-cache-hits: 34, 0, 0
x-served-by: cache-ams2100104-AMS, cache-ewr-kewr1740041-EWR, cache-ewr-kewr1740021-EWR
vary: Accept-Encoding
cache-control: max-age=31622400
x-timer: S1728887828.080710,VS0,VE7
x-styx-req-id: d8fbb66b-8846-11ef-b87b-7eaec3dbcd23
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 4485
server: nginx

GET
H2 200 / Show response
ipapi.co/json/ 781 B
939 B 331ms
188ms Fetch
application/json 2606:4700:20::681a:92c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ipapi.co/json/

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/pages/footer.js?v=2.7

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:20::681a:92c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9454112bb3ddb92fc3d1131a0b9cf8312c7399fc69d433dc4d33ae75cd34c746

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: same-origin
cf-cache-status: DYNAMIC
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z9wvyvHa%2FVW0n5KbI%2B36pMSPYyuRe9CRMGNaltcYPUOQZE8eXP%2F%2FL%2BV447EYsqIAhXCsb2QtA%2Fph3Rc5pgdoPWUlB4HbiXfI94gBcPyUixOJBjjyDu4cPYiKtkIYOIgy%2BLbfsQTk"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
allow: OPTIONS, POST, GET, OPTIONS, HEAD
cf-ray: 8d258f32edf342a5-EWR
referrer-policy: same-origin
access-control-allow-origin: https://www.sangfor.com
date: Mon, 14 Oct 2024 06:37:11 GMT
content-type: application/json
vary: Host, origin
server: cloudflare
x-frame-options: DENY

GET
H2 200 article.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/widgets/ 17 KB
0 1ms
1ms Script
application/x-javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/widgets/article.js?v=2.7
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 14054a79120f273f1fe554b4d62296e779e36fa70da6f9a159919b533b808443

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-pcz5l
content-encoding: gzip
etag: W/"6709c64a-42c0"
age: 174098
expires: Mon, 13 Oct 2025 03:07:30 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript
last-modified: Sat, 12 Oct 2024 00:43:54 GMT
x-cache-hits: 25, 0, 0
x-served-by: cache-ams21060-AMS, cache-ewr-kewr1740029-EWR, cache-ewr-kewr1740021-EWR
vary: Accept-Encoding
cache-control: max-age=31622400
x-timer: S1728887828.080698,VS0,VE6
x-styx-req-id: 1e4e12e6-8847-11ef-806f-86327059ab4c
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 5707
server: nginx

GET
H2 200 New%20RCRU64%20Ransomware%20Variant18132.jpg
www.sangfor.com/sites/default/files/inline-images/ 67 KB
0 0ms
0ms Image
image/webp 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant18132.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: eafbdcc4eab9ccd535cebb16f2f960eecc341496cc3edede446bf5d90321660b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-59f96d5596-qrghr
fastly-io-info: ifsz=110828 idim=831x355 ifmt=jpeg ofsz=68464 odim=831x355 ofmt=webp
etag: "jCs1QW0BsNX9awyoU5s8yLfnIGSxvWr/qlWl4SWlAXo"
age: 1098226
expires: Wed, 24 Sep 2025 09:54:37 GMT
x-cache: MISS, HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: image/webp
x-served-by: cache-ams2100117-AMS, cache-chi-klot8100155-CHI, cache-chi-kigq8000160-CHI, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 9, 0
vary: Accept
fastly-stats: io=1
cache-control: max-age=31622400
x-timer: S1728887828.079848,VS0,VE18
x-styx-req-id: d857f080-7991-11ef-9d35-86258012481b
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 68464
fastly-io-served-by: vpop-kiad7010210
server: nginx

GET
H2 200 alpine.js Show response
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/vendor/ 38 KB
0 1ms
1ms Script
application/x-javascript 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/vendor/alpine.js?v=2.7
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 01b80650d5df17eac7605ba1d5feac89fdba2a6496ceedf58ba0eb3ee5d8dbe9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-d-5c8cd649cb-mqsgn
content-encoding: gzip
etag: W/"67091a90-9658"
age: 174098
expires: Mon, 13 Oct 2025 03:05:33 GMT
x-cache: HIT, HIT, MISS
date: Mon, 14 Oct 2024 06:37:08 GMT
content-type: application/x-javascript
last-modified: Fri, 11 Oct 2024 12:31:12 GMT
x-cache-hits: 34, 0, 0
x-served-by: cache-ams21077-AMS, cache-ewr-kewr1740044-EWR, cache-ewr-kewr1740021-EWR
vary: Accept-Encoding
cache-control: max-age=31622400
x-timer: S1728887828.080690,VS0,VE5
x-styx-req-id: d8ac922e-8846-11ef-bce7-5a768933f673
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 16064
server: nginx

GET
H2 200 token Show response
www.sangfor.com/session/ 43 B
539 B 193ms
193ms Fetch
text/plain 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/session/token

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/widgets/article.js?v=2.7

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

68ab3d20c2159fde1519e59420360ad301c07d75df2457b9b749b9db7f89b572

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-hh9nd
content-encoding: gzip
age: 0
x-content-type-options: nosniff
x-generator: Drupal 9 (https://www.drupal.org)
expires: Sun, 19 Nov 1978 05:00:00 GMT
x-cache: MISS, MISS, MISS
x-ua-compatible: IE=edge
date: Mon, 14 Oct 2024 06:37:11 GMT
content-type: text/plain; charset=UTF-8
x-served-by: cache-ams21023-AMS, cache-ewr-kewr1740047-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=300
vary: Accept-Encoding
cache-control: must-revalidate, no-cache, private
x-timer: S1728887831.386128,VS0,VE148
x-styx-req-id: bdfec9e7-89f6-11ef-8218-3208fd4d7f88
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
permissions-policy: interest-cohort=()
accept-ranges: bytes
content-length: 63
content-language: en
server: nginx

POST
H2 200 statistics.php Show response
www.sangfor.com/core/modules/statistics/ 0
270 B 180ms
179ms XHR
text/html 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sangfor.com/core/modules/statistics/statistics.php

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/sites/default/files/js/js_bzB0iLngivU62X37QpI6Gpz7k3EkyXaTOnQh7orgZbo.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

x-pantheon-styx-hostname: styx-fe1fe2-c-fcdfb5d99-rkcnz
content-encoding: gzip
age: 0
x-cache: MISS, MISS, MISS
date: Mon, 14 Oct 2024 06:37:12 GMT
content-type: text/html; charset=UTF-8
x-served-by: cache-ams21053-AMS, cache-ewr-kewr1740021-EWR, cache-ewr-kewr1740021-EWR
x-cache-hits: 0, 0, 0
vary: Accept-Encoding, Cookie, Cookie
strict-transport-security: max-age=300
x-timer: S1728887832.396689,VS0,VE151
x-styx-req-id: be9e7c7b-89f6-11ef-b957-86ae226cd428
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 20
server: nginx

GET
H/1.1 200
OK elqCfg.min.js Show response
images.sangfor.com/i/ 6 KB
3 KB 1029ms
729ms Script
application/x-javascript 23.212.251.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://images.sangfor.com/i/elqCfg.min.js

Requested by

Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.212.251.218 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-212-251-218.deploy.static.akamaitechnologies.com

Software

Resource Hash

3346de8e2ae1bfde250c7ac5c06f79a0a60c7faef8e5e08a2c9e8fbf5ec2c9e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
ETag: "5fbd42741dd4da1:0"
X-Content-Type-Options: nosniff
Expires: Mon, 14 Oct 2024 06:37:13 GMT
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Date: Mon, 14 Oct 2024 06:37:13 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 12 Jul 2024 05:36:33 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Cache-Control: no-store
Pragma: no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2183
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK v1_wzqpkpwvuopibcld.js Show response
wa.arounddeal.com/wv/ 960 B
884 B 478ms
97ms Script
text/html 69.164.193.241
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://wa.arounddeal.com/wv/v1_wzqpkpwvuopibcld.js
Requested by: Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.164.193.241 Richardson, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: 69-164-193-241.ip.linodeusercontent.com
Software: nginx/1.22.1 / PHP/8.0.30
Resource Hash: 6429cc091657f28263cd4c1d129eba97e8f1abccdc40a488d7ffb70a7146f7c5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sangfor.com/

Response headers

Transfer-Encoding: chunked
Cache-Control: no-cache
Content-Encoding: gzip
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS, GET, POST, OPTIONS
Access-Control-Allow-Origin: *, *
Date: Mon, 14 Oct 2024 06:37:12 GMT
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Server: nginx/1.22.1
X-Powered-By: PHP/8.0.30

POST
H/1.1 200
OK / Show response
wa.arounddeal.com/wa/ 1 B
357 B 141ms
141ms XHR
text/html 69.164.193.241
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://wa.arounddeal.com/wa/
Requested by: Host: wa.arounddeal.com
URL: https://wa.arounddeal.com/wv/v1_wzqpkpwvuopibcld.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.164.193.241 Richardson, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: 69-164-193-241.ip.linodeusercontent.com
Software: nginx/1.22.1 / PHP/8.0.30
Resource Hash: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-type: application/json; charset=UTF-8
Referer: https://www.sangfor.com/

Response headers

Transfer-Encoding: chunked
Content-Encoding: gzip
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Date: Mon, 14 Oct 2024 06:37:13 GMT
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Server: nginx/1.22.1
X-Powered-By: PHP/8.0.30

POST
H/1.1 200
OK / Show response
wa.arounddeal.com/wa/ 1 B
357 B 139ms
137ms XHR
text/html 69.164.193.241
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://wa.arounddeal.com/wa/
Requested by: Host: wa.arounddeal.com
URL: https://wa.arounddeal.com/wv/v1_wzqpkpwvuopibcld.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.164.193.241 Richardson, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: 69-164-193-241.ip.linodeusercontent.com
Software: nginx/1.22.1 / PHP/8.0.30
Resource Hash: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-type: application/json; charset=UTF-8
Referer: https://www.sangfor.com/

Response headers

Transfer-Encoding: chunked
Content-Encoding: gzip
Connection: keep-alive
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Date: Mon, 14 Oct 2024 06:37:13 GMT
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Server: nginx/1.22.1
X-Powered-By: PHP/8.0.30

OPTIONS
H/1.1 204
No Content /
wa.arounddeal.com/wa/ Frame 0
0 241ms
98ms Preflight
text/plain 69.164.193.241
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://wa.arounddeal.com/wa/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.164.193.241 Richardson, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: 69-164-193-241.ip.linodeusercontent.com
Software: nginx/1.22.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.sangfor.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: DNT, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Range
Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 1728000
Connection: keep-alive
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Mon, 14 Oct 2024 06:37:13 GMT
Server: nginx/1.22.1

OPTIONS
H/1.1 204
No Content /
wa.arounddeal.com/wa/ Frame 0
0 246ms
102ms Preflight
text/plain 69.164.193.241
AKAMAI-LINODE-AP ...

General

Check archive.org

Show headers Download Go to

Full URL: https://wa.arounddeal.com/wa/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 69.164.193.241 Richardson, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS: 69-164-193-241.ip.linodeusercontent.com
Software: nginx/1.22.1 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.sangfor.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: DNT, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Range
Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 1728000
Connection: keep-alive
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Mon, 14 Oct 2024 06:37:13 GMT
Server: nginx/1.22.1

GET svrGP
s757079.t.eloqua.com/visitor/v200/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: td.doubleclick.net
URL: https://td.doubleclick.net/td/rul/11481739312?random=1728887828404&cv=11&fst=1728887828404&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9176098020za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&did=dMDhkMT&gdid=dMDhkMT&npa=0&us_privacy=1YNY&pscdl=noapi&auid=1967345616.1728887828&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config%3Bpage_placeholder%3DPLACEHOLDER_page_location

Domain: td.doubleclick.net
URL: https://td.doubleclick.net/td/ga/rul?tid=G-21N5DLV7PF&gacid=1552816344.1728887829&gtm=45je4a90v894187644za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101671035~101686685&z=197380221

Domain: td.doubleclick.net
URL: https://td.doubleclick.net/td/rul/658559639?random=1728887828661&cv=11&fst=1728887828661&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v888876710z8834067541za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&npa=0&us_privacy=1YNY&pscdl=noapi&auid=1967345616.1728887828&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config

Domain: td.doubleclick.net
URL: https://td.doubleclick.net/td/ga/rul?tid=G-SS797RGCZV&gacid=1552816344.1728887829&gtm=45be4a90v888876710z8834067541za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101671035~101686685&z=732667535

Domain: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LczTogeAAAAAA5eA9bXICZ0-6LDyr2C5kFjBakY&co=aHR0cHM6Ly93d3cuc2FuZ2Zvci5jb206NDQz&hl=en&v=aR-zv8WjtWx4lAw-tRCA-zca&size=invisible&cb=u876f7rjp4sl

Domain: s757079.t.eloqua.com
URL: https://s757079.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=757079&ref2=elqNone&tzo=600&ms=422&optin=disabled

Verdicts & Comments Add Verdict or Comment

95 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.sangfor.com/	1970-01-21 02:24:23	Name: _gcl_au Value: 1.1.1967345616.1728887828
.sangfor.com/	1970-01-21 09:50:47	Name: _ga_21N5DLV7PF Value: GS1.1.1728887828.1.0.1728887828.60.0.0
.sangfor.com/	1970-01-21 00:16:14	Name: _gid Value: GA1.2.868717447.1728887829
.sangfor.com/	1970-01-21 00:14:47	Name: _gat_gtag_UA_15510522_1 Value: 1
.sangfor.com/	1970-01-21 09:50:47	Name: _ga_SS797RGCZV Value: GS1.1.1728887828.1.0.1728887828.60.0.0
.sangfor.com/	1970-01-21 09:50:47	Name: _ga Value: GA1.1.1552816344.1728887829
.sangfor.com/	1970-01-21 09:50:47	Name: _ga_NP5KMJMZXN Value: GS1.1.1728887828.1.0.1728887828.0.0.0
.sangfor.com/	1970-01-21 02:24:23	Name: _fbp Value: fb.1.1728887829012.54625023860543207
.linkedin.com/	1970-01-21 02:24:23	Name: li_sugr Value: 8058ed60-ab07-4a70-9a2f-90510b9fe779
.linkedin.com/	1970-01-21 09:00:23	Name: bcookie Value: "v=2&50c02328-d8ca-4579-8bde-5daa77945b06"
.linkedin.com/	1970-01-21 00:16:14	Name: lidc Value: "b=TGST07:s=T:r=T:a=T:p=T:g=2956:u=1:x=1:i=1728887829:t=1728974229:v=2:sig=AQG0telCIHWRZrNaOXprPMr6SVOS6C5v"
.linkedin.com/	1970-01-21 00:57:59	Name: UserMatchHistory Value: AQIYxEFax01B3QAAAZKJvrKU_-ZWYG586KRHeyJRjIqbRaKILdURK4IS7gAohfwszzaTVyV-56Cj3Q
.linkedin.com/	1970-01-21 00:57:59	Name: AnalyticsSyncHistory Value: AQJgxx58cANTwAAAAZKJvrKU6EHFHMNSb3Wz3KAOdpGNBTT8Ps2nQoHACDOi9VuMhbrQmQBok5_PP1HHl2M1jw
.www.linkedin.com/	1970-01-21 09:00:23	Name: bscookie Value: "v=1&20241014063709e23314ac-9aa4-4a9c-820d-50fb440a3c71AQFkBZVHpGaq5LhW_hE2ltwO_MXBIuel"
.doubleclick.net/	1970-01-21 09:50:47	Name: IDE Value: AHWqTUms7HxVT-DgQPkLIzFJGs4NHzJfqaOtQJqHehLXbRG2t-ooy7B2hPes-sWJ

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
connect.facebook.net
consent.cookiebot.com
consentcdn.cookiebot.com
download.sangfor.com.cn
googleads.g.doubleclick.net
images.sangfor.com
img06.en25.com
imgsct.cookiebot.com
ipapi.co
px.ads.linkedin.com
px4.ads.linkedin.com
s757079.t.eloqua.com
snap.licdn.com
stats.g.doubleclick.net
td.doubleclick.net
unpkg.com
wa.arounddeal.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.sangfor.com
s757079.t.eloqua.com
td.doubleclick.net
www.google.com
13.107.42.14
192.29.201.57
2001:4860:4802:38::181
23.13.153.20
23.212.251.218
2600:1408:c400:16::17d4:f805
2600:1408:c400:389::f09
2600:1408:c400:5::17c7:3716
2606:4700:20::681a:92c
2606:4700::6811:f5cb
2607:3f40:ff08::7ff
2607:f8b0:4004:c1b::9c
2607:f8b0:4004:c1d::9a
2607:f8b0:400d:c0b::66
2607:f8b0:400d:c0b::69
2607:f8b0:400d:c0b::93
2607:f8b0:400d:c0d::61
2607:f8b0:400d:c0e::9a
2607:f8b0:400d:c0f::5e
2620:1ec:21::14
2a03:2880:f003:100:face:b00c:0:3
2a03:2880:f103:83:face:b00c:0:25de
2a04:4e42:400::645
69.164.193.241
01b80650d5df17eac7605ba1d5feac89fdba2a6496ceedf58ba0eb3ee5d8dbe9
051c9e51deecfbb113807a3be756691b52e59279d2019e606f945d4ca6576cbc
098fc51c00b27479bf9564ff913f642e836ac863b346c43819f09a80936ec0a5
0e7be44c483765ba40bdb8fb79142f703593f411ec138f8c258b025c46c583c0
125917e83a2fdc404792d691b5f572c72408a1fbc6bea8c8c5ea76efc952f8b5
134c71e05c2550194cb5336c0eee6c75b310e7fdc07c5f335d74be5b86f6a8b5
14054a79120f273f1fe554b4d62296e779e36fa70da6f9a159919b533b808443
1419f43d240049ef0b962f7d84526f0b41e4fd3c5376f21e75fc195895a203d4
1850a20e5902e53c0a71cda7279da39593a5f9db540175118e4e7d8a59ea8482
19ba61e585dc696f1222273bb4dea2f9ea0475e7e587fc41f09a9f6a5d0100e6
1ab18b6349502e2ff94ae18400f17f3e453a7f14dd3ba45f88751e78ddc47a0b
1c04a80bf1f07f432ebf3f677b015e854b58efd124649588ea04f136e3eb3554
1dae51845d58e1f038ca809955fa1f4a3b2114a05d9071a06ffe5f3e2d2dc816
221f8c9253e16004a0fc662867a8c9ca2f8626ee34643314be21511b500fd35d
22c2033df0cf6028b91f63121567a2b836fdd7e6ba1b89808c549c75414746ae
23e4d60cfac088ba6eb24b76c0726eec2077c2f164c17f4e9906f43c3ac4d4ca
2632350150729e5432013ca98c01588c89c707f4dcf359076ce8b90cbf369dc3
284aa1609b16851463de01ab149eb88b09375632c13713e662e0830abddf8bec
2ef14706d7ea03c01ea58bc28980cd3c345b2814e38d9fa9051d3cccf245bbd8
300e0a19f0415d8cbbb83d10272bc792632f48175d9be777937bee14825e419b
30843462ee19ff85eb7baced3273d98dc442b14593ab1623698795b0d36136f6
30b0f26470c915ef09c50d127690c860685641df1f66409f0aec3d260186d388
3346de8e2ae1bfde250c7ac5c06f79a0a60c7faef8e5e08a2c9e8fbf5ec2c9e8
36ca976922a5bc02835846fc4b6243e2f110320afe24279c3dc022d4df3c24a6
36ef1cf6246ce3d596a572d7b0e947a7088eefb1af6373f1a0669c9189a6728e
3c3b0fdb91418f8c6538ec2a686c6d49b619494effc576611c2ccdb1440e7b2b
41a49f5e2794f7440f5a4cca9a3384eeec0505922b2f21b6dfd1299bc275ef95
42fcc2e1fa91f2656f4fe39ab0ce936e6358d9ea1a3847baa4abaeb30fc6340e
43a82cd8f2c063b414db0ad551d1c7a2ec384f4347d300609e5b490b4c8c40a1
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
48ba1993011db4834882d81b2153753437607292f704a6543d4466c0f6d1372a
4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da
4ef8764b15fc01e7dab43f9b379996e763ecee58df1115f69142d4db17194cbd
542059a8e32aefde36e9a4aabb94e6c14925613ddd1b5dd1b807afb18f6ee8a8
5a399207c12d45df8892cffc11528a6666e85d182999f90c97f654c1f7b4d5b5
5b34b175179a2b7207902dfb82f3bd5ddcecffed15372771abc7ac81941a89a6
5b63874935b493559810133aff35028591cd64ce758994e710d8347a4b0d401d
5e6e5066c2153c8e15f1bb3051b8dfd7dfd1e5b947a80e0ec16c266b5ab50369
5f75bfbfbf0c7cac2c87d6ca5de0661aedc188b0900b6cef5efbaea134b53302
60df6999405b8e3907c141cf4fb76812e272d0890b9e759ea66d1343cfaa20dd
6429cc091657f28263cd4c1d129eba97e8f1abccdc40a488d7ffb70a7146f7c5
65caebd5a0a65049f5509277b50ec0b57e5b087c08ca8ba7c65e2a4643f7a08a
6737f2f0ac1fb89f6a3f645062d8f504cd5f78fefff2be86ae82bc544de8fa24
6879f6200421154baabd4682320d1a1ff600830520ff73697f61c1c8759a6a3f
68ab3d20c2159fde1519e59420360ad301c07d75df2457b9b749b9db7f89b572
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6e8ea35cfdff4770e3e0d3c98e9e78f8818f4c5f44561274dca027fd1e3fe41b
6f307488b9e08af53ad97dfb42923a1a9cfb937124c976933a7421ee8ae065ba
6fbbf1e444fd365c5c0d4c96461eee486e5a33784b3f199d92fe69567e932770
6fe067bf4e83889b5dc2d32f88835854a7e5ee95fec799ba1558a20cfb5e6f3a
71c4d85ab6e7bd8471cb0bed91b04311f338dddd2aa3827f0c4790e8b7b53d0e
7236974403f4de92b57dad0062fc9b7640731caf5b4319675cebfe47390e7082
7434fc40a30edaa357cb3873be0c68e0e6ac7bce734c4b3a458368d0865d9205
76383787d84ba9588f39fa845cfd80b0d645719f3f9ac32be4fc92b18b1d148c
8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979
818f9cbde752ad72e51413c9230dd1526c1f6ea916c034d597d551ce979f831f
82254875473203cbd5e10c02ca9677baf7ab978a518f6b1cc6acc7a8b1872b63
83bd6fedd1fe68e130019dcc9ac407bc349c9f6f36874716c7e73be94dc9e462
873798cf5a9cc4cd81e7fc20017683455be4e1bbf14553aa56182e1f05a6bfd5
8c861ea0c6c43eb8839b5dcbb171bc584c342268fcb203ab9c45d339fd7f400e
90473a1a619e183dde264afd0632ecbaa69a98ce8a4ed8be947417e47a666670
9454112bb3ddb92fc3d1131a0b9cf8312c7399fc69d433dc4d33ae75cd34c746
9521d52a5d391974ca8ce810fdee73bb5e87e6c2d92638d81c5a2ee01711cffb
970cfbb5d95a7f46ad5ecf330447a96d40afb93b84e652f5c98cb4aadf5048bb
98725c392741143e9beb6712d5a165f2e7d08725b75ec57b0da55465e75be4da
9afd79d1ad4d894bc977e6fa8e6eb7a31a41e9c5d21b8c87fdba4515202533ea
9e337c7f8bc51113fb2f0eb2585f03a7b3b0588f3661a2f51c4025d4b17d2a40
a8342a4c16e3fddd19edb61bdf17e984a875a520d408e9ff24f989d8ee4b4021
a9794eb161a19e97283a6b27ad43932837f5638f85a3cf08cec9ef6a9cd9c721
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
aac00b0dd1b83a91bb40a96104b60a1a76bbf7887ecdc78f824a751533f8d9f6
acc56b2df173f77e03fbd422205fa16c2067e01f996313c37d301146f12d67cf
b30b70e2067e407e427ac15a978091acb030d9b2db360ea2a3ce3eec6ef474e5
bc58caa4613d0c671ee8347e5925bcf6022f662ac917a845f1227e46c5fb6979
c0db478481c2f2dd767a0b11d2407e6466f3a833c14b219bc1311089b5e51ac9
c30e4b76b88aba11e97e78e219d797b895179efbc93b99dc9d6c440c0511b505
c7e56b6438ce7b0803d9c06b7ee1c8ce6db280dac58e0f8f56490336c2bec194
c8159ad6bb4d0a09d41a0bee72d4c486b2cc7ceffaa82f9c098ec9240a03da28
cc639c62a725f411cbfa123171585ae887e67acbfc7cec1aadb033eeb4c998a1
cedb71958c703923a2df24aff20e6250b7d506e60c5f8931f5f4a82ff3f8cef4
d19d0a77d9895780fe41eb1b9bc0e086f513cbec51c97a3d74fd245be5d2ea68
d478514d87108ae2bd2bad44e2d1e6f8f70c35aa7b9fac92591f939fa16449af
d8a957038679125d4840554fc43375697e662283121561afdefc2c3fbecaf729
dd33484b1c193c68f5616a406865d1754ca67353899a46ce65400470a7dd084c
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e96f4f4298c7d1a94f2fd78ad214ecc6bdfbc7632c1e4927e8c32b29914fdaed
eafbdcc4eab9ccd535cebb16f2f960eecc341496cc3edede446bf5d90321660b
eb2d6259ac2f866deac13948fab57b7c3b59625d11561b2cd39941da98e9ffb1
ebaccbb59ffac8f54448f61dae2a3cca80036be36348f2e116d25056d83a7e76
ec1637554b155c6bec0d5c076d76866f2e584c17d2dbd4c55f7cc13c6477b210
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
effa68298eeabf7434140c33108e997e9ac91a3d03d81398cdf471172ee50a7c
f66f3eb40dc841ff138652d06134d9532130782bf247dd3c4e0d1709b29839f6
f7ec5d37f5deb02a98d039ab265e68de620420bc74ac0f64e2d3bd2788e9751e
fbb8fad500a2857ce80ec8fb10d2d9bcf96becf86d9cbafad061aceae07c2f53
fe32d73e471032dfa34593cc106238ecbf6b7bd859eb13256fd00bacb32da0dc

www.sangfor.com Open in urlscan Pro 2a04:4e42:400::645 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

142 Requests

95 %HTTPS

79 %IPv6

17 Domains

25 Subdomains

25 IPs

3 Countries

2674 kBTransfer

7147 kBSize

15 Cookies

40 Outgoing links

Redirected requests

142 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.sangfor.com Open in urlscan Pro
2a04:4e42:400::645 Public Scan

Screenshot
Live screenshot

Full Image

142
Requests

95 %
HTTPS

79 %
IPv6

17
Domains

25
Subdomains

25
IPs

3
Countries

2674 kB
Transfer

7147 kB
Size

15
Cookies

142 HTTP transactions
3 data transactions