cymulate.com Open in urlscan Pro
2606:4700:10::6816:4f1 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/
Submission: On September 24 via api (September 24th 2024, 10:00:27 pm UTC) from LU — Scanned from DE

Summary HTTP 153 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 49 IPs in 6 countries across 42 domains to perform 153 HTTP transactions. The main IP is 2606:4700:10::6816:4f1, located in United States and belongs to CLOUDFLARENET, US. The main domain is cymulate.com. The Cisco Umbrella rank of the primary domain is 212300.
TLS certificate: Issued by WE1 on September 15th 2024. Valid for: 3 months.

This is the only time cymulate.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
47	2606:4700:10:... 2606:4700:10::6816:4f1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	3.160.150.83 3.160.150.83	16509 (AMAZON-02) (AMAZON-02)
8	2606:4700:440... 2606:4700:4400::ac40:97a6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:8d77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:81d::2008	15169 (GOOGLE) (GOOGLE)
1	2600:9000:211... 2600:9000:211e:4600:1d:57a9:200:93a1	16509 (AMAZON-02) (AMAZON-02)
2	4.158.108.63 4.158.108.63	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:4700:440... 2606:4700:4400::ac40:9923	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:8bd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	34.96.102.137 34.96.102.137	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:4700:440... 2606:4700:4400::ac40:9b77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:752b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.74.152 172.67.74.152	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.245.46.89 18.245.46.89	16509 (AMAZON-02) (AMAZON-02)
5	2606:4700:20:... 2606:4700:20::681a:c5f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2.17.100.210 2.17.100.210	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a02:26f0:350... 2a02:26f0:3500:10::210:a99	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	199.232.188.157 199.232.188.157	54113 (FASTLY) (FASTLY)
3	23.35.237.86 23.35.237.86	16625 (AKAMAI-AS) (AKAMAI-AS)
1	18.244.18.7 18.244.18.7	16509 (AMAZON-02) (AMAZON-02)
4	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1 1	2606:4700:20:... 2606:4700:20::ac43:4549	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2606:4700:20:... 2606:4700:20::681a:932	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	162.159.152.17 162.159.152.17	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a05:d018:56f... 2a05:d018:56f:b800:f42c:e894:1fb0:3740	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:8c11	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:9310	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:80ac	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:a0a8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:911d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.96.71.22 34.96.71.22	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	35.244.174.68 35.244.174.68	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	18.66.102.75 18.66.102.75	16509 (AMAZON-02) (AMAZON-02)
1	52.20.195.32 52.20.195.32	14618 (AMAZON-AES) (AMAZON-AES)
2	70.42.32.31 70.42.32.31	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	162.159.140.229 162.159.140.229	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
12	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2600:9000:272... 2600:9000:2724:b000:1d:8d6d:3b40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:470... 2a02:26f0:4700::17d4:6ea8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6812:f26c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6813:afbc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	13.248.142.121 13.248.142.121	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:20:... 2606:4700:20::681a:832	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
153	49

47 2606:4700:10::6816:4f1 (United States)

ASN13335 (CLOUDFLARENET, US)

cymulate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.160.150.83 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-160-150-83.fra60.r.cloudfront.net

static.mobilemonkey.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:4400::ac40:97a6 (United States)

ASN13335 (CLOUDFLARENET, US)

cookie-cdn.cookiepro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:8d77 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:81d::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:211e:4600:1d:57a9:200:93a1 (United States)

ASN16509 (AMAZON-02, US)

euob.roundprinceforest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 4.158.108.63 (London, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

secure.leadforensics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9923 (United States)

ASN13335 (CLOUDFLARENET, US)

www.gartner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:8bd1 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:752b (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.74.152 (United States)

ASN13335 (CLOUDFLARENET, US)

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.245.46.89 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-46-89.fra56.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:20::681a:c5f (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.equalweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2.17.100.210 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-210.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:10::210:a99 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.188.157 (Munich, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.35.237.86 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-237-86.deploy.static.akamaitechnologies.com

amplify.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wave.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.244.18.7 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-244-18-7.fra56.r.cloudfront.net

static.oktopost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4549 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.remarketstats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:932 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.clickcertain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.159.152.17 (None, )

ASN13335 (CLOUDFLARENET, US)

q.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a05:d018:56f:b800:f42c:e894:1fb0:3740 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

obseu.roundprinceforest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:8c11 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9310 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:80ac (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a0a8 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:911d (United States)

ASN13335 (CLOUDFLARENET, US)

metadata-static-files.sfo2.cdn.digitaloceanspaces.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.71.22 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 22.71.96.34.bc.googleusercontent.com

s.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.102.75 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-75.fra56.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.20.195.32 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-20-195-32.compute-1.amazonaws.com

okt.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 70.42.32.31 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

tr.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.159.140.229 (None, )

ASN13335 (CLOUDFLARENET, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2724:b000:1d:8d6d:3b40:93a1 (United States)

ASN16509 (AMAZON-02, US)

tag-logger.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:4700::17d4:6ea8 (Prague, Czech Republic)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:f26c (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:afbc (United States)

ASN13335 (CLOUDFLARENET, US)

perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.142.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: ac3ff6aafb2cddae2.awsglobalaccelerator.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:832 (United States)

ASN13335 (CLOUDFLARENET, US)

a.clickcertain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
47	cymulate.com cymulate.com — Cisco Umbrella Rank: 212300	2 MB
12	facebook.com www.facebook.com — Cisco Umbrella Rank: 112	7 KB
11	6sc.co j.6sc.co — Cisco Umbrella Rank: 6722 c.6sc.co — Cisco Umbrella Rank: 8242 ipv6.6sc.co — Cisco Umbrella Rank: 6895 b.6sc.co — Cisco Umbrella Rank: 4275	23 KB
8	cookiepro.com cookie-cdn.cookiepro.com — Cisco Umbrella Rank: 9608	149 KB
7	roundprinceforest.com euob.roundprinceforest.com obseu.roundprinceforest.com	42 KB
5	outbrain.com amplify.outbrain.com — Cisco Umbrella Rank: 3730 tr.outbrain.com — Cisco Umbrella Rank: 3650 wave.outbrain.com — Cisco Umbrella Rank: 3681	10 KB
5	equalweb.com cdn.equalweb.com — Cisco Umbrella Rank: 20959	24 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 57	408 KB
4	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 358 px4.ads.linkedin.com — Cisco Umbrella Rank: 6989	2 KB
4	hubspot.com js.hubspot.com — Cisco Umbrella Rank: 4150 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 4335 track.hubspot.com — Cisco Umbrella Rank: 2877 forms.hubspot.com — Cisco Umbrella Rank: 6754	28 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 196	79 KB
3	clickcertain.com 1 redirects a.clickcertain.com — Cisco Umbrella Rank: 74631	3 KB
2	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 3391
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 10309	721 B
2	company-target.com s.company-target.com — Cisco Umbrella Rank: 1696 api.company-target.com — Cisco Umbrella Rank: 4976	1 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 906	14 KB
2	demandbase.com tag.demandbase.com — Cisco Umbrella Rank: 6838 tag-logger.demandbase.com — Cisco Umbrella Rank: 6070	19 KB
2	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 3476	3 KB
2	leadforensics.com secure.leadforensics.com — Cisco Umbrella Rank: 46948	1 KB
1	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 122	64 B
1	hsforms.com perf-na1.hsforms.com — Cisco Umbrella Rank: 4463	909 B
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 4084	1 KB
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 1133	394 B
1	t.co t.co — Cisco Umbrella Rank: 857	624 B
1	okt.to okt.to — Cisco Umbrella Rank: 39904	100 B
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 891	98 B
1	digitaloceanspaces.com metadata-static-files.sfo2.cdn.digitaloceanspaces.com — Cisco Umbrella Rank: 128573	2 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2752	25 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3701	4 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2719	19 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 6402	92 KB
1	remarketstats.com 1 redirects a.remarketstats.com — Cisco Umbrella Rank: 44859	573 B
1	oktopost.com static.oktopost.com — Cisco Umbrella Rank: 46892	4 KB
1	quora.com a.quora.com Failed q.quora.com — Cisco Umbrella Rank: 5446	322 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 989	15 KB
1	ipify.org api.ipify.org — Cisco Umbrella Rank: 2176	155 B
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 5210	2 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 550	312 B
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2991	1 KB
1	gartner.com www.gartner.com — Cisco Umbrella Rank: 68155	4 KB
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 7797	156 KB
1	mobilemonkey.com static.mobilemonkey.com — Cisco Umbrella Rank: 75196	910 B
153	42

	Domain	Requested by
47	cymulate.com	cymulate.com
12	www.facebook.com	cymulate.com
8	cookie-cdn.cookiepro.com	cymulate.com cookie-cdn.cookiepro.com
7	b.6sc.co	cymulate.com
6	obseu.roundprinceforest.com	euob.roundprinceforest.com cymulate.com
5	cdn.equalweb.com	cymulate.com cdn.equalweb.com
5	www.googletagmanager.com	cymulate.com www.googletagmanager.com js.hsadspixel.net
4	connect.facebook.net	cymulate.com connect.facebook.net
3	px.ads.linkedin.com	1 redirects snap.licdn.com
3	a.clickcertain.com	1 redirects cymulate.com a.remarketstats.com
2	region1.google-analytics.com	www.googletagmanager.com
2	epsilon.6sense.com	j.6sc.co
2	tr.outbrain.com	amplify.outbrain.com
2	amplify.outbrain.com	www.googletagmanager.com amplify.outbrain.com
2	snap.licdn.com	www.googletagmanager.com cymulate.com
2	j.6sc.co	www.googletagmanager.com j.6sc.co
2	dev.visualwebsiteoptimizer.com	cymulate.com
2	secure.leadforensics.com	cymulate.com secure.leadforensics.com
1	pagead2.googlesyndication.com	www.googletagmanager.com
1	forms.hubspot.com	js.hsleadflows.net
1	track.hubspot.com
1	perf-na1.hsforms.com	cymulate.com
1	api.hubapi.com	js.hsadspixel.net
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	tag-logger.demandbase.com	tag.demandbase.com
1	analytics.twitter.com	cymulate.com
1	t.co	cymulate.com
1	px4.ads.linkedin.com	cymulate.com
1	wave.outbrain.com	amplify.outbrain.com
1	okt.to	static.oktopost.com
1	api.company-target.com	tag.demandbase.com
1	id.rlcdn.com	cymulate.com
1	s.company-target.com	tag.demandbase.com
1	metadata-static-files.sfo2.cdn.digitaloceanspaces.com	cymulate.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hsadspixel.net	js.hs-scripts.com
1	js.hubspot.com	js.hs-scripts.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hsleadflows.net	js.hs-scripts.com
1	q.quora.com	cymulate.com
1	a.remarketstats.com	1 redirects
1	static.oktopost.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	tag.demandbase.com	cymulate.com
1	api.ipify.org	cymulate.com
1	ws.zoominfo.com	cymulate.com
1	geolocation.onetrust.com	cookie-cdn.cookiepro.com
1	js.hs-scripts.com	cymulate.com
1	www.gartner.com	cymulate.com
1	euob.roundprinceforest.com	cymulate.com
1	js.hsforms.net	cymulate.com
1	static.mobilemonkey.com	cymulate.com
0	a.quora.com Failed	www.googletagmanager.com
153	55

This site contains links to these domains. Also see Links.

Domain
app.cymulate.com
l.cymulate.com
portal.cymulate.com
partner.cymulate.com
www.linkedin.com
www.youtube.com
www.instagram.com

Subject Issuer	Validity	Valid
cymulate.com WE1	`2024-09-15` - `2024-12-14`	3 months	crt.sh
static.mobilemonkey.com Amazon RSA 2048 M03	`2024-04-21` - `2025-05-19`	a year	crt.sh
cookiepro.com E5	`2024-09-14` - `2024-12-13`	3 months	crt.sh
hsforms.net WE1	`2024-08-11` - `2024-11-09`	3 months	crt.sh
*.google-analytics.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
*.roundprinceforest.com Amazon RSA 2048 M02	`2024-06-18` - `2025-07-17`	a year	crt.sh
*.leadforensics.com Sectigo RSA Domain Validation Secure Server CA	`2023-11-17` - `2024-12-15`	a year	crt.sh
www.gartner.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-14` - `2024-12-13`	a year	crt.sh
hs-scripts.com WE1	`2024-07-29` - `2024-10-27`	3 months	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2024-06-29` - `2025-07-31`	a year	crt.sh
geolocation.onetrust.com WE1	`2024-08-13` - `2024-11-11`	3 months	crt.sh
zoominfo.com E5	`2024-09-14` - `2024-12-13`	3 months	crt.sh
ipify.org WE1	`2024-09-15` - `2024-12-14`	3 months	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2024-08-27` - `2025-09-28`	a year	crt.sh
equalweb.com WE1	`2024-09-24` - `2024-12-23`	3 months	crt.sh
6sc.co R10	`2024-09-23` - `2024-12-22`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
*.outbrain.com DigiCert TLS RSA SHA256 2020 CA1	`2023-12-14` - `2024-12-14`	a year	crt.sh
*.oktopost.com Amazon RSA 2048 M02	`2024-07-29` - `2025-08-28`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-07-04` - `2024-10-02`	3 months	crt.sh
quora.com WR1	`2024-09-15` - `2024-12-14`	3 months	crt.sh
hsleadflows.net WE1	`2024-07-31` - `2024-10-29`	3 months	crt.sh
hs-banner.com WE1	`2024-07-27` - `2024-10-25`	3 months	crt.sh
hubspot.com E5	`2024-09-18` - `2024-12-17`	3 months	crt.sh
hsadspixel.net WE1	`2024-08-12` - `2024-11-10`	3 months	crt.sh
hs-analytics.net WE1	`2024-08-09` - `2024-11-07`	3 months	crt.sh
*.sfo2.cdn.digitaloceanspaces.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-04-20` - `2025-05-07`	a year	crt.sh
*.company-target.com R11	`2024-08-15` - `2024-11-13`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2024-02-06` - `2025-03-05`	a year	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2024-08-13` - `2025-09-14`	a year	crt.sh
okt.to R10	`2024-08-27` - `2024-11-25`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-09-11` - `2025-03-11`	6 months	crt.sh
t.co E6	`2024-07-31` - `2024-10-29`	3 months	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-08-19` - `2025-08-18`	a year	crt.sh
*.demandbase.com Amazon RSA 2048 M02	`2024-06-10` - `2025-07-08`	a year	crt.sh
hubapi.com WE1	`2024-09-09` - `2024-12-08`	3 months	crt.sh
hsforms.com WE1	`2024-08-12` - `2024-11-10`	3 months	crt.sh
*.6sense.com Amazon RSA 2048 M03	`2024-03-31` - `2025-04-29`	a year	crt.sh
clickcertain.com WE1	`2024-09-12` - `2024-12-11`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/
Frame ID: C6D7C3C34DB2E149D622EA6CE24757B1
Requests: 148 HTTP requests in this frame

Frame: https://s.company-target.com/s/sync?exc=lr
Frame ID: BE0329971C98F24BDECFC3732DAF0606
Requests: 1 HTTP requests in this frame

Frame: https://a.clickcertain.com/px/cont/?c=24335bac5f4f324&ccid=26a9c073-2a08-4695-ba64-404c971e9113&cn=DE&rid=03cdb730-c8e4-4f7d-8a64-96ae72384e85
Frame ID: 1824F812F01BFA01A81905D1F6B2064D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Page not found - Cymulate

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

EqualWeb (Accessibility) Expand

Overall confidence: 100%
Detected patterns

cdn\.equalweb\.com.*\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

otSDKStub\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

153
Requests

96 %
HTTPS

61 %
IPv6

42
Domains

55
Subdomains

49
IPs

6
Countries

2862 kB
Transfer

6170 kB
Size

45
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://app.cymulate.com/login
Title: LOG IN

Search URL Search Domain Scan URL

URL: https://l.cymulate.com/hubfs/partners/cymulate-partner-program-overview.pdf
Title: Download

Search URL Search Domain Scan URL

URL: https://portal.cymulate.com/
Title: Partner Portal Login

Search URL Search Domain Scan URL

URL: https://partner.cymulate.com/
Title: Partners Central

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cymulate
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@cymulateltd
Title: YouTube

Search URL Search Domain Scan URL

URL: https://www.instagram.com/cymulate_life/
Title: Instagram

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 71

https://a.remarketstats.com/px/smart/?c=24335bac5f4f324&seg=threats/diavol-a-new-ransomware-used-by-wizard-spider-2 HTTP 302
https://a.clickcertain.com/px/smart/a/?c=24335bac5f4f324&seg=threats/diavol-a-new-ransomware-used-by-wizard-spider-2 HTTP 302
https://a.clickcertain.com/px/?c=24335bac5f4f324&rid=03cdb730-c8e4-4f7d-8a64-96ae72384e85

Request Chain 95

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=120269&time=1727215222290&url=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=120269&time=1727215222290&url=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&e_ipv6=AQJETzrFVzQ47gAAAZImDL7DVOUO01XIXegSzWp9hFIjBRUdWYjrXuM-hWblL48JD0zbhZbuybhi8p8eoqJ6ANyy_wqweg

153 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 404 Primary Request / Show response
cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/ 61 KB
15 KB 903ms
859ms Document
text/html 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88a9ddab458683c31cdda49f18f189d6141a224d223666508a5542c1d7ac7259

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

cache-control: max-age=600, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8c860bf80d481c38-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 24 Sep 2024 22:00:21 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
link: <https://cymulate.com/wp-json/>; rel="https://api.w.org/"
referrer-policy: origin
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding
x-cache: MISS
x-cache-group: normal
x-cacheable: non200
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

GET
H2 200 mm_a2d1e31d-58b7-45f1-b66f-2e3107549cf8-23218466.js Show response
static.mobilemonkey.com/js/ 579 B
910 B 184ms
125ms Script
text/javascript 3.160.150.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.mobilemonkey.com/js/mm_a2d1e31d-58b7-45f1-b66f-2e3107549cf8-23218466.js
Requested by: Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.160.150.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-160-150-83.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7ac7bdc3ac6ccf0f88fca01f3e7db0d8dfd14e2bbf887d78a8ddde212a0ddb03

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cache-control: max-age=60
etag: "d0f2906fc6161605eb21dd73320dc1d4"
via: 1.1 d0a36dbd6f5cc87855296f2852cab3ec.cloudfront.net (CloudFront)
x-cache: RefreshHit from cloudfront
content-length: 579
x-amz-cf-id: Z-3yLmS2yErTuLjBapO00L7JdQH2CIrkWOpCkHEL364zZs00PH8gDw==
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: text/javascript
last-modified: Fri, 24 Nov 2023 23:46:23 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P7

GET
H2 200 starter-scripts.js Show response
cymulate.com/wp-content/themes/cymulate-2022/build/js/ 848 B
958 B 34ms
29ms Script
application/javascript 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-content/themes/cymulate-2022/build/js/starter-scripts.js

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3f08b3cbc6ceb04bc62a9b85006ef3ee818f9cd4cedd2fb39e3058358682165

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=604800, no-transform
cf-bgj: minify
etag: W/"66d5781d-612"
age: 186313
cf-cache-status: HIT
cf-ray: 8c860bfd9ac11c38-FRA
expires: Sun, 29 Sep 2024 14:54:45 GMT
cf-polished: origSize=1554
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/javascript
last-modified: Mon, 02 Sep 2024 08:32:29 GMT
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare

GET
H2 200 Poppins-Regular.ttf
cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/ 154 KB
155 KB 43ms
38ms Font
application/octet-stream 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/Poppins-Regular.ttf

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78f127277756ae464f4eb665ce214cb6315746f6f4193e95b31f18f4b3e97527

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Origin: https://cymulate.com
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000
cf-cache-status: HIT
etag: "66d5781c-269f0"
age: 169343
cf-ray: 8c860bfd9ac31c38-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 158192
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/octet-stream
last-modified: Mon, 02 Sep 2024 08:32:28 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 init-gtm.js Show response
cymulate.com/wp-content/themes/cymulate-2022/build/js/ 657 B
766 B 44ms
39ms Script
application/javascript 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-content/themes/cymulate-2022/build/js/init-gtm.js?v=21.7.29.10

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6f4886fd171e93e684e99d01d547f4be16dbd021a3b19589f27d99ee6d7452d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=604800, no-transform
cf-bgj: minify
etag: W/"66e7fddd-33b"
age: 186313
cf-cache-status: HIT
cf-ray: 8c860bfd9ac41c38-FRA
expires: Sun, 29 Sep 2024 14:54:44 GMT
cf-polished: origSize=827
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/javascript
last-modified: Mon, 16 Sep 2024 09:43:57 GMT
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare

GET
H2 200 otSDKStub.js Show response
cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/ 20 KB
7 KB 113ms
48ms Script
application/x-javascript 2606:4700:4400::ac40:97a6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/otSDKStub.js

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea14b302d2386504b249b182fac6bdeff4b77b71921945c4cf70e73550ab503d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-md5: pbJJi2bi48pCi90v1avuPA==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
cf-cache-status: HIT
etag: 0x8DCD6F453BEA5C5
age: 29643
x-ms-lease-status: unlocked
x-ms-version: 2009-09-19
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/x-javascript
last-modified: Tue, 17 Sep 2024 08:40:04 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 8d76d8ce-001e-0033-50dd-087417000000
cf-ray: 8c860bfdfb998c44-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 6924
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 form-awesome-public.css
cymulate.com/wp-content/plugins/form-awesome-plugin/public/css/ 28 B
158 B 31ms
26ms Stylesheet
text/css 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-content/plugins/form-awesome-plugin/public/css/form-awesome-public.css?ver=1.0.0

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec8e585ab06e164d11e99adcf9b18d3074de0ece7c922fc6cc99d86fad4d9ea7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=604800, no-transform
cf-bgj: minify
etag: W/"63d08414-82"
age: 145483
cf-cache-status: HIT
cf-ray: 8c860bfd9ab61c38-FRA
expires: Sun, 29 Sep 2024 14:54:45 GMT
cf-polished: origSize=130
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: text/css
last-modified: Wed, 25 Jan 2023 01:21:24 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 jquery.fancybox.css
cymulate.com/wp-content/themes/cymulate-2022/assets/ 13 KB
14 KB 29ms
25ms Stylesheet
text/css 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-content/themes/cymulate-2022/assets/jquery.fancybox.css?ver=21.7.29.10

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3c4f516f2d040c27cb7a620963fb42d6d86e2f5757a62ea78cb80778e8a62b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=604800, no-transform
cf-bgj: minify
etag: W/"66d5781b-4391"
age: 145483
cf-cache-status: HIT
cf-ray: 8c860bfd9ab91c38-FRA
expires: Sun, 29 Sep 2024 14:54:44 GMT
cf-polished: origSize=17297
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: text/css
last-modified: Mon, 02 Sep 2024 08:32:27 GMT
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare

GET
H2 200 slick.css
cymulate.com/wp-content/themes/cymulate-2022/assets/slick-1.8.1/slick/ 1 KB
1 KB 36ms
32ms Stylesheet
text/css 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-content/themes/cymulate-2022/assets/slick-1.8.1/slick/slick.css?ver=21.7.29.10

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e9c2e18c6d317b4868deb6e9ecf95c4888fa98a6d745e8b195844ca559e6b38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=604800, no-transform
cf-bgj: minify
etag: W/"66d5781c-565"
age: 145483
cf-cache-status: HIT
cf-ray: 8c860bfd9abc1c38-FRA
expires: Sun, 29 Sep 2024 14:54:44 GMT
cf-polished: origSize=1381
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: text/css
last-modified: Mon, 02 Sep 2024 08:32:28 GMT
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare

GET
H2 200 slidercaptcha.min.css
cymulate.com/wp-content/themes/cymulate-2022/assets/puzzle-captcha/ 2 KB
774 B 44ms
40ms Stylesheet
text/css 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-content/themes/cymulate-2022/assets/puzzle-captcha/slidercaptcha.min.css?ver=21.7.29.10

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79a306bfbadefd954a88675179e2ab9925719fe821d54fec7401e0c6931a9c24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=604800, no-transform
content-encoding: br
cf-cache-status: HIT
etag: W/"66d5781b-850"
age: 145483
cf-ray: 8c860bfd9abe1c38-FRA
expires: Sun, 29 Sep 2024 14:54:45 GMT
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Mon, 02 Sep 2024 08:32:27 GMT

GET
H2 404 autoComplete.css
cymulate.com/wp-content/themes/cymulate-2022/assets/autocomplete/ 0
0 234ms
231ms Stylesheet
text/html 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-content/themes/cymulate-2022/assets/autocomplete/autoComplete.css?ver=21.7.29.10

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=86400
content-encoding: br
cf-cache-status: EXPIRED
cf-ray: 8c860bfd9abf1c38-FRA
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: text/html
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare

GET
H2 200 style.css
cymulate.com/wp-content/themes/cymulate-2022/ 789 KB
790 KB 36ms
32ms Stylesheet
text/css 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-content/themes/cymulate-2022/style.css?ver=21.7.29.10

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a052a5689623398ee81de8ec6ec510ca0aa1148ee22b87981900901a613a93ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=604800, no-transform
cf-bgj: minify
etag: W/"66d9c10e-c5b21"
age: 145483
cf-cache-status: HIT
cf-ray: 8c860bfd9ac01c38-FRA
expires: Sun, 29 Sep 2024 14:54:45 GMT
cf-polished: origSize=809761
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: text/css
last-modified: Thu, 05 Sep 2024 14:32:46 GMT
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare

GET
H2 200 jquery.min.js Show response
cymulate.com/wp-includes/js/jquery/ 86 KB
31 KB 31ms
27ms Script
application/javascript 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=604800, no-transform
content-encoding: br
cf-cache-status: HIT
etag: W/"64ecd5ef-15601"
age: 186313
cf-ray: 8c860bfdaac61c38-FRA
expires: Sun, 29 Sep 2024 14:54:45 GMT
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Mon, 28 Aug 2023 17:14:23 GMT

GET
H2 200 jquery-migrate.min.js Show response
cymulate.com/wp-includes/js/jquery/ 13 KB
5 KB 42ms
39ms Script
application/javascript 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=604800, no-transform
content-encoding: br
cf-cache-status: HIT
etag: W/"6482bd64-3509"
age: 186313
cf-ray: 8c860bfdaacb1c38-FRA
expires: Sun, 29 Sep 2024 14:54:45 GMT
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Fri, 09 Jun 2023 05:49:24 GMT

GET
H2 200 form-awesome-public.js Show response
cymulate.com/wp-content/plugins/form-awesome-plugin/public/js/ 425 B
513 B 43ms
40ms Script
application/javascript 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-content/plugins/form-awesome-plugin/public/js/form-awesome-public.js?ver=1.0.0

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa3e04479170b1653e44d8c356f6917f184e9f651cbe122807d9f77869038be1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=604800, no-transform
cf-bgj: minify
etag: W/"63d08414-219"
age: 145483
cf-cache-status: HIT
cf-ray: 8c860bfdaacc1c38-FRA
expires: Sun, 29 Sep 2024 14:54:45 GMT
cf-polished: origSize=537
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/javascript
last-modified: Wed, 25 Jan 2023 01:21:24 GMT
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare

GET
H3 200 v2.js Show response
js.hsforms.net/forms/ 483 KB
156 KB 68ms
30ms Script
application/javascript 2606:4700::6812:8d77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:8d77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

69f9f19bd433b1317c2e2adf4b0d99a7655e6d878b35a970a5311227c6ad0a04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

x-request-id: 585420a3-3f7f-4d29-b64c-95ab95d266c3
content-encoding: gzip
cf-cache-status: HIT
etag: W/"6baa082bb753a0d6d6e8a595ed1a8003"
x-amz-version-id: AFaf8mWb39Qooe1K5qzICbDOfESNQB7s
age: 22
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hacTHGimWWaizuGnvcrm72oxLR%2Fpqn76rqFDcgwU7FE7hYdTTCAstcayM37jETu6wzgUNQI0ALUdbQF4rxMAB8vLj3dAqXYAgqeYiL%2B3G4lIM0AXx%2FQxlkXrebIgMwJ0I54pb7cu9JxSQEiY"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: FaIIvr7JQszanzbmqNJkg_4cMQwYrqbm3X9ybXdQ1k8JSl2MFzvLUg==
x-hubspot-correlation-id: 585420a3-3f7f-4d29-b64c-95ab95d266c3
content-type: application/javascript; charset=utf-8
last-modified: Tue, 03 Sep 2024 14:36:36 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-6c6dd6864-78pl4
x-envoy-upstream-service-time: 3
x-hs-target-asset: forms-embed/static-1.5999/bundles/project-v2.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Tue, 24 Sep 2024 22:00:21 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5999/bundles/project-v2.js&cfRay=8c860b748c3a2bbe-FRA
via: 1.1 b77313059f3d50280ced20238b151620.cloudfront.net (CloudFront)
cf-ray: 8c860bfdde0c9757-FRA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 321 KB
106 KB 181ms
34ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-6ZSMQQR9V4

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

99682b04beefd4e58b020ba9ad53146055084cde9a54ba5485eb1792576c6a7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: br
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Tue, 24 Sep 2024 22:00:21 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 108388
date: Tue, 24 Sep 2024 22:00:21 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

GET
H2 200 683bf120b4a6a6234a5fff3424707f4e.js Show response
euob.roundprinceforest.com/sxp/i/ 108 KB
40 KB 208ms
36ms Script
text/javascript 2600:9000:211e:4600:1d:57a9:200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://euob.roundprinceforest.com/sxp/i/683bf120b4a6a6234a5fff3424707f4e.js
Requested by: Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:4600:1d:57a9:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Caddy /
Resource Hash: 13e7e7a6c5322fe3fb5cdcada6893a70abebab0acb4bb3f45ff43ec9b96164f5

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cache-control: max-age=43200
content-encoding: gzip
etag: "1ae79-C8Z0xHjFCasBuZUUaq/j8uYZqzY"
age: 11701
via: 1.1 95adda0bdbd310a1a9e4f54f540543e2.cloudfront.net (CloudFront)
expires: Wed, 25 Sep 2024 06:45:20 GMT
x-cache: Hit from cloudfront
content-length: 40314
x-amz-cf-id: URkaV4cw0ix_SswQAeOewl15sA4B00OKIsjfnciGntcsSOTxjQbQcw==
date: Tue, 24 Sep 2024 19:12:01 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
server: Caddy
x-amz-cf-pop: FRA56-C2

GET
H/1.1 200
OK 102530.js Show response
secure.leadforensics.com/js/ 2 KB
1 KB 390ms
23ms Script
text/javascript 4.158.108.63
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.leadforensics.com/js/102530.js
Requested by: Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 4.158.108.63 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 735d3dff569b3a23c7c72466c4a0ec32b3564ab2464652608c3a79614e719315

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

Transfer-Encoding: chunked
Cache-Control: public, max-age=86400
Content-Encoding: br
Connection: keep-alive
Request-Context: appId=cid-v1:abe8a76f-f1a2-4b2e-9017-0ea36ffb5c20
Date: Tue, 24 Sep 2024 22:00:21 GMT
Content-Type: text/javascript
Vary: Accept-Encoding

GET
H2 200 Logo.png.webp
cymulate.com/uploaded-files/2024/07/ 2 KB
2 KB 28ms
23ms Image
image/webp 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cymulate.com/uploaded-files/2024/07/Logo.png.webp

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22f7af7c1f0fda7b15222161020de20537ce540f08ba19284bb2e27def8e2f86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=7776000, no-transform
cf-cache-status: HIT
etag: "66937410-6fa"
age: 186313
cf-ray: 8c860bff5ccb1c38-FRA
expires: Sat, 21 Dec 2024 14:54:46 GMT
accept-ranges: bytes
content-length: 1786
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: image/webp
last-modified: Sun, 14 Jul 2024 06:45:36 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 Ebook-top-nav.png.webp
cymulate.com/uploaded-files/2024/07/ 3 KB
3 KB 41ms
39ms Image
image/webp 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cymulate.com/uploaded-files/2024/07/Ebook-top-nav.png.webp

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc0913f664781f3bc0dba989f95cccf924a100eb438bfccee0c782ee5282aa1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=7776000, no-transform
cf-cache-status: HIT
etag: "66a8db9d-ab4"
age: 186311
cf-ray: 8c860bfdaacd1c38-FRA
expires: Sat, 21 Dec 2024 14:54:45 GMT
accept-ranges: bytes
content-length: 2740
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: image/webp
last-modified: Tue, 30 Jul 2024 12:25:01 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 Platforms-Data-Sheet-July-2024-03.png.webp
cymulate.com/uploaded-files/2024/08/ 5 KB
5 KB 42ms
39ms Image
image/webp 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cymulate.com/uploaded-files/2024/08/Platforms-Data-Sheet-July-2024-03.png.webp

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27600c3569238e155261a72508d58c0e0e9eb68da6513614c2217dc0df8bea33

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=7776000, no-transform
cf-cache-status: HIT
etag: "66b1dc25-13e8"
age: 186311
cf-ray: 8c860bfdaacf1c38-FRA
expires: Sat, 21 Dec 2024 14:54:45 GMT
accept-ranges: bytes
content-length: 5096
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: image/webp
last-modified: Tue, 06 Aug 2024 08:17:41 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 Partners.png.webp
cymulate.com/uploaded-files/2023/09/ 6 KB
6 KB 51ms
51ms Image
image/webp 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cymulate.com/uploaded-files/2023/09/Partners.png.webp

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4cfe1561fd61895d2b4e2ee75ea8d976af62459d930d9d410a3ce95ff44bcec2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=7776000, no-transform
cf-cache-status: HIT
etag: "64f82781-17ee"
age: 186311
cf-ray: 8c860bfdfb441c38-FRA
expires: Sat, 21 Dec 2024 14:54:45 GMT
accept-ranges: bytes
content-length: 6126
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: image/webp
last-modified: Wed, 06 Sep 2023 07:17:21 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 F-S.png.webp
cymulate.com/uploaded-files/2024/07/ 10 KB
10 KB 41ms
41ms Image
image/webp 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cymulate.com/uploaded-files/2024/07/F-S.png.webp

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d416171fbe213899a7eef70bb99ff4ded2ba078705130cd9c160c970c271341f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=7776000, no-transform
cf-cache-status: HIT
etag: "66a8d9ac-2888"
age: 186311
cf-ray: 8c860bfdfb451c38-FRA
expires: Sat, 21 Dec 2024 14:54:45 GMT
accept-ranges: bytes
content-length: 10376
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: image/webp
last-modified: Tue, 30 Jul 2024 12:16:44 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 Gartner-Report-260-x-180-px.png.webp
cymulate.com/uploaded-files/2024/07/ 3 KB
3 KB 29ms
29ms Image
image/webp 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cymulate.com/uploaded-files/2024/07/Gartner-Report-260-x-180-px.png.webp

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93e6a2abeab6f2f9dfd179185ae68e9728eedd122fe65644148a242df33e3b59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=7776000, no-transform
cf-cache-status: HIT
etag: "66a8fd42-a70"
age: 186311
cf-ray: 8c860bfe5bae1c38-FRA
expires: Sat, 21 Dec 2024 14:54:46 GMT
accept-ranges: bytes
content-length: 2672
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: image/webp
last-modified: Tue, 30 Jul 2024 14:48:34 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 cymulate-icon.png
cymulate.com/wp-content/themes/cymulate-2022/build/images/ 150 B
354 B 38ms
33ms Image
image/webp 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cymulate.com/wp-content/themes/cymulate-2022/build/images/cymulate-icon.png

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45fc282ba10aab2ee245c715735faec6f17656934f54f5ac64843f8a03a08a43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cf-bgj: imgq:100,h2pri
etag: "66d5781c-66f"
age: 145482
cf-cache-status: HIT
expires: Sat, 21 Dec 2024 14:54:46 GMT
cf-polished: origFmt=png, origSize=1647
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: image/webp
content-disposition: inline; filename="cymulate-icon.webp"
vary: Accept
last-modified: Mon, 02 Sep 2024 08:32:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=7776000, no-transform
cf-ray: 8c860bff5ccc1c38-FRA
accept-ranges: bytes
content-length: 150
server: cloudflare

GET
H2 200 linkdin-icon.svg
cymulate.com/uploaded-files/2024/09/ 1 KB
690 B 32ms
28ms Image
image/svg+xml 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cymulate.com/uploaded-files/2024/09/linkdin-icon.svg

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

58ebe35d08f36534dfbdee4a7c01ae1efad459add6ae70cb6f1397bd70b2194c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=7776000, no-transform
content-encoding: br
cf-cache-status: HIT
etag: W/"66e945db-45b"
age: 169328
cf-ray: 8c860bff5ccd1c38-FRA
expires: Sat, 21 Dec 2024 14:54:46 GMT
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Tue, 17 Sep 2024 09:03:23 GMT

GET
H2 200 utube-icon.svg
cymulate.com/uploaded-files/2024/09/ 881 B
625 B 32ms
27ms Image
image/svg+xml 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cymulate.com/uploaded-files/2024/09/utube-icon.svg

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf8407e6330aced2e477abd2fafbb3c13f83a77cf5ce55254ccd7b71848ba11b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=7776000, no-transform
content-encoding: br
cf-cache-status: HIT
etag: W/"66e945da-371"
age: 169328
cf-ray: 8c860bff5cce1c38-FRA
expires: Sat, 21 Dec 2024 14:54:46 GMT
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Tue, 17 Sep 2024 09:03:22 GMT

GET
H2 200 insta-icon.svg
cymulate.com/uploaded-files/2024/09/ 2 KB
1 KB 31ms
27ms Image
image/svg+xml 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cymulate.com/uploaded-files/2024/09/insta-icon.svg

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

30422d1511267f63643688107659e5eb9f160df68de1e46451f7ca59f5c23f3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=7776000, no-transform
content-encoding: br
cf-cache-status: HIT
etag: W/"66e945dc-73d"
age: 169328
cf-ray: 8c860bff5ccf1c38-FRA
expires: Sat, 21 Dec 2024 14:54:45 GMT
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Tue, 17 Sep 2024 09:03:24 GMT

GET
H2 200 Layer_2.png.webp
cymulate.com/uploaded-files/2024/07/ 484 B
594 B 31ms
28ms Image
image/webp 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cymulate.com/uploaded-files/2024/07/Layer_2.png.webp

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3d62f787f96df6e8e522fe6e495b3b332bcc39611f4480547833596d0baff05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=7776000, no-transform
cf-cache-status: HIT
etag: "66937418-1e4"
age: 169328
cf-ray: 8c860bff5cd11c38-FRA
expires: Sat, 21 Dec 2024 14:54:46 GMT
accept-ranges: bytes
content-length: 484
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: image/webp
last-modified: Sun, 14 Jul 2024 06:45:44 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 jquery.visible.min.js Show response
cymulate.com/wp-content/themes/cymulate-2022/assets/ 885 B
650 B 29ms
28ms Script
application/javascript 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-content/themes/cymulate-2022/assets/jquery.visible.min.js?ver=21.7.29.10

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a303026a1e158c61d96ba96010352c24957181ee22828ce2b54cdd60c813529

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=604800, no-transform
content-encoding: br
cf-cache-status: HIT
etag: W/"66d5781b-375"
age: 186313
cf-ray: 8c860bfe5bb01c38-FRA
expires: Sun, 29 Sep 2024 14:54:46 GMT
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Mon, 02 Sep 2024 08:32:27 GMT

GET
H2 200 jquery.fancybox.js Show response
cymulate.com/wp-content/themes/cymulate-2022/assets/ 89 KB
89 KB 24ms
23ms Script
application/javascript 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-content/themes/cymulate-2022/assets/jquery.fancybox.js?ver=21.7.29.10

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

359a8d9558abac48bff316eeecd731083a11196a1a2dede6d1c5c9a79db3a745

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=604800, no-transform
cf-bgj: minify
etag: W/"66d5781b-27174"
age: 145483
cf-cache-status: HIT
cf-ray: 8c860bfe8bde1c38-FRA
expires: Sun, 29 Sep 2024 14:54:45 GMT
cf-polished: origSize=160116
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/javascript
last-modified: Mon, 02 Sep 2024 08:32:27 GMT
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare

GET
H2 200 slick.min.js Show response
cymulate.com/wp-content/themes/cymulate-2022/assets/slick-1.8.1/slick/ 42 KB
11 KB 25ms
25ms Script
application/javascript 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-content/themes/cymulate-2022/assets/slick-1.8.1/slick/slick.min.js?ver=21.7.29.10

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ceffda0001c0a6edf0cae48244e72c46d66bb5a75618d4ed5c03d0d24cd106eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=604800, no-transform
content-encoding: br
cf-cache-status: HIT
etag: W/"66d5781c-a779"
age: 194444
cf-ray: 8c860bfebc051c38-FRA
expires: Sun, 29 Sep 2024 14:54:46 GMT
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Mon, 02 Sep 2024 08:32:28 GMT

GET
H2 200 longbow.slidercaptcha.min.js Show response
cymulate.com/wp-content/themes/cymulate-2022/assets/puzzle-captcha/ 7 KB
3 KB 24ms
24ms Script
application/javascript 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-content/themes/cymulate-2022/assets/puzzle-captcha/longbow.slidercaptcha.min.js?ver=21.7.29.10

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e051bcd1aa1760cd154bda6aeb6dc3b4c34633cfdbfa5418ae2243cdecb87599

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=604800, no-transform
content-encoding: br
cf-cache-status: HIT
etag: W/"66d5781b-1ae9"
age: 186313
cf-ray: 8c860bfefc721c38-FRA
expires: Sun, 29 Sep 2024 14:54:45 GMT
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Mon, 02 Sep 2024 08:32:27 GMT

GET
H2 200 jquery.validate.js Show response
cymulate.com/wp-content/themes/cymulate-2022/assets/ 31 KB
31 KB 30ms
21ms Script
application/javascript 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-content/themes/cymulate-2022/assets/jquery.validate.js?ver=21.7.29.10

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d34d97eefb81310ba1fc34cf478deb7c4ead22224a837e9b0cc662c8de69527

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=604800, no-transform
cf-bgj: minify
etag: W/"66d5781b-c7e3"
age: 145483
cf-cache-status: HIT
cf-ray: 8c860bff5cc01c38-FRA
expires: Sun, 29 Sep 2024 14:54:46 GMT
cf-polished: origSize=51171
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/javascript
last-modified: Mon, 02 Sep 2024 08:32:27 GMT
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare

GET
H2 200 starter-scripts.js Show response
cymulate.com/wp-content/themes/cymulate-2022/build/js/ 848 B
935 B 52ms
43ms Script
application/javascript 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-content/themes/cymulate-2022/build/js/starter-scripts.js?ver=21.7.29.10

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3f08b3cbc6ceb04bc62a9b85006ef3ee818f9cd4cedd2fb39e3058358682165

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=604800, no-transform
cf-bgj: minify
etag: W/"66d5781d-612"
age: 145483
cf-cache-status: HIT
cf-ray: 8c860bff5cc21c38-FRA
expires: Sun, 29 Sep 2024 14:54:46 GMT
cf-polished: origSize=1554
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/javascript
last-modified: Mon, 02 Sep 2024 08:32:29 GMT
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare

GET
H2 200 general-scripts.js Show response
cymulate.com/wp-content/themes/cymulate-2022/build/js/ 25 KB
25 KB 34ms
26ms Script
application/javascript 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-content/themes/cymulate-2022/build/js/general-scripts.js?ver=21.7.29.10

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

24c779851c36bb885ad6e4b73bf8d41f58a7f8a910ac4240d825564d32d35a1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=604800, no-transform
cf-bgj: minify
etag: W/"66d5781d-a831"
age: 145483
cf-cache-status: HIT
cf-ray: 8c860bff5cc41c38-FRA
expires: Sun, 29 Sep 2024 14:54:46 GMT
cf-polished: origSize=43057
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/javascript
last-modified: Mon, 02 Sep 2024 08:32:29 GMT
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare

GET
H2 200 scripts.js Show response
cymulate.com/wp-content/themes/cymulate-2022/build/js/ 659 B
746 B 32ms
24ms Script
application/javascript 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-content/themes/cymulate-2022/build/js/scripts.js?ver=21.7.29.10

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14e9cb721743bdb32c44b88f048772accfbf6899d3f77d06ccf2fb676b943353

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=604800, no-transform
cf-bgj: minify
etag: W/"66d5781d-443"
age: 145483
cf-cache-status: HIT
cf-ray: 8c860bff5cc51c38-FRA
expires: Sun, 29 Sep 2024 14:54:46 GMT
cf-polished: origSize=1091
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/javascript
last-modified: Mon, 02 Sep 2024 08:32:29 GMT
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare

GET
H2 200 main-scripts.js Show response
cymulate.com/wp-content/themes/cymulate-2022/build/js/ 21 KB
21 KB 41ms
33ms Script
application/javascript 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-content/themes/cymulate-2022/build/js/main-scripts.js?ver=21.7.29.10

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ab7b2066ad0b65ec79be21dc93aa32a425dcb11c41880498a004eaaaa17e26e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=604800, no-transform
cf-bgj: minify
etag: W/"66d5781d-8a5b"
age: 145483
cf-cache-status: HIT
cf-ray: 8c860bff5cc61c38-FRA
expires: Sun, 29 Sep 2024 14:54:46 GMT
cf-polished: origSize=35419
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/javascript
last-modified: Mon, 02 Sep 2024 08:32:29 GMT
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare

GET
H2 200 cookie-scripts.js Show response
cymulate.com/wp-content/themes/cymulate-2022/build/js/ 2 KB
2 KB 31ms
23ms Script
application/javascript 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-content/themes/cymulate-2022/build/js/cookie-scripts.js?ver=21.7.29.10

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5416a43930af0316da99a8b2d52e24d78839b4d4adc1c00a76f1a458ce1b3b30

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=604800, no-transform
cf-bgj: minify
etag: W/"66d5781d-d90"
age: 145483
cf-cache-status: HIT
cf-ray: 8c860bff5cc71c38-FRA
expires: Sun, 29 Sep 2024 14:54:46 GMT
cf-polished: origSize=3472
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/javascript
last-modified: Mon, 02 Sep 2024 08:32:29 GMT
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare

GET
H2 200 ajax.js Show response
cymulate.com/wp-content/themes/cymulate-2022/build/js/ 1 KB
2 KB 33ms
25ms Script
application/javascript 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-content/themes/cymulate-2022/build/js/ajax.js?ver=21.7.29.10

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

65ba8da7b9cd9171a4a4d870eaa8ca0639864e6167fb237113a5c1cb04d45051

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=604800, no-transform
cf-bgj: minify
etag: W/"66d5781d-8bb"
age: 145483
cf-cache-status: HIT
cf-ray: 8c860bff5cca1c38-FRA
expires: Sun, 29 Sep 2024 14:54:46 GMT
cf-polished: origSize=2235
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/javascript
last-modified: Mon, 02 Sep 2024 08:32:29 GMT
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare

GET
H2 200 widget.js Show response
www.gartner.com/reviews/public/Widget/js/ 9 KB
4 KB 232ms
67ms Script
application/javascript 2606:4700:4400::ac40:9923
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gartner.com/reviews/public/Widget/js/widget.js?ver=21.7.29.10
Requested by: Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9923 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 867cdc7355d82d6fb8019a89043be06c9e565f14f2775f849b69cb1e5f4feb2a

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

x-gartner-tracker: f6e075c421f054d2e1409aae73784b2e
content-encoding: br
cf-bgj: minify
etag: W/"2448-191ea9d0a30"
x-gartner-cf-tracker: t13d1516h2_8daaf6152771_02713d6af862
cf-cache-status: HIT
age: 434801
x-gartner-cf-risk-score: 46
server-timing: dtSInfo;desc="0", dtRpid;desc="1115668811"
alt-svc: h3=":443"; ma=86400
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Fri, 13 Sep 2024 09:00:46 GMT
vary: Accept-Encoding
cache-control: public, max-age=0
x-envoy-upstream-service-time: 3
cf-ray: 8c860c006a8ebb59-FRA
access-control-allow-origin: *
x-powered-by: Express
server: cloudflare

GET
H2 200 lazyload.min.js Show response
cymulate.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/ 9 KB
3 KB 27ms
24ms Script
application/javascript 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=604800, no-transform
content-encoding: br
cf-cache-status: HIT
etag: W/"66937319-22bc"
age: 186313
cf-ray: 8c860bff5cd31c38-FRA
expires: Sun, 29 Sep 2024 14:54:46 GMT
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
last-modified: Sun, 14 Jul 2024 06:41:29 GMT

GET
H2 200 4347852.js Show response
js.hs-scripts.com/ 2 KB
1 KB 290ms
146ms Script
application/javascript 2606:4700::6810:8bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/4347852.js

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

871b60c158ea79213b99a528c5509726f32414ff4a650360fbe1c7e5612d4c97

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

access-control-max-age: 3600
x-request-id: 0b6e4a37-7e27-4073-acc2-423ad45167d3
content-encoding: gzip
cf-cache-status: EXPIRED
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 22:01:51 GMT
x-evy-trace-listener: listener_https
date: Tue, 24 Sep 2024 22:00:21 GMT
x-hubspot-correlation-id: 0b6e4a37-7e27-4073-acc2-423ad45167d3
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
last-modified: Tue, 24 Sep 2024 22:00:21 GMT
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-58bbf9c46c-zrwq4
cache-control: public, max-age=90
x-envoy-upstream-service-time: 19
access-control-allow-credentials: true
cf-ray: 8c860c004c6f5d90-FRA
accept-ranges: bytes
access-control-allow-origin: https://cymulate.com
x-evy-trace-route-configuration: listener_https/all
content-length: 672
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 339 KB
112 KB 207ms
65ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C

Requested by

Host: cymulate.com
URL: https://cymulate.com/wp-content/themes/cymulate-2022/build/js/init-gtm.js?v=21.7.29.10

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

86ae22d0c26ba645a1cd337bb1d22e37ebcf52485305e5f42abb73d8f8f016ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-encoding: br
expires: Tue, 24 Sep 2024 22:00:21 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 24 Sep 2024 21:23:46 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 114354
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 a25e10f7-7a3d-4179-8c72-630ea8882180.json Show response
cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/ 5 KB
2 KB 56ms
34ms XHR
application/x-javascript 2606:4700:4400::ac40:97a6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/a25e10f7-7a3d-4179-8c72-630ea8882180.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac874018e8c3559a3e0773044980331f1591b35dfd62d9202536edc1d0a43339

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-md5: jqZ9pRRsQcurOZZaiBZRvQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
cf-cache-status: HIT
etag: 0x8DCD6F452F44A0E
age: 31169
x-ms-lease-status: unlocked
x-ms-version: 2009-09-19
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/x-javascript
last-modified: Tue, 17 Sep 2024 08:40:03 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 22974154-c01e-0071-35dd-08cd97000000
cf-ray: 8c860bfe8b7091d8-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1803
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 7 KB
3 KB 128ms
9ms XHR
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=842471&u=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&vn=2.1&x=true
Requested by: Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra2 /
Resource Hash: ed0d6b6c2ea9e3782bae94dd871b305d55d1889674e886ad66ce6fe1601ae6d3

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cache-control: public, max-age=0, no-cache, must-revalidate
timing-allow-origin: *
content-encoding: gzip
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://cymulate.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: gfra2

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 66 B
312 B 167ms
25ms XHR
application/json 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
accept: application/json
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
access-control-allow-methods: GET, OPTIONS
cf-ray: 8c860bffdec2d3b5-FRA
access-control-allow-origin: *
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: Content-Type

GET
H3 200 icXniUbdyCe6N5Y5gTxW Show response
ws.zoominfo.com/pixel/ 3 KB
2 KB 365ms
222ms Script
text/javascript 2606:4700::6810:752b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/icXniUbdyCe6N5Y5gTxW

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:752b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

5348da78fcded3fa324fef7098f1ad3eb86a9b7b3ac17b0709d2820a8006c8ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

x-robots-tag: noindex, nofollow
content-encoding: gzip
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
x-content-type-options: nosniff
via: 1.1 google
cf-ray: 8c860c004ee29153-FRA
access-control-allow-origin: *
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: text/javascript
vary: Accept-Encoding
x-powered-by: Express
server: cloudflare
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
146 B 118ms
118ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=842471&d=cymulate.com&u=D25BB3FAC8797CA0B62408955057D48E8&h=69395d84efaf5f56e284a48a088b533f&t=false

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv03c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cache-control: public, max-age=43200
x-content-type-options: nosniff
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: image/gif
server: gnv03c

GET
H2 200 otBannerSdk.js Show response
cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/ 452 KB
110 KB 24ms
24ms Script
application/javascript 2606:4700:4400::ac40:97a6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/otBannerSdk.js

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb60550070f9a5ce5d91b9cb0d34ee6777a3dcb25de950cb185d1c2b624b2590

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-md5: btqcTGGxKzfJ1KoWzOA9vQ==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCB1C7D285B359
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 55813
expires: Wed, 25 Sep 2024 22:00:21 GMT
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/javascript
last-modified: Thu, 01 Aug 2024 01:18:16 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 1f6da534-401e-0040-64c6-e32c84000000
cf-ray: 8c860c000dfd8c44-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 112185
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H/1.1 200
OK Capture.aspx Show response
secure.leadforensics.com/Track/ 0
184 B 64ms
63ms Script
text/plain 4.158.108.63
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.leadforensics.com/Track/Capture.aspx?retType=js&trk_jshv=1&trk_uid=&trk_user=102530&trk_sw=1600&trk_sh=1200&trk_ref=&trk_tit=Page%20not%20found%20-%20Cymulate&trk_loc=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&trk_agn=Netscape&trk_agv=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F92.0.4515.131%20Safari%2F537.36&trk_dom=cymulate.com&trk_cookie=NA
Requested by: Host: secure.leadforensics.com
URL: https://secure.leadforensics.com/js/102530.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 4.158.108.63 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

Request-Context: appId=cid-v1:abe8a76f-f1a2-4b2e-9017-0ea36ffb5c20
Content-Length: 0
Date: Tue, 24 Sep 2024 22:00:21 GMT
Connection: keep-alive
Server: Kestrel

GET
H2 200 hero-web.png
cymulate.com/uploaded-files/2023/05/ 9 KB
9 KB 353ms
352ms Image
image/webp 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cymulate.com/uploaded-files/2023/05/hero-web.png

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08844f8bace8a22915a529dd5a531dc293ea6902e4528d676aba8c488d191424

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Response headers

cf-bgj: imgq:100,h2pri
etag: "6486f25f-25e2"
cf-cache-status: HIT
expires: Sat, 21 Dec 2024 15:09:14 GMT
cf-polished: origFmt=png, origSize=9698
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: image/webp
content-disposition: inline; filename="hero-web.webp"
vary: Accept
last-modified: Mon, 12 Jun 2023 10:24:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=7776000, no-transform
cf-ray: 8c860c001d711c38-FRA
accept-ranges: bytes
content-length: 9124
server: cloudflare

GET
H2 200 Poppins-SemiBold.ttf
cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/ 152 KB
152 KB 60ms
58ms Font
application/octet-stream 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/Poppins-SemiBold.ttf

Requested by

Host: cymulate.com
URL: https://cymulate.com/wp-content/themes/cymulate-2022/style.css?ver=21.7.29.10

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf9c1ff640acc8bb5441a9b564360943f9db90969742aa33a36329b2828d2759

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Origin: https://cymulate.com
Referer: https://cymulate.com/wp-content/themes/cymulate-2022/style.css?ver=21.7.29.10

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000
cf-cache-status: HIT
etag: "66d5781c-25e38"
age: 169343
cf-ray: 8c860c002d801c38-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 155192
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/octet-stream
last-modified: Mon, 02 Sep 2024 08:32:28 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 Poppins-Medium.ttf
cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/ 153 KB
153 KB 26ms
25ms Font
application/octet-stream 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/Poppins-Medium.ttf

Requested by

Host: cymulate.com
URL: https://cymulate.com/wp-content/themes/cymulate-2022/style.css?ver=21.7.29.10

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e554db189b5d944ef0e6f98ee0e4e8c75f69e95315dc9f4ae0c616a8756a2ba4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Origin: https://cymulate.com
Referer: https://cymulate.com/wp-content/themes/cymulate-2022/style.css?ver=21.7.29.10

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000
cf-cache-status: HIT
etag: "66d5781c-26340"
age: 169343
cf-ray: 8c860c002d831c38-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 156480
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/octet-stream
last-modified: Mon, 02 Sep 2024 08:32:28 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 Poppins-Light.ttf
cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/ 156 KB
156 KB 36ms
35ms Font
application/octet-stream 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/wp-content/themes/cymulate-2022/build/fonts/Poppins/Poppins-Light.ttf

Requested by

Host: cymulate.com
URL: https://cymulate.com/wp-content/themes/cymulate-2022/style.css?ver=21.7.29.10

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0499eb6bef276af5e98726f6476ad2a09fa0a792e430be776811890b0a9e4b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Origin: https://cymulate.com
Referer: https://cymulate.com/wp-content/themes/cymulate-2022/style.css?ver=21.7.29.10

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000
cf-cache-status: HIT
etag: "66d5781c-27068"
age: 169343
cf-ray: 8c860c002d851c38-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 159848
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/octet-stream
last-modified: Mon, 02 Sep 2024 08:32:28 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 en.json Show response
cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/0191fa94-7fb0-7d21-98ca-44ce2b1483d1/ 95 KB
19 KB 38ms
38ms Fetch
application/x-javascript 2606:4700:4400::ac40:97a6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/consent/a25e10f7-7a3d-4179-8c72-630ea8882180/0191fa94-7fb0-7d21-98ca-44ce2b1483d1/en.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f61e078fa412c05fa2f255e389612f3d89c8a8f7811f8f7b271c3101071d62c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-md5: 58bXmIw87a7RdOzY3zU/VA==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
cf-cache-status: HIT
etag: 0x8DCD6F456991501
age: 29643
x-ms-lease-status: unlocked
x-ms-version: 2009-09-19
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/x-javascript
last-modified: Tue, 17 Sep 2024 08:40:09 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 0dbee09d-901e-006c-61dd-08c02b000000
cf-ray: 8c860c006d6691d8-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19787
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otCenterRounded.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/assets/ 9 KB
3 KB 28ms
21ms Fetch
application/json 2606:4700:4400::ac40:97a6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/assets/otCenterRounded.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

64aff3262c56fa48ad38b8d9d4d674a6ee3759d1ce4cb52c66865e3fc2c16d2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-md5: 8iY1areeqAcFu6fI0Es3zg==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCB1C7CCD4EEB2
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 31899
expires: Wed, 25 Sep 2024 22:00:21 GMT
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/json
last-modified: Thu, 01 Aug 2024 01:18:07 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 92638a1d-b01e-0009-337a-e96e6f000000
cf-ray: 8c860c010df191d8-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2597
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otCookieSettingsButton.json Show response
cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/assets/ 5 KB
2 KB 42ms
36ms Fetch
application/json 2606:4700:4400::ac40:97a6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/assets/otCookieSettingsButton.json

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-md5: O3m9h96R8jrQiO6UBOWOVA==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCB1C7CD85EB83
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 50811
expires: Wed, 25 Sep 2024 22:00:21 GMT
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/json
last-modified: Thu, 01 Aug 2024 01:18:08 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 4375bae1-301e-0028-667a-e94a14000000
cf-ray: 8c860c010df591d8-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1738
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otCommonStyles.css Show response
cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/assets/ 24 KB
4 KB 30ms
24ms Fetch
text/css 2606:4700:4400::ac40:97a6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/assets/otCommonStyles.css

Requested by

Host: cookie-cdn.cookiepro.com
URL: https://cookie-cdn.cookiepro.com/scripttemplates/202407.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c2092048f21074425f3e025db78fb6505f75d6fcf2e121ced055c8d53bcb1b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-md5: HyPJ72TNHxdfOI82cqKVqA==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 50811
content-encoding: br
expires: Wed, 25 Sep 2024 22:00:21 GMT
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: text/css
last-modified: Thu, 01 Aug 2024 01:18:26 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: 206a64ed-a01e-002a-487a-e9f4ac000000
cf-ray: 8c860c010df791d8-FRA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 / Show response
api.ipify.org/ 22 B
155 B 143ms
100ms XHR
application/json 172.67.74.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: cymulate.com
URL: https://cymulate.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.74.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0976ab1e4064ab2f67b70c83e539857c82878677f1afba565b183a907753f770

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://cymulate.com/

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8c860c01e9d79f84-AMS
access-control-allow-origin: *
content-length: 22
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: application/json
vary: Origin
server: cloudflare

GET
H2 200 aaad0ee9207ef896.min.js Show response
tag.demandbase.com/ 62 KB
18 KB 77ms
43ms Script
application/javascript 18.245.46.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.demandbase.com/aaad0ee9207ef896.min.js

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.46.89 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-46-89.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

7e03cc11c3e27f7ce207ffb50d7b35599e444e2f9b41e053ccb8125adf54a98b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-encoding: gzip
x-amz-version-id: azmvx3nKuWtm6R0pk7hN0lzi7IXw0kdA
etag: W/"16220646e0a676b651eccf90b9a035c4"
age: 2312
x-cache: Hit from cloudfront
x-amz-cf-id: YSmqBriYRYqa0M1P78jdZB8mqiJzBUQZ0tmoAY-iyqdbXatk19oHGw==
date: Tue, 24 Sep 2024 21:25:50 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
last-modified: Tue, 27 Aug 2024 19:16:46 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: public, max-age=3600
via: 1.1 4f3281e2362f23bf5efc65311d3defb0.cloudfront.net (CloudFront)
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
x-amz-cf-pop: FRA56-P9
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 accessibility.js Show response
cdn.equalweb.com/core/4.0.4/ 39 KB
17 KB 54ms
19ms Script
application/javascript 2606:4700:20::681a:c5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/core/4.0.4/accessibility.js

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37b3e225df47f607cf27aa8c41d2fe74226c145a64d50876c3bb66e869cef5ba

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Origin: https://cymulate.com
Referer: https://cymulate.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "d05cbf1f61a9d71:0"
age: 141032
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qb9K2uDeb4mWRLhz0FqJPpJxSZRimcW%2FsC%2FJsbXsWXN2TAbNSGjzEwPLNXA7eDE9o7uMWS5Vs8zzV1KsdpltyDOt5Y9CkDG%2BPwobGV9sL6KAikG3UgxVRujIuZv1pB5fdvkudPqADZOmmDtzIGw%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
x-content-type-options: nosniff
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: application/javascript
last-modified: Tue, 14 Sep 2021 12:07:44 GMT
vary: Accept-Encoding
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' ;
cache-control: public, max-age=2204800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-client-country: DE
access-control-allow-credentials: true
cf-ray: 8c860c01df51911e-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 16950
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 1a2171aa-2899-441d-a469-6346d2328c53.js Show response
j.6sc.co/j/ 5 KB
2 KB 481ms
404ms Script
application/javascript 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/1a2171aa-2899-441d-a469-6346d2328c53.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-210.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 33839a2117cff2df1589678eecc3cb5227f0ca219e67159d9979c57763495200

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-encoding: gzip
etag: "2018ff98586f2906d1dd0f415052d5fc"
x-amz-version-id: .o033J7.gKsjVBJ4chcHFlRsjl5Ehm7W
expires: Tue, 24 Sep 2024 22:30:22 GMT
x-amz-cf-id: PZKOuDENEuCjCKjdjKgjfRlpz0-kwZK5nEg2wtvLhA6MHbgdgg4LQg==
date: Tue, 24 Sep 2024 22:00:22 GMT
last-modified: Thu, 08 Aug 2024 14:35:16 GMT
vary: Accept-Encoding
content-type: application/javascript
x-amz-meta-content-type: application/json
cache-control: private, max-age=1800
accept-ranges: bytes
content-length: 1511
x-amz-cf-pop: FRA60-P8
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 277 KB
95 KB 30ms
30ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-859674832&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

67e14e0d63228f1a4c3932faebca4effb4035467593a152a573557de67e57fa0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-encoding: br
expires: Tue, 24 Sep 2024 22:00:22 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 24 Sep 2024 21:23:46 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 96972
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 106ms
13ms Script
application/javascript 2a02:26f0:3500:10::210:a99
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:10::210:a99 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cache-control: max-age=66529
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14628
date: Tue, 24 Sep 2024 22:00:22 GMT
last-modified: Thu, 22 Aug 2024 10:43:55 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 57ms
10ms Script
application/javascript 199.232.188.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.188.157 Munich, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

vary: Accept-Encoding,Host
cache-control: no-cache
content-encoding: gzip
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
accept-ranges: bytes
x-cache: HIT, HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 15412
date: Tue, 24 Sep 2024 22:00:22 GMT
x-tw-cdn: FT
last-modified: Fri, 22 Mar 2024 21:07:24 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-iad-kiad7000168-IAD, cache-fra-eddf8230074-FRA
x-amz-server-side-encryption: AES256

GET qevents.js
a.quora.com/ 0
0

GET
H/1.1 200
OK obtp.js Show response
amplify.outbrain.com/cp/ 28 KB
9 KB 106ms
16ms Script
application/x-javascript 23.35.237.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://amplify.outbrain.com/cp/obtp.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-86.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 478969b90650f491604fb1fb981d25f2350a42df053712227aafa86725538fc1

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

Cache-Control: max-age=1200
Content-Encoding: gzip
ETag: "484f007d650a3fc9fe7590700b8bf590:1721634587.188058"
Connection: keep-alive
Expires: Tue, 24 Sep 2024 22:20:22 GMT
Accept-Ranges: bytes
X-CC: DE
Content-Length: 8617
X-RG: EU
Date: Tue, 24 Sep 2024 22:00:22 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 22 Jul 2024 07:46:01 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding

GET
H2 200 oktrk.js Show response
static.oktopost.com/ 9 KB
4 KB 99ms
9ms Script
application/javascript 18.244.18.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.oktopost.com/oktrk.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.244.18.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-244-18-7.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 09016600a13dd4825b72516765a8da53d1ab896f7582c4619d014e8ee147ea84

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-encoding: gzip
etag: W/"57315c24d6fec75c4d46a8cc3fa6e0d5"
age: 64935
via: 1.1 d025091c574ce1bcf1fefea59ac34f2c.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: -_xAuNl6RazyyHx01Oi5rjHAGjXJE4E7bQyLWZT205LjIXCcxeV3qA==
date: Tue, 24 Sep 2024 03:58:10 GMT
content-type: application/javascript
last-modified: Mon, 27 Jan 2020 09:47:41 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P11
vary: Accept-Encoding

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 225 KB
58 KB 52ms
12ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
edge-control: cache-maxage=10m
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=7, rtx=0, c=23, mss=1232, tbw=4513, tp=10, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: CH9Muxl5oNe13iVJDcAK4U8+FjsP+Ks9h7p6e1XSYrRE5V+ZyB1S9TxsnValBfvqzNyipTW+q+39GQITZJuqhQ==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 58953
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 277 KB
95 KB 33ms
30ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-859674832

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fedffeb734b7e962d43d6b92c2e1aa820979f28a74c2028c7af9ca3800c1fee1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-encoding: br
expires: Tue, 24 Sep 2024 22:00:22 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 24 Sep 2024 21:23:46 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 97137
x-xss-protection: 0
server: Google Tag Manager

GET
H2

200

/ Show response
a.clickcertain.com/px/
Redirect Chain

https://a.remarketstats.com/px/smart/?c=24335bac5f4f324&seg=threats/diavol-a-new-ransomware-used-by-wizard-spider-2
https://a.clickcertain.com/px/smart/a/?c=24335bac5f4f324&seg=threats/diavol-a-new-ransomware-used-by-wizard-spider-2
https://a.clickcertain.com/px/?c=24335bac5f4f324&rid=03cdb730-c8e4-4f7d-8a64-96ae72384e85

5 KB
2 KB

50ms
49ms

Script
text/javascript

2606:4700:20::681a:932
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.clickcertain.com/px/?c=24335bac5f4f324&rid=03cdb730-c8e4-4f7d-8a64-96ae72384e85
Requested by: Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/
Protocol: H2
Server: 2606:4700:20::681a:932 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d8b1d33f669af7a09c867381cfc0c10f930291b1af1e3c3b4689f1a9ae23bbe

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

x-frontend: cc-nginx-8674cc857-5qsnd:cc-nginx-8674cc857-5qsnd
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D0oNRdFV34Gu0L%2FIttJHWK2bhYY9CfmisEaD4x0fiLVAO8vpER59U0hwfqkX29Vn4kGgxteLOGAwf4bFQOboMzV056eTCvU9199vWFDxrEZkaXq2uDOdfLpviAEkrKqNHDLwWyQV7o5KKSZV6E3HJw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c860c044b3ed40e-FRA
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: text/javascript
server: cloudflare
x-requestid: 03b9b9c5-8fbb-4486-a6f5-2f1ae262775f

Redirect headers

x-frontend: cc-nginx-8674cc857-h4wwj:cc-nginx-8674cc857-h4wwj
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
location: https://a.clickcertain.com/px/?c=24335bac5f4f324&rid=03cdb730-c8e4-4f7d-8a64-96ae72384e85
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PKnT2HRaqskjAxGa7UBcsT9xYMDO1icx6vgNgl%2FzkqYmzt6%2BF%2BS6mJXW7bQvOTHBNPl%2FaM6OWkG4rQdcTqyqLduQQHB9N1u9%2Bl%2FXdBmjw4xzR2pXfi3xv7Q%2F9RBO4peUxDycqYSdDNZW6gn0nk8jEg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c860c0399b3d40e-FRA
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: text/javascript
server: cloudflare
x-requestid: 03cdb730-c8e4-4f7d-8a64-96ae72384e85

GET
H2 200 pixel
q.quora.com/_/ad/87ac9c2e891247c0aa664111139e6d1f/ 43 B
322 B 187ms
108ms Image
image/gif 162.159.152.17
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q.quora.com/_/ad/87ac9c2e891247c0aa664111139e6d1f/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.152.17 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-q-stat: ,ba448b753a46c07b9dbd08f3555fc954,10.0.0.48,33256,45.141.152.76,,414776657214,1,1727215222.236,0.003,,.,0,0,0.000,0.004,-,0,0,203,276,138,10,26847,,,,,,-,
cf-ray: 8c860c02abdbd29c-FRA
content-length: 43
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: image/gif
server: cloudflare

GET
H2 200 ct Show response
obseu.roundprinceforest.com/ 4 KB
1 KB 191ms
50ms Script
text/javascript 2a05:d018:56f:b800:f42c:e894:1fb0:3740
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://obseu.roundprinceforest.com/ct?id=74789&url=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1727215222179&hl=2&op=0&ag=2114406735&rand=2306285909091170190195869250921203770649011068746915152502719481921951558129750072258&fs=1600x1200&fst=1600x1200&np=linux%20x86_64&nv=google%20inc.&ref=&ss=1600x1200&nc=0&at=&di=W1siZWYiLDc1MDVdLFsiYWJuY2giLDI1XSxbMTIsIntcImN0eFwiOlwid2ViZ2xcIixcInZcIjpcImludGVsIGluYy5cIixcInJcIjpcImludGVsIGlyaXMgb3BlbmdsIGVuZ2luZVwiLFwic2x2XCI6XCJ3ZWJnbCBnbHNsIGVzIDEuMCAob3BlbmdsIGVzIGdsc2wgZXMgMS4wIGNocm9taXVtKVwiLFwiZ3ZlclwiOlwid2ViZ2wgMS4wIChvcGVuZ2wgZXMgMi4wIGNocm9taXVtKVwiLFwiZ3ZlblwiOlwid2Via2l0XCIsXCJiZW5cIjo2LFwid2dsXCI6MSxcImdyZW5cIjpcIndlYmtpdCB3ZWJnbFwiLFwic2VmXCI6MTkzMDgyMDI3OSxcInNlY1wiOlwiXCJ9Il0sWy0yMCwiLSJdLFstMjcsIlswLDEwLDAsXCI0Z1wiLG51bGxdIl0sWy01OCwiLSJdLFstMjQsIltdIl0sWy0zOSwiW1wiMjAwMzAxMDdcIiwyLFwiR2Vja29cIixcIk5ldHNjYXBlXCIsXCJNb3ppbGxhXCIsbnVsbCxudWxsLHRydWUsOCxmYWxzZSxudWxsLDUsdHJ1ZSx0cnVlLG51bGwsMCx0cnVlLHRydWVdIl0sWy01NiwibGFuZHNjYXBlLXByaW1hcnkiXSxbLTYwLDE5OV0sWy03MCwiLSJdLFstMywiW1wiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiXSJdLFstMTYsIjAiXSxbLTE4LCJbMCwwLDAsMV0iXSxbLTMzLCItIl0sWy01MiwiLSJdLFstNTQsIntcImhcIjpbXCJfM1wiLFwiMzI5OTkxMzY5XCJdLFwiZFwiOltdLFwiYlwiOltcIl8xXCIsXCIyNzgzMTA0OTQxXCJdLFwic1wiOjF9Il0sWy0yMiwiW1wiblwiLFwiblwiXSJdLFstMjgsImVuLVVTLGVuIl0sWy0zMSwiZmFsc2UiXSxbLTQ4LCIwLDAiXSxbLTQ5LCItIl0sWy02NCwiWzAsXCJcIixbXV0iXSxbLTEyLCJudWxsIl0sWy0zMCwiW1widlwiLDBdIl0sWy00NCwiMCwwLDAsNSJdLFstNTUsIjEiXSxbLTYzLCItIl0sWy0xLCItIl0sWy05LCIrIl0sWy0xMCwiLSJdLFstMzQsIi0iXSxbLTM1LCJbMTcyNzIxNTIyMjAzNSwtMl0iXSxbLTQyLCIxNzI0Mjk3NjUzIl0sWy00NiwiMCJdLFstNjgsIi0iXSxbLTcsIi0iXSxbLTE3LCIxMiJdLFstMjEsIi0iXSxbLTM2LCJbXCI0LzNcIixcIjQvM1wiXSJdLFstNDEsIi0iXSxbLTYsIntcIndcIjpbXCIxXCJdLFwiblwiOltdLFwiZFwiOltdfSJdLFstMTUsIi0iXSxbLTE5LCJbMTE3MCwxNTcwLDExNzAsMTU3MCwwLDAsMSwyNCwyNCxcIi1cIiwxNjAwLDEyMDAsMTYwMCwxMjAwLDE2MDAsMTI4NSwxNjAwLDEyMDAsMCwwLDAsMCxcIi1cIixcIi1cIiwxNjAwLDEyMDBdIl0sWy0yMywiKyJdLFstMjksIi0iXSxbLTcxLCJhMDExMDAxMDEwMDEwMDEwMTAwMDEwMTAwMTExMTEwMTAwMDAxMCJdLFszNywiWzMzMTYyMjQwNDksZnVuY3Rpb24obmV3VmFsdWUpIHtcbiAgICAgICAgICAgICAgYWRkQ29udGVudFdpbmRvd1Byb3h5KHRoaXMpXG4gICAgICAgICAgICAgIC8vIFJlc2V0IHByb3BlcnR5LCB0aGUgaG9vayBpcyBvbmx5IG5lZWRlZCBvbmNlXG4gICAgICAgICAgICAgIE9iamVjdC5kZWZpbmVQcm9wZXJ0eShpZnJhbWUsICdzcmNkb2MnLCB7XG4gICAgICAgICAgICAgICAgY29uZmlndXJhYmxlOiBmYWxzZSxcbiAgICAgICAgICAgICAgICB3cml0YWJsZTogZmFsc2UsXG4gICAgICAgICAgICAgICAgdmFsdWU6IF9zcmNkb2NcbiAgICAgICAgICAgICAgfSlcbiAgICAgICAgICAgICAgX2lmcmFtZS5zcmNkb2MgPSBuZXdWYWx1ZVxuICAgICAgICAgICAgfV0iXSxbLTIsIjksZUFIV1gxL2YzcXpDdmJrdXltUXdnbElhRjNwSXNnSUlqU1ErOGlLZ3FJMG9zSUFpcEZFRVFSSWtVZ2RFUVFwVW9KU0F0Q0FxU0g5R3l5N1pXWitlci9kK2U5MmJ3c0NTRC8xZSJdLFstNCwiLSJdLFstOCwiLSJdLFstMTEsIntcInRcIjpcIlwiLFwibVwiOltcIm9nOnRpdGxlXCJdfSJdLFstMTMsIi0iXSxbLTM3LCItMTQ0LTY2LTE4MC0iXSxbLTM4LCJsLC0xLC0xLDAsMCwxLDAsMTAsMzAsODY0LC0xLDAsMTIzMy41LDE0MzMuMSwxNjA4LDE2MDgiXSxbLTQwLCIzMyJdLFstNDUsIjYyMCw2NzcsMCwwLDAsNTYyLDAsMCw2NDgsMCwwLDAsMCwwLDAsMCwwLDAsMCw2ODQsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXSxbLTUwLCItIl0sWy01MSwiLSJdLFstNTMsIjEwMCJdLFstNTcsIldFMFpWMXhPY1ZoWFhWVmNTeGNGV2xaVVNVeE5YRjBIR1dKWVNobFlTVWxWUUdRWkVWeFBXRlVaV0UwWkJWaFhWbGRBVkZaTVNnY1pFUU1PQXdnTUNRb0pBUkFWR1FWWVYxWlhRRlJXVEVvSEF3Z0JBd29KRUJWWVRSbDRTMHRZUUJkS1hCa1JVVTFOU1VvREZoWmNURlpiRjB0V1RGZGRTVXRRVjFwY1gxWkxYRXBORjFwV1ZCWktRVWtXVUJZUEFRcGJYd2dMQ1ZzTldBOVlEd3NLRFZnTVgxOWZDZzBMRFE0SkRsOE5YQmRUU2dNSUF3OEJDQThJRUJWWVRSbExHUkZSVFUxSlNnTVdGbHhNVmxzWFMxWk1WMTFKUzFCWFdseGZWa3RjU2swWFdsWlVGa3BCU1JaUUZnOEJDbHRmQ0FzSld3MVlEMWdQQ3dvTldBeGZYdz09Il0sWy01OSwiZGVmYXVsdCJdLFstNjEsIntcIndnc2xcIjpcIjQ7cGFja2VkXzR4OF9pbnRlZ2VyX2RvdF9wcm9kdWN0O3VucmVzdHJpY3RlZF9wb2ludGVyX3BhcmFtZXRlcnM7cG9pbnRlcl9jb21wb3NpdGVfYWNjZXNzO3JlYWRvbmx5X2FuZF9yZWFkd3JpdGVfc3RvcmFnZV90ZXh0dXJlcztcIixcInBjZlwiOlwiYmdyYTh1bm9ybVwifSJdLFstNjIsIjgwIl0sWy02NSwiLSJdLFstNjksIkxpbnV4IHg4Nl82NHxHb29nbGUgSW5jLnw4fDEyfHwwIl0sWy0yNSwiLSJdLFstNDcsIkV1cm9wZS9CZXJsaW4sZGUsbGF0bixncmVnb3J5Il0sWy02NiwiZ2VvbG9jYXRpb24sY2h1YWZ1bGx2ZXJzaW9ubGlzdCxjcm9zc29yaWdpbmlzb2xhdGVkLHNjcmVlbndha2Vsb2NrLHB1YmxpY2tleWNyZWRlbnRpYWxzZ2V0LHNoYXJlZHN0b3JhZ2VzZWxlY3R1cmwsY2h1YWFyY2gsY29tcHV0ZXByZXNzdXJlLGNocHJlZmVyc3JlZHVjZWR0cmFuc3BhcmVuY3ksdXNiLGNoc2F2ZWRhdGEscHVibGlja2V5Y3JlZGVudGlhbHNjcmVhdGUsc2hhcmVkc3RvcmFnZSxydW5hZGF1Y3Rpb24sY2h1YWZvcm1mYWN0b3JzLGNoZG93bmxpbmssb3RwY3JlZGVudGlhbHMscGF5bWVudCxjaHVhLGNodWFtb2RlbCxjaGVjdCxhdXRvcGxheSxjYW1lcmEscHJpdmF0ZXN0YXRldG9rZW5pc3N1YW5jZSxhY2NlbGVyb21ldGVyLGNodWFwbGF0Zm9ybXZlcnNpb24saWRsZWRldGVjdGlvbixwcml2YXRlYWdncmVnYXRpb24saW50ZXJlc3Rjb2hvcnQsY2h2aWV3cG9ydGhlaWdodCxsb2NhbGZvbnRzLGNodWFwbGF0Zm9ybSxtaWRpLGNodWFmdWxsdmVyc2lvbix4cnNwYXRpYWx0cmFja2luZyxjbGlwYm9hcmRyZWFkLGdhbWVwYWQsZGlzcGxheWNhcHR1cmUsa2V5Ym9hcmRtYXAsam9pbmFkaW50ZXJlc3Rncm91cCxjaHdpZHRoLGNocHJlZmVyc3JlZHVjZWRtb3Rpb24sYnJvd3Npbmd0b3BpY3MsZW5jcnlwdGVkbWVkaWEsZ3lyb3Njb3BlLHNlcmlhbCxjaHJ0dCxjaHVhbW9iaWxlLHdpbmRvd21hbmFnZW1lbnQsdW5sb2FkLGNoZHByLGNocHJlZmVyc2NvbG9yc2NoZW1lLGNodWF3b3c2NCxhdHRyaWJ1dGlvbnJlcG9ydGluZyxmdWxsc2NyZWVuLGlkZW50aXR5Y3JlZGVudGlhbHNnZXQscHJpdmF0ZXN0YXRldG9rZW5yZWRlbXB0aW9uLGhpZCxjaHVhYml0bmVzcyxzdG9yYWdlYWNjZXNzLHN5bmN4aHIsY2hkZXZpY2VtZW1vcnksY2h2aWV3cG9ydHdpZHRoLHBpY3R1cmVpbnBpY3R1cmUsbWFnbmV0b21ldGVyLGNsaXBib2FyZHdyaXRlLG1pY3JvcGhvbmUiXSxbLTY3LCIyNTMyMzEyODg4OjMyIl0sWyJibmNoIiwyMzldLFstNSwiLSJdLFstMTQsIi0iXSxbLTI2LCJ7XCJ0amhzXCI6MTk4NjEwMzEsXCJ1amhzXCI6MTY1MTUxNDMsXCJqaHNsXCI6NDI5NDcwNTE1Mn0iXSxbLTMyLCItIl0sWy00MywiMDAwMDAwMDEwMTAwMDAwMTAwMTExMDExMDAxMDExMDEwMDAwMDEwIl0sWyJkZGIiLCIwLDksMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDgsMCwwLDAsMCwwLDAsMCwwLDAsMSwxLDAsMCwwLDAsMCwxLDIsMTYsMCw5LDAsMSwwLDAsMCwwLDEsMCwwLDEsNCwwLDcsMCwwLDAsMCwwLDEsMzIsMCwwLDAsMCJdLFsiY2IiLCIwLDAsMCwwLDEsMCwwLDAsMSw0LDAsMCw4LDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMTUsMCwwLDAsMCwwLDEsMCwxLDAsMSJdXQ%3D%3D&dep=0&pre=0&sdd=%7B%7D&cri=z46xiyNCRy&pto=1739&ver=62&gac=-&mei=&ap=&fe=1&duid=1.1727215222.JSrHzoyZix2KpwTX&suid=1.1727215222.XiZpcOVFisLOlf8d&tuid=1.1727215222.Etennc0mcZGG6HQk&fbc=-&gtm=WyJPbmVUcnVzdExvYWRlZCIsIk9wdGFub25Mb2FkZWQiLCJPbmVUcnVzdEdyb3Vwc1VwZGF0ZWQiXQ%3D%3D&it=64%2C929%2C505&fbcl=-&gacl=-&gacsd=-&rtic=-&bgc=-&spa=1&urid=0&ab=&sck=-&io=aGA2Og%3D%3D
Requested by: Host: euob.roundprinceforest.com
URL: https://euob.roundprinceforest.com/sxp/i/683bf120b4a6a6234a5fff3424707f4e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a05:d018:56f:b800:f42c:e894:1fb0:3740 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 509f02b21feb754ec8bebbb0b0d0d9ffddb9db8d616ae8ab3e06bdbf3d39ac7c

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: https://cymulate.com
content-encoding: gzip
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
content-length: 1184
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: text/javascript

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 551 KB
92 KB 136ms
20ms Script
application/javascript 2606:4700::6812:8c11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/4347852.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8c11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1233a49c4ecec12fed969bc83cd6ba59d8b2b88bef31988d9384f7e54c42e20

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Origin: https://cymulate.com
Referer: https://cymulate.com/

Response headers

x-request-id: e5ba25a8-5a09-449b-90dc-08915a9213f0
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: WgPQEOT.QDI5zKnRYhaKsuHqDz44RIEz
etag: W/"7d65c542c3a53442feef1a0f44071183"
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
age: 36116
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: C1NW2PUVM1YL4FLB3iUOyEp4C7WfjNh8FKdVtCWu5iBuhJj-4Kj43Q==
x-hubspot-correlation-id: e5ba25a8-5a09-449b-90dc-08915a9213f0
content-type: application/javascript; charset=utf-8
last-modified: Thu, 12 Sep 2024 08:49:54 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=86400, max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-5f4dcb8bc8-k9nfk
x-envoy-upstream-service-time: 4
x-hs-target-asset: lead-flows-js/static-1.1627/bundle/main/lead-flows-release.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
x-hs-cache-status: MISS
date: Tue, 24 Sep 2024 22:00:22 GMT
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1627/bundle/main/lead-flows-release.js&cfRay=8c1ea9e90fe562c6-ARN
via: 1.1 9dc566ff42777d2cad8483451738f334.cloudfront.net (CloudFront)
cf-ray: 8c860c039bc29043-FRA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 4347852.js Show response
js.hs-banner.com/ 65 KB
19 KB 427ms
325ms Script
text/javascript 2606:4700:4400::ac40:9310
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/4347852.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/4347852.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9310 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f790dbbcf9f8ae42200fc5ebcbe945aae0a49709ab702f01b80439cb577d7860

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

x-evy-trace-virtual-host: all
access-control-max-age: 604800
x-request-id: 57de13e6-476b-49af-bf93-19a0a4ee6ded
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding: gzip
cf-cache-status: REVALIDATED
etag: W/"810e9cc7361c9d897628e9a486cbb8c9"
x-amz-version-id: ojgBMBedjmcJmNCAyoRr1hPmxr5rDq1r
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires: Tue, 24 Sep 2024 22:05:22 GMT
x-evy-trace-listener: listener_https
date: Tue, 24 Sep 2024 22:00:22 GMT
x-hubspot-correlation-id: 57de13e6-476b-49af-bf93-19a0a4ee6ded
content-type: text/javascript; charset=UTF-8
last-modified: Fri, 17 May 2024 10:12:55 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 3JTLkMES8goFwM+TAQ85/UoIZHHhwh9VcK+myIltzA5cfdQKkHbgQcALmbEPQl8qdobVmgb+Pao=
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
timing-allow-origin: *
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6895b58fd6-wgwsj
x-envoy-upstream-service-time: 57
access-control-allow-credentials: true
x-amz-request-id: PQ53N3DPQTAKP57T
cf-ray: 8c860c038c1f9ba6-FRA
access-control-allow-origin: https://cymulate.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 83 KB
24 KB 240ms
125ms Script
application/javascript 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/4347852.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

059b77025c02623999e7524b737287072bd2dbb42c1652f70a4020338b1e5f21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Origin: https://cymulate.com
Referer: https://cymulate.com/

Response headers

x-request-id: 1894bcfd-3f4c-4afa-85be-fe858b207bab
content-encoding: gzip
cf-cache-status: EXPIRED
etag: W/"edf91c1320ba2916398ed791b63187bc"
x-amz-version-id: 7DwgQA9YoOwDB6Raj9_RIwKNzf1Sd5R0
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XYSUe%2BRtQACgr9NhQ%2FH6Q2cBCr4m9zDEkKx5vc7%2Fmgc2%2BvG0woWlhazBs8yj%2Fg9Qo7YukgVR8L72J39VmNMzg73Abubzo59mM1xj696SiJGY0bs0Tr3SNodtsAAXFYQPf0uoq6WKRH8UJoOI"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 72AnVSTSewIo62h8nluAUly2Cj-3wWfZTx_1nuyh9gvFU9eW7k1r2g==
x-hubspot-correlation-id: 1894bcfd-3f4c-4afa-85be-fe858b207bab
content-type: application/javascript; charset=utf-8
last-modified: Wed, 28 Aug 2024 20:01:26 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-6c6dd6864-6zt2g
x-envoy-upstream-service-time: 1
x-hs-target-asset: web-interactives-embed/static-2.1426/bundles/project.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Tue, 24 Sep 2024 22:00:22 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1426/bundles/project.js&cfRay=8c860c039b559a21-FRA
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
cf-ray: 8c860c039b559a21-FRA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 136ms
21ms Script
application/javascript 2606:4700::6811:80ac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/4347852.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:80ac , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22138da3b4d85ca7e2b14c1d8d7e630bfb743281130599ddbe4764f13c890018

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

x-evy-trace-virtual-host: all
x-request-id: 1c0427de-a6f2-4e19-8c3b-c2143cfb2deb
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: UlK8UnvpfOou8qcgH7kaQRD.px6yj756
etag: W/"ae44e2078e9bf20ae243aa627a1ecc86"
age: 416
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: HIT
x-amz-cf-id: N6FkjrGOpMrkDZ7VL4oyhEY6FRzc8LxHlRdy7oFLmD80Ms4RdJdR1A==
date: Tue, 24 Sep 2024 22:00:22 GMT
x-hubspot-correlation-id: 1c0427de-a6f2-4e19-8c3b-c2143cfb2deb
content-type: application/javascript; charset=utf-8
last-modified: Tue, 24 Sep 2024 14:22:33 UTC
vary: Accept-Encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-6c6dd6864-9gcw2
x-envoy-upstream-service-time: 0
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.597/bundles/pixels-release.js&cfRay=8c8601db2e42a022-FRA
via: 1.1 3c43e000c50d5633eb558057710f3c54.cloudfront.net (CloudFront)
cf-ray: 8c860c039cd14dba-FRA
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: adsscriptloaderstatic/static-1.597/bundles/pixels-release.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 4347852.js Show response
js.hs-analytics.net/analytics/1727215200000/ 69 KB
25 KB 279ms
164ms Script
text/javascript 2606:4700::6810:a0a8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1727215200000/4347852.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/4347852.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:a0a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 47017f9a1836a40ec5064128b8445aef04c30e04f06ff30971f0a3e3e8a524eb

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

x-amz-server-side-encryption: AES256
x-request-id: 927dd5f5-1887-4cd4-8a37-fcfe854b3541
content-encoding: gzip
cf-cache-status: MISS
etag: W/"88f672965537801c5a7a3a38a11c5e56"
x-amz-version-id: null
expires: Tue, 24 Sep 2024 22:05:22 GMT
x-evy-trace-listener: listener_https
date: Tue, 24 Sep 2024 22:00:22 GMT
x-hubspot-correlation-id: 927dd5f5-1887-4cd4-8a37-fcfe854b3541
content-type: text/javascript
last-modified: Tue, 24 Sep 2024 15:17:33 GMT
vary: origin, Accept-Encoding
x-amz-id-2: h5nFKw02k8tBQlTlV3Ke9r++gqK66ut6dZzgAWoLmgH7MpVpMbHxjUGRcJ2n8ffozWVEVsfdObB+N7OtsXnlCVZJCdV7Tu3XETgN45+QjX0=
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-75d7846cb8-cc4q5
x-envoy-upstream-service-time: 50
access-control-allow-credentials: false
x-amz-request-id: NKT7J0B8ABSBARNS
cf-ray: 8c860c039e0d904f-FRA
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

POST
H2 404 / Show response
cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/ 64 KB
16 KB 1098ms
1097ms XHR
text/html 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Requested by

Host: cymulate.com
URL: https://cymulate.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7f19b98c8d8c08bc3a834fd7ad893849e9ae5e3b2395f310fa48ccc19ce7027a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://cymulate.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
link: <https://cymulate.com/wp-json/>; rel="https://api.w.org/"
cache-control: no-cache, must-revalidate, max-age=0
content-encoding: br
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
referrer-policy: origin
cf-ray: 8c860c02fffe1c38-FRA
expires: Wed, 11 Jan 1984 05:00:00 GMT
date: Tue, 24 Sep 2024 22:00:23 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

GET
H2 200 lp.js Show response
metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/ 6 KB
2 KB 123ms
21ms Script
application/x-javascript 2606:4700:4400::ac40:911d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/lp.js

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:911d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10261b710e399a8cee22c8ff4118167d91ac58254f5bf0291036d2219dd5cf25

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

x-envoy-upstream-healthchecked-cluster
content-encoding: gzip
cf-cache-status: HIT
etag: W/"9a8767fa98da937fb02cdbbc52a101bb"
age: 540856
date: Tue, 24 Sep 2024 22:00:22 GMT
x-rgw-object-type: Normal
content-type: application/x-javascript
last-modified: Thu, 22 Sep 2022 17:10:43 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
x-do-cdn-uuid: 80b6018b-293e-4962-9bc8-48075e637d03
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: max-age=604800
x-amz-request-id: tx0000017fcbf6bc503f379-0065ef2edd-54a620eb-sfo2a
cf-ray: 8c860c039d16690d-FRA
server: cloudflare

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
0 0ms
0ms Script
application/javascript 2a02:26f0:3500:10::210:a99
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:10::210:a99 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cache-control: max-age=66529
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14628
date: Tue, 24 Sep 2024 22:00:22 GMT
last-modified: Thu, 22 Aug 2024 10:43:55 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H2 200 ot_close.svg
cookie-cdn.cookiepro.com/logos/static/ 651 B
626 B 23ms
22ms Image
image/svg+xml 2606:4700:4400::ac40:97a6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cookie-cdn.cookiepro.com/logos/static/ot_close.svg

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:97a6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-md5: pcXWFGpuVeSg/jVnYCseRg==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 23037
content-encoding: br
expires: Wed, 25 Sep 2024 22:00:22 GMT
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: image/svg+xml
last-modified: Mon, 16 Sep 2024 22:26:40 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
x-ms-request-id: a7016f35-c01e-005e-674c-09c05c000000
cf-ray: 8c860c0319948c44-FRA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 style.css Show response
cdn.equalweb.com/style/ 20 KB
4 KB 26ms
25ms Fetch
text/css 2606:4700:20::681a:c5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/style.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.0.4/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

afaed7c81302d1a08eef38549fc320ba36f714e366cbfe9ed1a492b98fc51790

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "0777f846fcda1:0"
age: 2025126
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kTYto0YTmlEHAOH7P%2BhuNYzXHa0QskYMMkUe7N4p3T%2BsQjXFyi3723lvushE1fU4hW8KW8c7XFFfwNq1a0CDei%2B%2BPvqpPWwdi%2FD8jL8l3TC7iLMg0ZfEcPPBGvpE54vXuk1%2FxC4urHOJd0aDSpY%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
x-content-type-options: nosniff
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: text/css
last-modified: Sun, 01 Sep 2024 08:14:30 GMT
vary: Accept-Encoding
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' ;
cache-control: public, max-age=2204800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-client-country: DE
access-control-allow-credentials: true
cf-ray: 8c860c033843911e-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 4154
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 btncolor.css Show response
cdn.equalweb.com/style/ 105 B
549 B 25ms
25ms Fetch
text/css 2606:4700:20::681a:c5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/btncolor.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.0.4/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46b6596e9fdedae08a61fed7b7512700c383b8eb822239d6691fa49e1eb372de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "3f26cd3dfbc1d41:0"
age: 295141
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HvCI5VcpZyNwWBqDASSa7lt4bVINpknUy6KXt%2BAPnHKPi4dSIX1kGnhmvpA5CAABqeWDIn1A0QZ8nDwGl%2Fk0RFBNhZ8szS4XLo%2FVhA86ZhGK6caRhMEi6h7n888OERjVySoLb3re6z0GDP3fkPU%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
x-content-type-options: nosniff
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: text/css
last-modified: Mon, 11 Feb 2019 11:16:31 GMT
vary: Accept-Encoding
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' ;
cache-control: public, max-age=2204800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-client-country: DE
access-control-allow-credentials: true
cf-ray: 8c860c033847911e-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 201
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 en.json Show response
cdn.equalweb.com/assets/locale/ 810 B
722 B 84ms
83ms Fetch
application/json 2606:4700:20::681a:c5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/assets/locale/en.json

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.0.4/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a59881aae83948c79aad351b6c2b206f08360449c9a47e725f4523b57c5d5e4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"f45920b9fc61d71:0"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u7p47rI2aeuFu23mp0zl4OhRxzadU%2BBiZxdcfe3weLxRDkj6KOWW3jhntj%2FDt4dGXKMi9m92OVi73lw1rz0Zk65OyFGNZqo3roMFOOugjXmrRCqxDkbsQno%2BWiBBU12w6Wucb%2FQYQkW7A9O50Is%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
x-content-type-options: nosniff
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: application/json
last-modified: Tue, 15 Jun 2021 15:40:09 GMT
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' ;
cache-control: public, max-age=2204800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-client-country: DE
access-control-allow-credentials: true
cf-ray: 8c860c03384a911e-FRA
access-control-allow-origin: *
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 sync
s.company-target.com/s/ Frame BE03 0
0 154ms
97ms Document
text/html 34.96.71.22
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://s.company-target.com/s/sync?exc=lr

Requested by

Host: tag.demandbase.com
URL: https://tag.demandbase.com/aaad0ee9207ef896.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.71.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

22.71.96.34.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://cymulate.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

access-control-allow-methods: GET,OPTIONS
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 634
content-type: text/html; charset=UTF-8
date: Tue, 24 Sep 2024 22:00:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google

GET
H2 451 464526.gif
id.rlcdn.com/ 0
98 B 68ms
20ms Image
text/plain 35.244.174.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/464526.gif
Requested by: Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Tue, 24 Sep 2024 22:00:22 GMT

POST
H2 200 ip.json Show response
api.company-target.com/api/v3/ 486 B
1 KB 173ms
123ms XHR
application/json 18.66.102.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.company-target.com/api/v3/ip.json?referrer=&page=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&page_title=Page%20not%20found%20-%20Cymulate

Requested by

Host: tag.demandbase.com
URL: https://tag.demandbase.com/aaad0ee9207ef896.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.102.75 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-102-75.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

e2fb7e42abef5f1ceee56dda26597a5c65e3c490483384c34ea4d305248a09db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://cymulate.com/

Response headers

access-control-max-age: 7200
access-control-expose-headers: x-amz-cf-id
content-encoding: gzip
identification-source: CENTRAL
access-control-allow-methods: GET, POST, OPTIONS
request-id: 45185fe9-9f35-49b6-9bec-65d527e5ad6d
expires: Mon, 23 Sep 2024 22:00:22 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: l3FuZwqLOsK59XCKgDPZlJc7IEZKTGcvwuIgCOj2lqiF6q5K91wjtQ==
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: application/json;charset=utf-8
vary: Accept-Encoding, Origin
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
api-version: v3
access-control-allow-credentials: true
via: 1.1 cb4c4a25e4ef534686959996782c8476.cloudfront.net (CloudFront)
access-control-allow-origin: https://cymulate.com
x-amz-cf-pop: FRA56-P2
server: nginx

GET
H2 200 ping Show response
okt.to/ 0
100 B 464ms
238ms Script
text/javascript 52.20.195.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://okt.to/ping?uri=%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&aid=001t441s05ft70x&ts=1727215222285

Requested by

Host: static.oktopost.com
URL: https://static.oktopost.com/oktrk.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.20.195.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-20-195-32.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

date: Tue, 24 Sep 2024 22:00:22 GMT
strict-transport-security: max-age=31536000;
content-type: text/javascript;charset=UTF-8

GET
H/1.1 200
OK unifiedPixel Show response
tr.outbrain.com/ 53 B
321 B 728ms
454ms Fetch
image/gif 70.42.32.31
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.outbrain.com/unifiedPixel?au=true&bust=05241476478276781&referrer=&cht=ot&marketerId=00cac2de15d94f548d01b277003947c226&name=PAGE_VIEW&dl=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&g=1&obApiVersion=1.0-gtm&obtpVersion=2.0.5

Requested by

Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

70.42.32.31 , United States, ASN22075 (AS-OUTBRAIN, US),

Reverse DNS

ny.outbrain.com

Software

Resource Hash

b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
content-length: 54
content-encoding: br
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: image/gif;
x-traceid: 813b4c1b8f853cfc291f6f8e3ec6149a

GET
H/1.1 200
OK cachedClickId Show response
tr.outbrain.com/ 35 B
293 B 646ms
438ms Script
application/javascript 70.42.32.31
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.outbrain.com/cachedClickId?marketerId=00cac2de15d94f548d01b277003947c226

Requested by

Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

70.42.32.31 , United States, ASN22075 (AS-OUTBRAIN, US),

Reverse DNS

ny.outbrain.com

Software

Resource Hash

1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 39
content-encoding: br
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: application/javascript
x-traceid: f7f60f9f89d16974ea18089df25e038f

GET
H/1.1 200
OK 00cac2de15d94f548d01b277003947c226 Show response
wave.outbrain.com/mtWavesBundler/handler/ 2 B
516 B 138ms
23ms Script
text/html 23.35.237.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://wave.outbrain.com/mtWavesBundler/handler/00cac2de15d94f548d01b277003947c226

Requested by

Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.35.237.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-35-237-86.deploy.static.akamaitechnologies.com

Software

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
Cache-Control: max-age=60
ob-sent-time: 1727148280135
Content-Encoding: gzip
ETag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Connection: keep-alive
Expires: Tue, 24 Sep 2024 22:01:22 GMT
Access-Control-Allow-Origin: *
X-CC: DE
Content-Length: 22
X-RG: EU
Date: Tue, 24 Sep 2024 22:00:22 GMT
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
x-traceid: a12a00f3e212c2d5a88ffd1d2c56e6de

GET
H/1.1 200
OK topics Show response
amplify.outbrain.com/ 26 B
301 B 47ms
18ms Fetch
text/html 23.35.237.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://amplify.outbrain.com/topics
Requested by: Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-86.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6d0291f90718dc0537f65dc6a4f68d8e75f0a8a3a0b62836d9cf41350ecaf552

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

Cache-Control: max-age=1200
Connection: keep-alive
Observe-Browsing-Topics: ?1
Expires: Tue, 24 Sep 2024 22:20:22 GMT
Access-Control-Allow-Origin: *
X-CC: DE
Content-Length: 26
X-RG: EU
Date: Tue, 24 Sep 2024 22:00:22 GMT
Content-Type: text/html

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
812 B 240ms
198ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=120269&time=1727215222290&url=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Accept: *
Referer: https://cymulate.com/

Response headers

x-li-pop: afd-prod-ltx1-x
content-encoding: gzip
x-fs-uuid: 000622e4a1c848e4e24773e95fe9e970
x-msedge-ref: Ref A: 17B139AF4E044AFCA2F63915B0E3E68C Ref B: FRAEDGE1115 Ref C: 2024-09-24T22:00:22Z
x-li-fabric: prod-ltx1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYi5KHISOTiR3PpX+npcA==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=120269&time=1727215222290&url=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=120269&time=1727215222290&url=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&e_ipv6=AQJETzrFVzQ47gAAAZ...

0
264 B

185ms
152ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=120269&time=1727215222290&url=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&e_ipv6=AQJETzrFVzQ47gAAAZImDL7DVOUO01XIXegSzWp9hFIjBRUdWYjrXuM-hWblL48JD0zbhZbuybhi8p8eoqJ6ANyy_wqweg
Requested by: Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 67424F40B7834BC693D005827E75E2B8 Ref B: FRAEDGE1309 Ref C: 2024-09-24T22:00:22Z
x-li-fabric: prod-ltx1
x-li-uuid: AAYi5KHMApDKeh0iO53i4Q==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=120269&time=1727215222290&url=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&e_ipv6=AQJETzrFVzQ47gAAAZImDL7DVOUO01XIXegSzWp9hFIjBRUdWYjrXuM-hWblL48JD0zbhZbuybhi8p8eoqJ6ANyy_wqweg
x-msedge-ref: Ref A: 76EFCC51FDEF4DE29E040B2F19F9F685 Ref B: FRAEDGE1515 Ref C: 2024-09-24T22:00:22Z
x-li-fabric: prod-ltx1
x-li-uuid: AAYi5KHI6OHgihnWZLrUPw==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Tue, 24 Sep 2024 22:00:22 GMT

GET
H2 200 adsct
t.co/i/ 43 B
624 B 242ms
131ms Image
image/gif 162.159.140.229
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=d47069cf-ae9d-4de6-a58c-fb9faafe914f&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=e34e2362-7c81-4f9e-bd90-8651473cd3af&tw_document_href=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o0yw3&type=javascript&version=2.3.30

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.140.229 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=0
x-transaction-id: 01a7073ca372327a
cache-control: no-cache, no-store, max-age=0
x-connection-hash: f035999951a7dcdb6dff02d3b4d4a02f34ea40abe50c6b95730aa09239b31e13
cf-cache-status: DYNAMIC
cf-ray: 8c860c048f8d92ba-FRA
x-response-time: 106
content-length: 43
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: image/gif;charset=utf-8
perf: 7402827104
server: cloudflare tsa_o

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
394 B 278ms
132ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=d47069cf-ae9d-4de6-a58c-fb9faafe914f&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=e34e2362-7c81-4f9e-bd90-8651473cd3af&tw_document_href=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o0yw3&type=javascript&version=2.3.30

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=631138519
x-transaction-id: 7a2f236c7086b245
cache-control: no-cache, no-store, max-age=0
x-connection-hash: c3a3e1ffae69a94159f79d4fe78455bea07556df4a7f226710357fb6c9e4388b
x-response-time: 113
content-length: 43
date: Tue, 24 Sep 2024 22:00:22 GMT
perf: 7402827104
content-type: image/gif;charset=utf-8
server: tsa_f

GET
H3 200 201397790656822 Show response
connect.facebook.net/signals/config/ 72 KB
14 KB 66ms
66ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/201397790656822?v=2.9.167&r=stable&domain=cymulate.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

650ab79865d35b7e2e89e21c0b2c70affa1700d2faea8b6e27bf71f2d1be5bfa

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
edge-control: cache-maxage=10m
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=10, rtx=0, c=68, mss=1232, tbw=67185, tp=63, tpl=0, uplat=54, ullat=0
pragma: public
x-fb-debug: XOZYx/G+Qf5IF5YuG7osk0PNZnKA30iGKQx0Qj3RqyFyzpIzvmOR11RCWHJcpvd2K22x/YTYptnFJDtbpr0Oig==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
615 B 183ms
182ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://cymulate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 6BB4E9653B70405C9E206832CF624E5F Ref B: FRAEDGE1515 Ref C: 2024-09-24T22:00:22Z
x-li-fabric: prod-lor1
access-control-allow-credentials: true
x-li-uuid: AAYi5KHJIda/VYnJHbmEAg==
x-li-proto: http/2
access-control-allow-origin: https://cymulate.com
x-cache: CONFIG_NOCACHE
date: Tue, 24 Sep 2024 22:00:22 GMT
vary: Origin

GET
H2 200 7.svg Show response
cdn.equalweb.com/assets/images/ 2 KB
1 KB 21ms
21ms Fetch
image/svg+xml 2606:4700:20::681a:c5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/assets/images/7.svg

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.0.4/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

407e0c34d3e21312cacb8bb4c971b42e288fdff2eb0f3ba33d31132947710ea8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"7c8f42d46748d51:0"
age: 295140
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3O%2FTxYSvnS5nTjsxiv87fGrQUBk0PafNrl0aqTA57ApljPqtb3rMFSWW8yKZqPf%2Fiyt%2Ba3%2FmVif%2BCsxcc8stvFdYpsDymw7iSC4sgQ8lBQpUYGD7k4p%2BSc6Edmbm1ctzG%2B6T95qyjSUhmhXPgmg%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
x-content-type-options: nosniff
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: image/svg+xml
last-modified: Thu, 01 Aug 2019 12:51:25 GMT
vary: Accept-Encoding
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' ;
cache-control: public, max-age=2204800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-client-country: DE
access-control-allow-credentials: true
cf-ray: 8c860c03e8c3911e-FRA
access-control-allow-origin: *
x-xss-protection: 1; mode=block
server: cloudflare

GET 29ec831e-c813-4b10-948f-04b6d75ba61e
https://cymulate.com/ Frame 0
0

GET
H2 200 tc_imp.gif
obseu.roundprinceforest.com/tracker/ 43 B
79 B 32ms
32ms Image
image/gif 2a05:d018:56f:b800:f42c:e894:1fb0:3740
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://obseu.roundprinceforest.com/tracker/tc_imp.gif?e=37dfbd8ee84e001268e9c534ef45889f9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d59158a652e17071a10acf9f29f674bd7d7d8007f394af67b22018f6d8c63c05631052ac151050b63570ac6be3a1977be26bb25cb43e2913bf05365ac5c7e721bda53ee46f49486df3dbb2907fe7fcaae526c890e3612731193825466fd60b3f493a0180dec1edae97dfa2bc8169b1adc597cff3200e714561c4b92177af998ffe4198b6dec06c213f85e162ae7d133722b325f817c99ec59b058609fc6e359143e3dd385293e88864c06513c157a77bb9e70392652b48d1c2ad7f4ec3ee3b8192d4079b4afa78a9869bad8df5ff5579f592e019cbecbf7af2b95dfe57594351ccdeb8b795904fd7369af961760ba8aae71890fab4fb1864ac64699c62b9169319ecc26df6cc584eee193fdbd4c38fc2cb2bffb2f4d26f9913f82be50eb0102419457459a8398c7d6f28626cf66d193bac56ee46c7c37926966929f925a2adea770e40de086028674a36c4f4441cf26b842cbd6a979f787238809ec97dfcb61c1485666fb59041c2e043e89ec65b3058c9fc964b59966ec9d209adab8af26c1f0e61f3e3eaece1e0a9bb7490251baacf537b6309ef64eadb578e73ee264d741de06c5b42e944235eebcc13e6a7e64436a584e0bb8bfdd2a8b55e601171c77eabe5d818a041ea9e9ace6e5399ca99da894f2bdec59532ead15f5ea003bdd071c4fc5694f6c7eea69ed2a0bc880c260837cd4278db72fccbb11987b0f21201e7d139cc0e7c73d7b559a1c5994d3d9bbb7d652059eb0b56197cf7379d0ce133c69fa90c55721b72487439e1ae33c9c0edac813fbb22ee39b88d7985b63f3fd386b816abb8eb7a20a816d371419896b4550adbe588feb08d79e9ac948d0808637122a41be3cb718ac55b0ec75846606781528776de0448f863152bb6ec5a5f737c7b52ece0c39f0581675d7eaaa4a1d8a19e792029942685458b6292d9caed06acc553f9f8711a3c1b5a6ea02892233544cb10b5a0eca98584ea62ea3bb98799dd9fe0f437da568270a05ca1552e4879b5c44ce3c22d3cad42bbea3bcb73879a82ca9452a00de444812c9c24605d2c4e9d6fea047b07ef7128a7690cb5b9bb39a7e60b6d91ed094bcaed6a7838f26488fe52c49897fcf5b8f54e0f839e892989763b885d6f1e7543bc9a3f4f443dd46d71145330062cb8c2b699f36bf1fc78035ae1e34f0321d9d72a1847f68b73e26445796f5c43fd4984c2870472cd9c3cfe3d151d667e7f36165cfdc411a011738657cb66e&cri=z46xiyNCRy&ts=214&cb=1727215222393
Requested by: Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a05:d018:56f:b800:f42c:e894:1fb0:3740 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
date: Tue, 24 Sep 2024 22:00:22 GMT
pragma: no-cache
content-type: image/gif

GET d8f369a4-d2b2-4a74-8e4a-e9fd441afbfc
https://cymulate.com/ Frame 0
0

GET
H3 200 818712168779601 Show response
connect.facebook.net/signals/config/ 28 KB
4 KB 77ms
74ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/818712168779601?v=2.9.167&r=stable&domain=cymulate.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110%2C196%2C195%2C197%2C202%2C203%2C204%2C200%2C192%2C128%2C130%2C159%2C191%2C193%2C119%2C153%2C141%2C147%2C185%2C186%2C125%2C228%2C113%2C123%2C124%2C229%2C161%2C116%2C231%2C162%2C132%2C120%2C150%2C144

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

fc74f6aa06cf3bd19d76ffb36fa98c527c2ecc9949ec110b5aba6d67147ea9d7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
edge-control: cache-maxage=10m
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=9, rtx=0, c=80, mss=1232, tbw=82465, tp=78, tpl=0, uplat=61, ullat=0
pragma: public
x-fb-debug: 1IZIXd4pF3tY9jg3Js2kCGJtpisSmCZwmS/RGaGGNNMS31d2alzOPlatqMNUwGqQGtn3YKINhPmQV8JySIbWaA==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0

GET
H2 200 /
www.facebook.com/tr/ 0
273 B 92ms
9ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=201397790656822&ev=PageView&dl=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&rl=&if=false&ts=1727215222449&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=12318&fbp=fb.1.1727215222446.112159070110001385&cs_est=true&ler=empty&cdl=API_unavailable&it=1727215222319&coo=false&rqm=GET

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=10, mss=1328, tbw=2796, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: text/plain
server: proxygen-bolt

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 169ms
115ms Image
image/png 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=201397790656822&ev=PageView&dl=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&rl=&if=false&ts=1727215222449&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=12318&fbp=fb.1.1727215222446.112159070110001385&cs_est=true&ler=empty&cdl=API_unavailable&it=1727215222319&coo=false&rqm=FGET

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com https://paywithmybank.com/ https://.paywithmybank.com/;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7418332893626440551"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: LpeZfjnMtJ8A3cv7V8gudfW2I++CIOxksYpNVuhNHRusVz4n2se6GxBJnGRv+HyR2UIo49Fn6tzWcxRtf4lAng==
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7418332893626440551", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=5, rtx=0, c=16, mss=1328, tbw=3751, tp=-1, tpl=-1, uplat=106, ullat=0
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0

GET
H2 200 bg9s Show response
tag-logger.demandbase.com/ 0
420 B 485ms
401ms XHR
text/html 2600:9000:2724:b000:1d:8d6d:3b40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag-logger.demandbase.com/bg9s?x-amz-cf-id=l3FuZwqLOsK59XCKgDPZlJc7IEZKTGcvwuIgCOj2lqiF6q5K91wjtQ==&api-version=v3
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/aaad0ee9207ef896.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2724:b000:1d:8d6d:3b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

x-amz-version-id: 8SdDCdpJvGjkSiMFPv08XcVSgwOMVVmH
etag: "d41d8cd98f00b204e9800998ecf8427e"
age: 74594
x-cache: Error from cloudfront
x-amz-cf-id: sXIXSCpqvTZ5jQzIC1lRSQJ-0o89Q86HLgYsODeY_g-93pYlXoPOrQ==
date: Tue, 24 Sep 2024 02:17:57 GMT
content-type: text/html
vary: Accept-Encoding
last-modified: Tue, 07 Mar 2023 20:47:02 GMT
via: 1.1 b542963649ffc3f71c6540a2347be55a.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-amz-cf-pop: FRA56-P12
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 95 B
1 KB 142ms
130ms Fetch
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=4347852&currentUrl=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f212e942ac33fd93669f03a55e2c0192224cdb6870b376fac8d3c5255cd01225

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

x-robots-tag: noindex, follow
access-control-max-age: 180
x-request-id: 13fd2aa0-ffe0-48a4-af22-381ce859affa
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QyXXuFcQNdOSY0HaZa%2F83jigaLdKmJ0FjnF8p5FTxRE%2BRufWOI7KesN1kmBD0Klgd%2FHrD2KFcaDE3o3Ld7Ka%2FWfPvjbaHm%2Fg7M2%2B2mHcssNJ1Q%2BalLJSV%2Fr9VEgD8ciCF9Uvr34DFS706vtqU6P9Y1Tz0bn9NZXCkwI%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: OPTIONS, GET
x-evy-trace-listener: listener_https
date: Tue, 24 Sep 2024 22:00:22 GMT
x-hubspot-correlation-id: 13fd2aa0-ffe0-48a4-af22-381ce859affa
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-5485db5487-8sd72
x-envoy-upstream-service-time: 10
access-control-allow-credentials: true
cf-ray: 8c860c04dc2c9a21-FRA
access-control-allow-origin: https://cymulate.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 1273790856111869 Show response
connect.facebook.net/signals/config/ 24 KB
3 KB 62ms
62ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1273790856111869?v=2.9.167&r=stable&domain=cymulate.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110%2C196%2C195%2C197%2C202%2C203%2C204%2C200%2C192%2C128%2C130%2C159%2C191%2C193%2C119%2C153%2C141%2C147%2C185%2C186%2C125%2C228%2C113%2C123%2C124%2C229%2C161%2C116%2C231%2C162%2C132%2C120%2C150%2C144%2C111

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a64f8bc64e640fd4987897495af272ec35aa737c439523ad5a663a71d3462871

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
edge-control: cache-maxage=10m
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=12, rtx=0, c=84, mss=1232, tbw=86513, tp=83, tpl=0, uplat=53, ullat=0
pragma: public
x-fb-debug: vlOM69sneAlqWVu2H6njKWe/nu625Lu9HTg9ZeAgY/aGXTHogWz0Jv2YAJgKBQvmMXJXqY+3WETq9CX9LCFjMg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0

GET
H2 200 /
www.facebook.com/tr/ 0
102 B 9ms
7ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=818712168779601&ev=PageView&dl=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&rl=&if=false&ts=1727215222546&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=12318&fbp=fb.1.1727215222446.112159070110001385&cs_est=true&ler=empty&cdl=API_unavailable&it=1727215222319&coo=false&rqm=GET

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=10, mss=1328, tbw=3161, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: text/plain
server: proxygen-bolt

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
844 B 177ms
176ms Image
image/png 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=818712168779601&ev=PageView&dl=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&rl=&if=false&ts=1727215222546&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=12318&fbp=fb.1.1727215222446.112159070110001385&cs_est=true&ler=empty&cdl=API_unavailable&it=1727215222319&coo=false&rqm=FGET

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com https://paywithmybank.com/ https://.paywithmybank.com/;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7418332893231531471"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: 1dhc0Qsa098h7lfEcKWA3nFwY/qPXVywYn/oACwm5SbPLQz/OOdrZOZu8QyYQKrw/CUz1CaWueBSLbrmVpr09g==
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7418332893231531471", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=8, rtx=0, c=16, mss=1328, tbw=9384, tp=-1, tpl=-1, uplat=164, ullat=0
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
19 KB 11ms
9ms Script
application/javascript 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/1a2171aa-2899-441d-a469-6346d2328c53.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

2ac314870072e1aad5c1c2c1ebb9ba542bf1a9df18963c2c4f1d8fcab8711bde

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cache-control: private, proxy-revalidate, max-age=10800
content-encoding: gzip
etag: "66e78018-111cd"
x-content-type-options: nosniff
expires: Wed, 25 Sep 2024 01:00:22 GMT
accept-ranges: bytes
content-length: 18822
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: application/javascript
vary: Accept-Encoding
server: nginx/1.14.0 (Ubuntu)
last-modified: Mon, 16 Sep 2024 00:47:20 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
191 B 40ms
17ms XHR
text/html 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-210.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-methods: GET,POST
access-control-allow-origin: https://cymulate.com
content-length: 7
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: text/html
access-control-allow-headers: *

GET
H2 200 / Show response
ipv6.6sc.co/ 36 B
336 B 403ms
26ms XHR
text/html 2a02:26f0:4700::17d4:6ea8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:4700::17d4:6ea8 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: eb78c1921a81ec42ffcb2bc22f9bac2ca17b8f2c8f78e55812da8d7a8e1518e1

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cache-control: max-age=0, no-cache, no-store
pragma: no-cache
6si-ipv6: 2001:ac8:20:3a00:1011:6717:7a2e:df28
expires: Tue, 24 Sep 2024 22:00:23 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1727215222670_399797924_513546522_27_1074_23_329_219";dur=1
access-control-allow-origin: https://cymulate.com
content-length: 36
date: Tue, 24 Sep 2024 22:00:23 GMT
content-type: text/html
vary: Origin

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 125ms
117ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=1bdcd752acb5a62d4c6d96f6125eaf02&svisitor=null&visitor=f2515ed1-4214-494e-8be8-f092ca469b88&session=819b04e5-45d9-4ff8-8c17-962ba489ab92&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Tue%2C%2024%20Sep%202024%2022%3A00%3A22%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20-%20Cymulate%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&pageViewId=723d13ab-7613-4b87-8982-7611810c3e13&webTagId=1a2171aa-2899-441d-a469-6346d2328c53&v=1.1.27

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "615ccf10-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 22:00:22 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: image/gif
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 125ms
117ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=1bdcd752acb5a62d4c6d96f6125eaf02&svisitor=null&visitor=f2515ed1-4214-494e-8be8-f092ca469b88&session=819b04e5-45d9-4ff8-8c17-962ba489ab92&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%221bdcd752acb5a62d4c6d96f6125eaf02%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2024%20Sep%202024%2022%3A00%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2024%20Sep%202024%2022%3A00%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%222b7244346d62028806a8c96a92c80eaa02498dd9%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2024%20Sep%202024%2022%3A00%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2024%20Sep%202024%2022%3A00%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2024%20Sep%202024%2022%3A00%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2024%20Sep%202024%2022%3A00%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2024%20Sep%202024%2022%3A00%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2024%20Sep%202024%2022%3A00%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%221a2171aa-2899-441d-a469-6346d2328c53%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2024%20Sep%202024%2022%3A00%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2024%20Sep%202024%2022%3A00%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2024%20Sep%202024%2022%3A00%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableMapCookieCapture%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2024%20Sep%202024%2022%3A00%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2024%20Sep%202024%2022%3A00%3A22%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20-%20Cymulate%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&pageViewId=723d13ab-7613-4b87-8982-7611810c3e13&webTagId=1a2171aa-2899-441d-a469-6346d2328c53&v=1.1.27

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 22:00:22 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 /
www.facebook.com/tr/ 0
101 B 15ms
5ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=201397790656822&ev=Lead&dl=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&rl=&if=false&ts=1727215222615&sw=1600&sh=1200&v=2.9.167&r=stable&ec=1&o=12318&fbp=fb.1.1727215222446.112159070110001385&ler=empty&cdl=API_unavailable&it=1727215222319&coo=false&rqm=GET

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=16, mss=1328, tbw=3416, tp=-1, tpl=-1, uplat=1, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: text/plain
server: proxygen-bolt

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
1 KB 63ms
54ms Image
image/png 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=201397790656822&ev=Lead&dl=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&rl=&if=false&ts=1727215222615&sw=1600&sh=1200&v=2.9.167&r=stable&ec=1&o=12318&fbp=fb.1.1727215222446.112159070110001385&ler=empty&cdl=API_unavailable&it=1727215222319&coo=false&rqm=FGET

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com https://paywithmybank.com/ https://.paywithmybank.com/;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7418332892903385288"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: image/png
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7418332892903385288", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-debug: W8cIPFSC9+GSj7D1GIhulx92k/s8N5vfd7Mtue3GJtVzhIjW72H1Oj6wXvSFsZMkSdcU3NiNIgbCr9AvFGNG7A==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=5, rtx=0, c=16, mss=1328, tbw=8287, tp=-1, tpl=-1, uplat=40, ullat=0
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0

GET
H2 200 /
www.facebook.com/tr/ 0
101 B 15ms
6ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=818712168779601&ev=Lead&dl=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&rl=&if=false&ts=1727215222617&sw=1600&sh=1200&v=2.9.167&r=stable&ec=1&o=12318&fbp=fb.1.1727215222446.112159070110001385&ler=empty&cdl=API_unavailable&it=1727215222319&coo=false&rqm=GET

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=16, mss=1328, tbw=3530, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: text/plain
server: proxygen-bolt

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
847 B 52ms
43ms Image
image/png 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=818712168779601&ev=Lead&dl=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&rl=&if=false&ts=1727215222617&sw=1600&sh=1200&v=2.9.167&r=stable&ec=1&o=12318&fbp=fb.1.1727215222446.112159070110001385&ler=empty&cdl=API_unavailable&it=1727215222319&coo=false&rqm=FGET

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com https://paywithmybank.com/ https://.paywithmybank.com/;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7418332892649485387"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: ahTshk+oCKXDE2ZC3dS1oUyMiIcdtRXs4RtpNOSFlH7aC3RyfOqbEyb78G+qJANoF8RQRs6oN6jz7Wl0SZOvHQ==
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7418332892649485387", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=5, rtx=0, c=16, mss=1328, tbw=6548, tp=-1, tpl=-1, uplat=38, ullat=0
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0

GET
H2 200 /
www.facebook.com/tr/ 0
32 B 15ms
6ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1273790856111869&ev=Lead&dl=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&rl=&if=false&ts=1727215222617&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=12318&fbp=fb.1.1727215222446.112159070110001385&ler=empty&cdl=API_unavailable&it=1727215222319&coo=false&rqm=GET

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=16, mss=1328, tbw=3530, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: text/plain
server: proxygen-bolt

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
848 B 60ms
50ms Image
image/png 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1273790856111869&ev=Lead&dl=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&rl=&if=false&ts=1727215222617&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=12318&fbp=fb.1.1727215222446.112159070110001385&ler=empty&cdl=API_unavailable&it=1727215222319&coo=false&rqm=FGET

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com https://paywithmybank.com/ https://.paywithmybank.com/;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7418332892595915196"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: Y+iQ/3+1+gSGTxZEndkGxougRtJYOdSTlx+U8JdjCwyc+iUGgEq4mUGqf8wzxxKApH0ERIhfN7NZecUtjLwuWQ==
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7418332892595915196", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=5, rtx=0, c=16, mss=1328, tbw=7417, tp=-1, tpl=-1, uplat=37, ullat=0
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 188 B
1 KB 168ms
129ms XHR
application/json 2606:4700::6812:f26c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=4347852

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f26c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19d2fd49a43025a4ba1f072aeb94e9f9f5ae3e2954fb4a64972d6f4527b3003a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

access-control-max-age: 180
x-request-id: f65ec0ec-5871-490d-a5c4-c4d677cf0c0f
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NwxqN85NCSFlPeUia2KjF4iUv3vgtoDJx0whYtAjlvQ9zrQ53jp64VBDGJIDK3thD7FrXhhBMB68fo4ZDKpzXfJbNNF4n%2B2FWgLqiuz%2BMJ4acwdAP6te1gCIjq9m6ZEaehGNQhkmJAk3h6MA"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Tue, 24 Sep 2024 22:00:22 GMT
x-hubspot-correlation-id: f65ec0ec-5871-490d-a5c4-c4d677cf0c0f
content-type: application/json;charset=utf-8
vary: origin, Accept-Encoding
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-58bbf9c46c-j87xr
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-envoy-upstream-service-time: 4
access-control-allow-credentials: false
cf-ray: 8c860c05da7f03e4-FRA
access-control-allow-origin: https://cymulate.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
909 B 189ms
157ms Image
image/gif 2606:4700::6813:afbc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:afbc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

x-robots-tag: none
x-request-id: 466ac173-bd51-4b06-8fb4-2b5711bf95f4
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Tue, 24 Sep 2024 22:00:22 GMT
x-hubspot-correlation-id: 466ac173-bd51-4b06-8fb4-2b5711bf95f4
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Tue, 24 Sep 2024 22:00:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-5485db5487-c4gk4
x-envoy-upstream-service-time: 1
access-control-allow-credentials: false
cf-ray: 8c860c05dd39363e-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 Ebook-top-nav.png.webp
cymulate.com/uploaded-files/2024/07/ 3 KB
0 2ms
1ms Image
image/webp 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cymulate.com/uploaded-files/2024/07/Ebook-top-nav.png.webp
Requested by: Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc0913f664781f3bc0dba989f95cccf924a100eb438bfccee0c782ee5282aa1b

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cache-control: public, max-age=7776000, no-transform
cf-cache-status: HIT
etag: "66a8db9d-ab4"
age: 186311
cf-ray: 8c860bfdaacd1c38-FRA
expires: Sat, 21 Dec 2024 14:54:45 GMT
accept-ranges: bytes
content-length: 2740
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: image/webp
last-modified: Tue, 30 Jul 2024 12:25:01 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 Platforms-Data-Sheet-July-2024-03.png.webp
cymulate.com/uploaded-files/2024/08/ 5 KB
0 2ms
2ms Image
image/webp 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cymulate.com/uploaded-files/2024/08/Platforms-Data-Sheet-July-2024-03.png.webp
Requested by: Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27600c3569238e155261a72508d58c0e0e9eb68da6513614c2217dc0df8bea33

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cache-control: public, max-age=7776000, no-transform
cf-cache-status: HIT
etag: "66b1dc25-13e8"
age: 186311
cf-ray: 8c860bfdaacf1c38-FRA
expires: Sat, 21 Dec 2024 14:54:45 GMT
accept-ranges: bytes
content-length: 5096
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: image/webp
last-modified: Tue, 06 Aug 2024 08:17:41 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 Partners.png.webp
cymulate.com/uploaded-files/2023/09/ 6 KB
0 2ms
2ms Image
image/webp 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cymulate.com/uploaded-files/2023/09/Partners.png.webp
Requested by: Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4cfe1561fd61895d2b4e2ee75ea8d976af62459d930d9d410a3ce95ff44bcec2

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cache-control: public, max-age=7776000, no-transform
cf-cache-status: HIT
etag: "64f82781-17ee"
age: 186311
cf-ray: 8c860bfdfb441c38-FRA
expires: Sat, 21 Dec 2024 14:54:45 GMT
accept-ranges: bytes
content-length: 6126
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: image/webp
last-modified: Wed, 06 Sep 2023 07:17:21 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 F-S.png.webp
cymulate.com/uploaded-files/2024/07/ 10 KB
0 3ms
2ms Image
image/webp 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cymulate.com/uploaded-files/2024/07/F-S.png.webp
Requested by: Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d416171fbe213899a7eef70bb99ff4ded2ba078705130cd9c160c970c271341f

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cache-control: public, max-age=7776000, no-transform
cf-cache-status: HIT
etag: "66a8d9ac-2888"
age: 186311
cf-ray: 8c860bfdfb451c38-FRA
expires: Sat, 21 Dec 2024 14:54:45 GMT
accept-ranges: bytes
content-length: 10376
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: image/webp
last-modified: Tue, 30 Jul 2024 12:16:44 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 Gartner-Report-260-x-180-px.png.webp
cymulate.com/uploaded-files/2024/07/ 3 KB
0 3ms
3ms Image
image/webp 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cymulate.com/uploaded-files/2024/07/Gartner-Report-260-x-180-px.png.webp
Requested by: Host: cymulate.com
URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 93e6a2abeab6f2f9dfd179185ae68e9728eedd122fe65644148a242df33e3b59

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cache-control: public, max-age=7776000, no-transform
cf-cache-status: HIT
etag: "66a8fd42-a70"
age: 186311
cf-ray: 8c860bfe5bae1c38-FRA
expires: Sat, 21 Dec 2024 14:54:46 GMT
accept-ranges: bytes
content-length: 2672
date: Tue, 24 Sep 2024 22:00:21 GMT
content-type: image/webp
last-modified: Tue, 30 Jul 2024 14:48:34 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 760 B
721 B 142ms
123ms XHR
application/json 13.248.142.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.142.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash: bba6c74b51fa493e32e7bd916388df1d6a6efc08df83ea42bc20cfbdbd248282

Request headers

Authorization: Token 2b7244346d62028806a8c96a92c80eaa02498dd9
X-6s-CustomID: WebTag 1a2171aa-2899-441d-a469-6346d2328c53
Referer: https://cymulate.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

access-control-expose-headers: X-6si-Region
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-encoding: gzip
x-6si-region: eu-central-1a
access-control-allow-credentials: true
x-trace-id: 7905908822670116367
access-control-allow-origin: https://cymulate.com
content-length: 403
date: Tue, 24 Sep 2024 22:00:22 GMT
content-type: application/json
vary: Origin, Accept-Encoding
server: nginx

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 43ms
10ms Preflight 13.248.142.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.142.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://cymulate.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://cymulate.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Tue, 24 Sep 2024 22:00:22 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: eu-central-1a
x-trace-id: 8828608738611658029

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 277 KB
0 0ms
0ms Script
application/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-859674832

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fedffeb734b7e962d43d6b92c2e1aa820979f28a74c2028c7af9ca3800c1fee1

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cache-control: private, max-age=900
content-encoding: br
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Tue, 24 Sep 2024 22:00:22 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97137
date: Tue, 24 Sep 2024 22:00:22 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
last-modified: Tue, 24 Sep 2024 21:23:46 GMT
access-control-allow-headers: Cache-Control

GET
H2 200 /
a.clickcertain.com/px/cont/ Frame 1824 0
0 118ms
92ms Document
text/html 2606:4700:20::681a:832
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.clickcertain.com/px/cont/?c=24335bac5f4f324&ccid=26a9c073-2a08-4695-ba64-404c971e9113&cn=DE&rid=03cdb730-c8e4-4f7d-8a64-96ae72384e85
Requested by: Host: a.remarketstats.com
URL: https://a.remarketstats.com/px/smart/?c=24335bac5f4f324&seg=threats/diavol-a-new-ransomware-used-by-wizard-spider-2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:832 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8c860c0808931cbf-FRA
content-encoding: br
content-type: text/html
date: Tue, 24 Sep 2024 22:00:23 GMT
etag: W/"MjZhOWMwNzNnMmEwOGc0Njk1Z2JhNjRnNDA0Yzk3MWU5MTEzLXow"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2urjzkLoOVyNxtEdtmBvUb7xuJD9T4qEzReZLb%2FGcrR0r6vcmuOciZV0OiNhKgqKvfaMtCCatZ3wfSUV9lkG2fAwEdw0d04LaRNO5i8E0gqeKEwVpis1d%2Fc%2FZe9PMKRMnEM8jKoBu6scDjJd0YDj3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-frontend: cc-nginx-8674cc857-7pq56:cc-nginx-8674cc857-7pq56
x-requestid: d0485a56-c487-403a-a153-a5b1300bf28b

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
1 KB 162ms
125ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=3816698117&v=1.1&a=4347852&pu=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&t=Page+not+found+-+Cymulate&cts=1727215223016&vi=20378a12d9f4f6633c143459fa9be52c&nc=true&u=145613419.20378a12d9f4f6633c143459fa9be52c.1727215223010.1727215223010.1727215223010.1&b=145613419.1.1727215223010&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

x-robots-tag: none
x-request-id: fee8957e-13e5-45a8-a965-05f31ba946b5
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1zJ%2Bw3ZQ2M7WAoL5nYNFhR4Cz8BHepxGLEZs1vX6bDqfGRIjHGDz57vP755c46p%2BiEiMji4Q0vlU9rcNWqxB1g0Cv4pd8oVd1%2Fz4I2pYQuwB8qAJDMhQbeCFDp9s2jH4YlMDqnqWaFiivvukZwH8"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Tue, 24 Sep 2024 22:00:23 GMT
x-hubspot-correlation-id: fee8957e-13e5-45a8-a965-05f31ba946b5
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-689db97f95-jqmwt
x-envoy-upstream-service-time: 8
access-control-allow-credentials: false
cf-ray: 8c860c082ff0d2db-FRA
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 /
www.facebook.com/tr/ 0
19 B 15ms
12ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1273790856111869&ev=PageView&dl=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&rl=&if=false&ts=1727215223018&sw=1600&sh=1200&v=2.9.167&r=stable&ec=1&o=12318&fbp=fb.1.1727215222446.112159070110001385&ler=empty&cdl=API_unavailable&it=1727215222319&coo=false&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=23, mss=1232, tbw=4686, tp=12, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 24 Sep 2024 22:00:23 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
190 B 750ms
748ms Image
image/png 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1273790856111869&ev=PageView&dl=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&rl=&if=false&ts=1727215223018&sw=1600&sh=1200&v=2.9.167&r=stable&ec=1&o=12318&fbp=fb.1.1727215222446.112159070110001385&ler=empty&cdl=API_unavailable&it=1727215222319&coo=false&rqm=FGET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com https://paywithmybank.com/ https://.paywithmybank.com/;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7418332897507592577"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 24 Sep 2024 22:00:23 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: nspv4NK/LvMPOTnbJcfNanC2FxB/qXUs2mQuL3Rm0a5kf5OUiA11q7Ecu9dsUg2KkMCF64OLN7JBaex+nJ9jDw==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7418332897507592577", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=23, mss=1232, tbw=5054, tp=15, tpl=0, uplat=736, ullat=0
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 132ms
129ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=1bdcd752acb5a62d4c6d96f6125eaf02&svisitor=null&visitor=f2515ed1-4214-494e-8be8-f092ca469b88&session=819b04e5-45d9-4ff8-8c17-962ba489ab92&event=ipv6&q=%7B%22address%22%3A%222001%3Aac8%3A20%3A3a00%3A1011%3A6717%3A7a2e%3Adf28%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20-%20Cymulate%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&pageViewId=723d13ab-7613-4b87-8982-7611810c3e13&webTagId=1a2171aa-2899-441d-a469-6346d2328c53&ipv6=2001%3Aac8%3A20%3A3a00%3A1011%3A6717%3A7a2e%3Adf28&v=1.1.27

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "615ccf10-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 22:00:23 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 24 Sep 2024 22:00:23 GMT
content-type: image/gif
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 178 B
1 KB 169ms
152ms XHR
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=4347852&utk=20378a12d9f4f6633c143459fa9be52c&__hstc=145613419.20378a12d9f4f6633c143459fa9be52c.1727215223010.1727215223010.1727215223010.1&__hssc=145613419.1.1727215223010&currentUrl=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a15a1efb9324a190a1bb4f88f1b83c2e63abfc37b759f9eb87d0c1ed64f5e22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: 1731c8fc-28a0-4253-ab23-c68858fa2ff5
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FhHjs3LJWH0MESa9WLNQ4LvrbJk%2BFFcfXeRDQNxtWVdeyMSh1GwiyQXcw8DSfPfqOiqPs0w35gyfyoh2pgp8RPWlQdgCpbDJaz%2F3V0EiJKyx0KE4Bsjrl7UHOXtvmGC5u8iz5q9g2qhbNF43EKNY"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-listener: listener_https
date: Tue, 24 Sep 2024 22:00:23 GMT
x-hubspot-correlation-id: 1731c8fc-28a0-4253-ab23-c68858fa2ff5
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-5485db5487-8sd72
x-envoy-upstream-service-time: 29
access-control-allow-credentials: false
cf-ray: 8c860c081e6d9a21-FRA
access-control-allow-origin: https://cymulate.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 52ms
19ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-6ZSMQQR9V4&gtm=45je49n0v887322098z878928481za200&_p=1727215221439&gcs=G100&gcd=13p3pPt2p5l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&gdid=dYWJhMj&cid=1275223591.1727215223&ecid=1972235742&ul=de-de&are=1&frm=0&pscdl=denied&ec_mode=a&_geo=1&_rdi=1&_s=1&sid=1727215222&sct=1&seg=0&dl=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&dt=Page%20not%20found%20-%20Cymulate&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2651
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6ZSMQQR9V4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://cymulate.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Tue, 24 Sep 2024 22:00:23 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 42ms
19ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-6ZSMQQR9V4&gtm=45je49n0v887322098za200&_p=1727215221439&gcs=G100&gcd=13p3pPt2p5l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&gdid=dYWJhMj&cid=1275223591.1727215223&ecid=1972235742&ul=de-de&are=1&frm=0&pscdl=denied&_eu=AEA&_geo=1&_rdi=1&_s=2&sid=1727215222&sct=1&seg=0&dl=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&dt=Page%20not%20found%20-%20Cymulate&en=scroll&epn.percent_scrolled=90&_et=2&tfd=2661
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6ZSMQQR9V4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://cymulate.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Tue, 24 Sep 2024 22:00:23 GMT
content-type: text/plain
server: Golfe2

POST
H3 200 landing
pagead2.googlesyndication.com/pagead/ 42 B
64 B 80ms
18ms Ping
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/landing?gcs=G100&gcd=13p3p3t2p5l1&tag_exp=0&rnd=1436717016.1727215223&url=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&dma_cps=syphamo&dma=1&npa=1&gtm=45He49n0n815Q2VT3Cv78928481za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Q2VT3C

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 24 Sep 2024 22:00:23 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

POST
H2 200 mon Show response
obseu.roundprinceforest.com/ 0
145 B 36ms
34ms XHR
application/json 2a05:d018:56f:b800:f42c:e894:1fb0:3740
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://obseu.roundprinceforest.com/mon
Requested by: Host: euob.roundprinceforest.com
URL: https://euob.roundprinceforest.com/sxp/i/683bf120b4a6a6234a5fff3424707f4e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a05:d018:56f:b800:f42c:e894:1fb0:3740 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://cymulate.com/

Response headers

access-control-allow-origin: https://cymulate.com
content-length: 0
date: Tue, 24 Sep 2024 22:00:23 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

POST
H2 200 mon Show response
obseu.roundprinceforest.com/ 0
16 B 44ms
43ms XHR
application/json 2a05:d018:56f:b800:f42c:e894:1fb0:3740
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://obseu.roundprinceforest.com/mon
Requested by: Host: euob.roundprinceforest.com
URL: https://euob.roundprinceforest.com/sxp/i/683bf120b4a6a6234a5fff3424707f4e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a05:d018:56f:b800:f42c:e894:1fb0:3740 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://cymulate.com/

Response headers

access-control-allow-origin: https://cymulate.com
content-length: 0
date: Tue, 24 Sep 2024 22:00:23 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 117ms
107ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=1bdcd752acb5a62d4c6d96f6125eaf02&svisitor=null&visitor=f2515ed1-4214-494e-8be8-f092ca469b88&session=819b04e5-45d9-4ff8-8c17-962ba489ab92&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2024%20Sep%202024%2022%3A00%3A23%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2024%20Sep%202024%2022%3A00%3A22%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%221003%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20-%20Cymulate%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&pageViewId=723d13ab-7613-4b87-8982-7611810c3e13&webTagId=1a2171aa-2899-441d-a469-6346d2328c53&ipv6=2001%3Aac8%3A20%3A3a00%3A1011%3A6717%3A7a2e%3Adf28&v=1.1.27

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f020a0-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 22:00:23 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 24 Sep 2024 22:00:23 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 cymulate-logo-icon.png
cymulate.com/uploaded-files/2021/09/ 412 B
681 B 26ms
25ms Other
image/webp 2606:4700:10::6816:4f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cymulate.com/uploaded-files/2021/09/cymulate-logo-icon.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4f1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e13738f614b52e0d861b7cd9342face18efe7314aca70bc63db7fc8f0a68121

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cf-bgj: imgq:100,h2pri
etag: "6486d8d8-108f"
age: 186314
cf-cache-status: HIT
expires: Sat, 21 Dec 2024 14:54:56 GMT
cf-polished: origFmt=png, origSize=4239
date: Tue, 24 Sep 2024 22:00:24 GMT
content-type: image/webp
content-disposition: inline; filename="cymulate-logo-icon.webp"
vary: Accept
last-modified: Mon, 12 Jun 2023 08:35:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=7776000, no-transform
cf-ray: 8c860c0f2c2a1c38-FRA
accept-ranges: bytes
content-length: 412
server: cloudflare

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 104ms
104ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=1bdcd752acb5a62d4c6d96f6125eaf02&svisitor=null&visitor=f2515ed1-4214-494e-8be8-f092ca469b88&session=819b04e5-45d9-4ff8-8c17-962ba489ab92&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2024%20Sep%202024%2022%3A00%3A24%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2024%20Sep%202024%2022%3A00%3A23%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20-%20Cymulate%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&pageViewId=723d13ab-7613-4b87-8982-7611810c3e13&webTagId=1a2171aa-2899-441d-a469-6346d2328c53&ipv6=2001%3Aac8%3A20%3A3a00%3A1011%3A6717%3A7a2e%3Adf28&v=1.1.27

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "615ccf10-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 22:00:24 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 24 Sep 2024 22:00:24 GMT
content-type: image/gif
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)

POST
H2 200 mon Show response
obseu.roundprinceforest.com/ 0
39 B 34ms
33ms XHR
application/json 2a05:d018:56f:b800:f42c:e894:1fb0:3740
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://obseu.roundprinceforest.com/mon
Requested by: Host: euob.roundprinceforest.com
URL: https://euob.roundprinceforest.com/sxp/i/683bf120b4a6a6234a5fff3424707f4e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a05:d018:56f:b800:f42c:e894:1fb0:3740 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://cymulate.com/

Response headers

access-control-allow-origin: https://cymulate.com
content-length: 0
date: Tue, 24 Sep 2024 22:00:25 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 151ms
150ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=1bdcd752acb5a62d4c6d96f6125eaf02&svisitor=null&visitor=f2515ed1-4214-494e-8be8-f092ca469b88&session=819b04e5-45d9-4ff8-8c17-962ba489ab92&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2024%20Sep%202024%2022%3A00%3A25%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2024%20Sep%202024%2022%3A00%3A24%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223004%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20-%20Cymulate%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&pageViewId=723d13ab-7613-4b87-8982-7611810c3e13&webTagId=1a2171aa-2899-441d-a469-6346d2328c53&ipv6=2001%3Aac8%3A20%3A3a00%3A1011%3A6717%3A7a2e%3Adf28&v=1.1.27

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "63f020a0-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 22:00:25 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 24 Sep 2024 22:00:25 GMT
content-type: image/gif
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 125ms
124ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=1bdcd752acb5a62d4c6d96f6125eaf02&svisitor=null&visitor=f2515ed1-4214-494e-8be8-f092ca469b88&session=819b04e5-45d9-4ff8-8c17-962ba489ab92&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2024%20Sep%202024%2022%3A00%3A26%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2024%20Sep%202024%2022%3A00%3A25%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%224004%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20-%20Cymulate%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&pageViewId=723d13ab-7613-4b87-8982-7611810c3e13&webTagId=1a2171aa-2899-441d-a469-6346d2328c53&ipv6=2001%3Aac8%3A20%3A3a00%3A1011%3A6717%3A7a2e%3Adf28&v=1.1.27

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Referer: https://cymulate.com/

Response headers

cache-control: max-age=0, no-cache, no-store
etag: "5e502810-2b"
pragma: no-cache
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 22:00:26 GMT
accept-ranges: bytes
content-length: 43
date: Tue, 24 Sep 2024 22:00:26 GMT
content-type: image/gif
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)

POST
H2 200 mon Show response
obseu.roundprinceforest.com/ 0
39 B 40ms
38ms XHR
application/json 2a05:d018:56f:b800:f42c:e894:1fb0:3740
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://obseu.roundprinceforest.com/mon
Requested by: Host: euob.roundprinceforest.com
URL: https://euob.roundprinceforest.com/sxp/i/683bf120b4a6a6234a5fff3424707f4e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a05:d018:56f:b800:f42c:e894:1fb0:3740 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://cymulate.com/

Response headers

access-control-allow-origin: https://cymulate.com
content-length: 0
date: Tue, 24 Sep 2024 22:00:27 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

GET img.gif
b.6sc.co/v1/beacon/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: a.quora.com
URL: https://a.quora.com/qevents.js

Domain: cymulate.com
URL: blob:https://cymulate.com/29ec831e-c813-4b10-948f-04b6d75ba61e

Domain: cymulate.com
URL: blob:https://cymulate.com/d8f369a4-d2b2-4a74-8e4a-e9fd441afbfc

Domain: b.6sc.co
URL: https://b.6sc.co/v1/beacon/img.gif?token=1bdcd752acb5a62d4c6d96f6125eaf02&svisitor=null&visitor=f2515ed1-4214-494e-8be8-f092ca469b88&session=819b04e5-45d9-4ff8-8c17-962ba489ab92&event=active_time_track&q=%7B%22currentTime%22%3A%22Tue%2C%2024%20Sep%202024%2022%3A00%3A27%20GMT%22%2C%22lastTrackTime%22%3A%22Tue%2C%2024%20Sep%202024%2022%3A00%3A26%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225005%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20-%20Cymulate%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&pageViewId=723d13ab-7613-4b87-8982-7611810c3e13&webTagId=1a2171aa-2899-441d-a469-6346d2328c53&ipv6=2001%3Aac8%3A20%3A3a00%3A1011%3A6717%3A7a2e%3Adf28&v=1.1.27

Verdicts & Comments Add Verdict or Comment

125 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

45 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.hsforms.net/	1970-01-20 23:46:57	Name: __cf_bm Value: nmT1KGdnahguqwCuJ9N1TJFzihwI9PXmpNnGLAIToqw-1727215221-1.0.1.1-JUTsXCDllAovU.10uat09Xoc18fGn7a9DbM0cukWVU18WRwwmTeofk6ELYpmC58PfEzhzUGPIT90PpUtaV.C1g
.cymulate.com/	1970-01-21 08:33:57	Name: _vwo_uuid_v2 Value: D25BB3FAC8797CA0B62408955057D48E8\|69395d84efaf5f56e284a48a088b533f
.gartner.com/	1970-01-20 23:46:57	Name: __cf_bm Value: G4xu9yn38apc8QeiES9iZq2HmA3B.KIBcIVBkqjNCqc-1727215221-1.0.1.1-TQDmTJ_u4EybYTJjaMZ_lJu357IE99gsdF4JeuEj_.3BfEJ.bsUAYvP.GhyZ3ip1aJ4T43FYSbZDt7Dvrdiwsg
.gartner.com/	1969-12-31 23:59:59	Name: _cfuvid Value: 0Kq48xPKmJo1IF9m6FRgkIqtmNs.8HR.sFcwA.UxoOc-1727215221871-0.0.1.1-604800000
.ws.zoominfo.com/	1970-01-21 08:32:31	Name: visitorId Value: a352654f01b5878c5d8d4579c50b81d31bc3c32c77f50d6f702711fafee5755d
.zoominfo.com/	1970-01-20 23:46:57	Name: __cf_bm Value: lrlbD4yqEOFWHzM6sfcTxNbOBtkwKL21eRp6xzk6lfk-1727215222-1.0.1.1-k64iDcEhwJlnjh5.kXmaDEBBPALQNSZfrX8PHhIOA3oLAlrMeBNVjLVGxVtqCZzF94uAI_WoZpDctZ9ORUZxcA
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: BBu..q1CYjaMMnduRlfTd8fGdpOaiUZAR0puvdKj9sY-1727215222013-0.0.1.1-604800000
.cymulate.com/	1970-01-21 01:58:19	Name: _cq_duid Value: 1.1727215222.JSrHzoyZix2KpwTX
.cymulate.com/	1969-12-31 23:59:59	Name: _cq_suid Value: 1.1727215222.XiZpcOVFisLOlf8d
cymulate.com/	1970-01-20 23:49:48	Name: threats_rsCount Value: 1,expireDate=expires=Thu, 26 Sep 2024 22:00:22 GMT
.cymulate.com/	1970-01-21 08:32:31	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Wed+Sep+25+2024+00%3A00%3A22+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=202407.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=c9d838a4-1040-4ba9-9993-527f72c17a75&interactionCount=0&isAnonUser=1&landingPath=https%3A%2F%2Fcymulate.com%2Fthreats%2Fdiavol-a-new-ransomware-used-by-wizard-spider-2%2F&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0%2CC0005%3A0
obseu.roundprinceforest.com/	1970-01-21 07:50:45	Name: cg_uuid Value: 2eda7c6a83e58fc17b109b35dfce00af
a.clickcertain.com/	1970-01-21 08:32:31	Name: _ccpx_u Value: 26a9c073%2d2a08%2d4695%2dba64%2d404c971e9113
.cymulate.com/	1970-01-21 01:56:31	Name: _fbp Value: fb.1.1727215222446.112159070110001385
.company-target.com/	1970-01-21 09:22:55	Name: tuuid Value: 8bb56b2e-3c99-43ec-b60e-462454c20a29
.company-target.com/	1970-01-21 09:22:55	Name: tuuid_lu Value: 1727215222\|ix:0\|mctv:0\|rp:0
a.clickcertain.com/	1970-01-21 08:32:31	Name: _ccpx Value: 24335bac5f4f324
a.clickcertain.com/	1970-01-21 08:32:31	Name: _ccpx_24335bac5f4f324 Value: 1
.linkedin.com/	1970-01-21 08:32:31	Name: bcookie Value: "v=2&23ec9e86-f9fe-459b-8eb7-2efa2399ca16"
.linkedin.com/	1970-01-21 04:06:07	Name: li_gc Value: MTswOzE3MjcyMTUyMjI7MjswMjGf6vYLZW2ATAb4cEQqFlNU+xKXUMi2KLGDbIvHkFTOAQ==
.linkedin.com/	1970-01-20 23:48:21	Name: lidc Value: "b=OGST08:s=O:r=O:a=O:p=O:g=2990:u=1:x=1:i=1727215222:t=1727301622:v=2:sig=AQFCmEcG4vCXzv2UUvFbFkM8o2yOEnls"
.casalemedia.com/	1970-01-21 08:32:31	Name: CMID Value: ZvM2drmqPd8AAEHcACccjAAA
.casalemedia.com/	1970-01-21 01:56:31	Name: CMPS Value: 5282
.casalemedia.com/	1970-01-21 01:56:31	Name: CMPRO Value: 5282
cymulate.com/	1970-01-21 09:22:55	Name: _gd_visitor Value: f2515ed1-4214-494e-8be8-f092ca469b88
cymulate.com/	1970-01-20 23:47:09	Name: _gd_session Value: 819b04e5-45d9-4ff8-8c17-962ba489ab92
.t.co/	1970-01-21 09:22:55	Name: muc_ads Value: ce325790-78c3-4329-856e-2837e601ba31
.t.co/	1970-01-20 23:46:57	Name: __cf_bm Value: _.fgkll46dciwv0DoVVwy339zkyTZBYD4KqkooPzfag-1727215222-1.0.1.1-_s_0okXnRawBoNCQMsJdvyIQqj2uxVpawU_VLVQz4iHJfmG5KB4PUm2HYu05g6EzyJluiHxM5Or60eNldD_3Kg
.twitter.com/	1970-01-21 09:22:55	Name: personalization_id Value: "v1_3yxkEhVVmEP35LFnG4cwjg=="
.tremorhub.com/	1970-01-21 08:32:52	Name: tvid Value: 9c4203743f494a33af141f60bd92ff93
.tremorhub.com/	1970-01-21 09:22:55	Name: tv_UIDM Value: 8bb56b2e-3c99-43ec-b60e-462454c20a29
.hsforms.com/	1970-01-20 23:46:57	Name: __cf_bm Value: zh_WKpW3O_JMNquPTZXWwM_QanZXjoes8pMSCB4Hy.w-1727215222-1.0.1.1-weVFcqCM2eI4_vMDjJK.c5oxw04LVVqedWMlAu2w7bCXYrxuf4xaInyTIT1BvvlNcoDgSoadWRpUs08CE_7wig
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: s0STrk_ejoN2IGJzvjDvHwTfG98mTaUyE3FQIY77uFU-1727215222846-0.0.1.1-604800000
.cymulate.com/	1970-01-21 04:06:07	Name: __hstc Value: 145613419.20378a12d9f4f6633c143459fa9be52c.1727215223010.1727215223010.1727215223010.1
.cymulate.com/	1970-01-21 04:06:07	Name: hubspotutk Value: 20378a12d9f4f6633c143459fa9be52c
.cymulate.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.cymulate.com/	1970-01-20 23:46:57	Name: __hssc Value: 145613419.1.1727215223010
.hubspot.com/	1970-01-20 23:46:57	Name: __cf_bm Value: Taxsc6Ld8.MW178jZUJXThohvOQ7jv6o_H5960wcdlU-1727215223-1.0.1.1-n1Dnpr5CHNfS_A4bJ.4I0GT6qJovFMYtOrnJagN0rf9iEXtWvG3U6Evx2.mg6bH.aqd3IeTHCNKqb39acYQXqQ
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: JxYrplkbsWRSphuxz6.S5eZq_KXR9KY6q_OOVbE1ztA-1727215223179-0.0.1.1-604800000
.tapad.com/	1970-01-21 01:13:19	Name: TapAd_TS Value: 1727215223353
.tapad.com/	1970-01-21 01:13:19	Name: TapAd_DID Value: 7f023204-96a8-4252-94e4-c7be89071a42
.tapad.com/	1970-01-21 01:13:19	Name: TapAd_3WAY_SYNCS Value:
.bidr.io/	1970-01-21 09:15:28	Name: bito Value: AAD7gk7N5m0AABYptLQ56Q
.bidr.io/	1970-01-21 09:15:28	Name: bitoIsSecure Value: ok
.a.usbrowserspeed.com/	1970-01-21 08:32:31	Name: tuid Value: 91fad095-7f9b-4b4e-8c4c-f854b7b884b0

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/ Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://cymulate.com/wp-content/themes/cymulate-2022/assets/autocomplete/autoComplete.css?ver=21.7.29.10 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://a.quora.com/qevents.js Message: Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOrigin
network	error	URL: https://id.rlcdn.com/464526.gif Message: Failed to load resource: the server responded with a status of 451 ()
worker	verbose	URL: blob:https://cymulate.com/29ec831e-c813-4b10-948f-04b6d75ba61e(Line 1) Message: Error
network	error	URL: https://cymulate.com/threats/diavol-a-new-ransomware-used-by-wizard-spider-2/ Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.clickcertain.com
a.quora.com
a.remarketstats.com
amplify.outbrain.com
analytics.twitter.com
api.company-target.com
api.hubapi.com
api.ipify.org
b.6sc.co
c.6sc.co
cdn.equalweb.com
connect.facebook.net
cookie-cdn.cookiepro.com
cta-service-cms2.hubspot.com
cymulate.com
dev.visualwebsiteoptimizer.com
epsilon.6sense.com
euob.roundprinceforest.com
forms.hubspot.com
geolocation.onetrust.com
id.rlcdn.com
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hsforms.net
js.hsleadflows.net
js.hubspot.com
metadata-static-files.sfo2.cdn.digitaloceanspaces.com
obseu.roundprinceforest.com
okt.to
pagead2.googlesyndication.com
perf-na1.hsforms.com
px.ads.linkedin.com
px4.ads.linkedin.com
q.quora.com
region1.google-analytics.com
s.company-target.com
secure.leadforensics.com
snap.licdn.com
static.ads-twitter.com
static.mobilemonkey.com
static.oktopost.com
t.co
tag-logger.demandbase.com
tag.demandbase.com
tr.outbrain.com
track.hubspot.com
wave.outbrain.com
ws.zoominfo.com
www.facebook.com
www.gartner.com
www.googletagmanager.com
a.quora.com
b.6sc.co
cymulate.com
104.244.42.131
13.107.42.14
13.248.142.121
162.159.140.229
162.159.152.17
172.67.74.152
18.244.18.7
18.245.46.89
18.66.102.75
199.232.188.157
2.17.100.210
2001:4860:4802:34::36
23.35.237.86
2600:9000:211e:4600:1d:57a9:200:93a1
2600:9000:2724:b000:1d:8d6d:3b40:93a1
2606:4700:10::6816:4f1
2606:4700:20::681a:832
2606:4700:20::681a:932
2606:4700:20::681a:c5f
2606:4700:20::ac43:4549
2606:4700:4400::ac40:911d
2606:4700:4400::ac40:9310
2606:4700:4400::ac40:97a6
2606:4700:4400::ac40:9923
2606:4700:4400::ac40:9b77
2606:4700::6810:752b
2606:4700::6810:7574
2606:4700::6810:8bd1
2606:4700::6810:a0a8
2606:4700::6811:80ac
2606:4700::6812:8c11
2606:4700::6812:8d77
2606:4700::6812:f26c
2606:4700::6813:afbc
2620:1ec:21::14
2a00:1450:4001:811::2002
2a00:1450:4001:81d::2008
2a02:26f0:3500:10::210:a99
2a02:26f0:4700::17d4:6ea8
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
2a05:d018:56f:b800:f42c:e894:1fb0:3740
3.160.150.83
34.96.102.137
34.96.71.22
35.244.174.68
4.158.108.63
52.20.195.32
70.42.32.31
0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096
059b77025c02623999e7524b737287072bd2dbb42c1652f70a4020338b1e5f21
08844f8bace8a22915a529dd5a531dc293ea6902e4528d676aba8c488d191424
09016600a13dd4825b72516765a8da53d1ab896f7582c4619d014e8ee147ea84
0976ab1e4064ab2f67b70c83e539857c82878677f1afba565b183a907753f770
0e9c2e18c6d317b4868deb6e9ecf95c4888fa98a6d745e8b195844ca559e6b38
10261b710e399a8cee22c8ff4118167d91ac58254f5bf0291036d2219dd5cf25
13e7e7a6c5322fe3fb5cdcada6893a70abebab0acb4bb3f45ff43ec9b96164f5
14e9cb721743bdb32c44b88f048772accfbf6899d3f77d06ccf2fb676b943353
19d2fd49a43025a4ba1f072aeb94e9f9f5ae3e2954fb4a64972d6f4527b3003a
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580
22138da3b4d85ca7e2b14c1d8d7e630bfb743281130599ddbe4764f13c890018
22f7af7c1f0fda7b15222161020de20537ce540f08ba19284bb2e27def8e2f86
24c779851c36bb885ad6e4b73bf8d41f58a7f8a910ac4240d825564d32d35a1a
27600c3569238e155261a72508d58c0e0e9eb68da6513614c2217dc0df8bea33
2ac314870072e1aad5c1c2c1ebb9ba542bf1a9df18963c2c4f1d8fcab8711bde
30422d1511267f63643688107659e5eb9f160df68de1e46451f7ca59f5c23f3c
33839a2117cff2df1589678eecc3cb5227f0ca219e67159d9979c57763495200
359a8d9558abac48bff316eeecd731083a11196a1a2dede6d1c5c9a79db3a745
37b3e225df47f607cf27aa8c41d2fe74226c145a64d50876c3bb66e869cef5ba
407e0c34d3e21312cacb8bb4c971b42e288fdff2eb0f3ba33d31132947710ea8
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45fc282ba10aab2ee245c715735faec6f17656934f54f5ac64843f8a03a08a43
46b6596e9fdedae08a61fed7b7512700c383b8eb822239d6691fa49e1eb372de
47017f9a1836a40ec5064128b8445aef04c30e04f06ff30971f0a3e3e8a524eb
478969b90650f491604fb1fb981d25f2350a42df053712227aafa86725538fc1
4cfe1561fd61895d2b4e2ee75ea8d976af62459d930d9d410a3ce95ff44bcec2
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
509f02b21feb754ec8bebbb0b0d0d9ffddb9db8d616ae8ab3e06bdbf3d39ac7c
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
5348da78fcded3fa324fef7098f1ad3eb86a9b7b3ac17b0709d2820a8006c8ea
5416a43930af0316da99a8b2d52e24d78839b4d4adc1c00a76f1a458ce1b3b30
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
58ebe35d08f36534dfbdee4a7c01ae1efad459add6ae70cb6f1397bd70b2194c
5a15a1efb9324a190a1bb4f88f1b83c2e63abfc37b759f9eb87d0c1ed64f5e22
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
64aff3262c56fa48ad38b8d9d4d674a6ee3759d1ce4cb52c66865e3fc2c16d2f
650ab79865d35b7e2e89e21c0b2c70affa1700d2faea8b6e27bf71f2d1be5bfa
65ba8da7b9cd9171a4a4d870eaa8ca0639864e6167fb237113a5c1cb04d45051
67e14e0d63228f1a4c3932faebca4effb4035467593a152a573557de67e57fa0
69f9f19bd433b1317c2e2adf4b0d99a7655e6d878b35a970a5311227c6ad0a04
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d0291f90718dc0537f65dc6a4f68d8e75f0a8a3a0b62836d9cf41350ecaf552
6d34d97eefb81310ba1fc34cf478deb7c4ead22224a837e9b0cc662c8de69527
735d3dff569b3a23c7c72466c4a0ec32b3564ab2464652608c3a79614e719315
78f127277756ae464f4eb665ce214cb6315746f6f4193e95b31f18f4b3e97527
79a306bfbadefd954a88675179e2ab9925719fe821d54fec7401e0c6931a9c24
7a303026a1e158c61d96ba96010352c24957181ee22828ce2b54cdd60c813529
7ac7bdc3ac6ccf0f88fca01f3e7db0d8dfd14e2bbf887d78a8ddde212a0ddb03
7c2092048f21074425f3e025db78fb6505f75d6fcf2e121ced055c8d53bcb1b3
7e03cc11c3e27f7ce207ffb50d7b35599e444e2f9b41e053ccb8125adf54a98b
7e13738f614b52e0d861b7cd9342face18efe7314aca70bc63db7fc8f0a68121
7f19b98c8d8c08bc3a834fd7ad893849e9ae5e3b2395f310fa48ccc19ce7027a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
867cdc7355d82d6fb8019a89043be06c9e565f14f2775f849b69cb1e5f4feb2a
86ae22d0c26ba645a1cd337bb1d22e37ebcf52485305e5f42abb73d8f8f016ed
871b60c158ea79213b99a528c5509726f32414ff4a650360fbe1c7e5612d4c97
88a9ddab458683c31cdda49f18f189d6141a224d223666508a5542c1d7ac7259
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
8a59881aae83948c79aad351b6c2b206f08360449c9a47e725f4523b57c5d5e4
8ab7b2066ad0b65ec79be21dc93aa32a425dcb11c41880498a004eaaaa17e26e
8d8b1d33f669af7a09c867381cfc0c10f930291b1af1e3c3b4689f1a9ae23bbe
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
93e6a2abeab6f2f9dfd179185ae68e9728eedd122fe65644148a242df33e3b59
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
99682b04beefd4e58b020ba9ad53146055084cde9a54ba5485eb1792576c6a7e
a052a5689623398ee81de8ec6ec510ca0aa1148ee22b87981900901a613a93ee
a64f8bc64e640fd4987897495af272ec35aa737c439523ad5a663a71d3462871
aa3e04479170b1653e44d8c356f6917f184e9f651cbe122807d9f77869038be1
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ac874018e8c3559a3e0773044980331f1591b35dfd62d9202536edc1d0a43339
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
afaed7c81302d1a08eef38549fc320ba36f714e366cbfe9ed1a492b98fc51790
b0499eb6bef276af5e98726f6476ad2a09fa0a792e430be776811890b0a9e4b1
b3d62f787f96df6e8e522fe6e495b3b332bcc39611f4480547833596d0baff05
b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553
bb60550070f9a5ce5d91b9cb0d34ee6777a3dcb25de950cb185d1c2b624b2590
bba6c74b51fa493e32e7bd916388df1d6a6efc08df83ea42bc20cfbdbd248282
bf9c1ff640acc8bb5441a9b564360943f9db90969742aa33a36329b2828d2759
c1233a49c4ecec12fed969bc83cd6ba59d8b2b88bef31988d9384f7e54c42e20
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
ceffda0001c0a6edf0cae48244e72c46d66bb5a75618d4ed5c03d0d24cd106eb
cf8407e6330aced2e477abd2fafbb3c13f83a77cf5ce55254ccd7b71848ba11b
d416171fbe213899a7eef70bb99ff4ded2ba078705130cd9c160c970c271341f
dc0913f664781f3bc0dba989f95cccf924a100eb438bfccee0c782ee5282aa1b
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e051bcd1aa1760cd154bda6aeb6dc3b4c34633cfdbfa5418ae2243cdecb87599
e2fb7e42abef5f1ceee56dda26597a5c65e3c490483384c34ea4d305248a09db
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e554db189b5d944ef0e6f98ee0e4e8c75f69e95315dc9f4ae0c616a8756a2ba4
ea14b302d2386504b249b182fac6bdeff4b77b71921945c4cf70e73550ab503d
eb78c1921a81ec42ffcb2bc22f9bac2ca17b8f2c8f78e55812da8d7a8e1518e1
ec8e585ab06e164d11e99adcf9b18d3074de0ece7c922fc6cc99d86fad4d9ea7
ed0d6b6c2ea9e3782bae94dd871b305d55d1889674e886ad66ce6fe1601ae6d3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f212e942ac33fd93669f03a55e2c0192224cdb6870b376fac8d3c5255cd01225
f3c4f516f2d040c27cb7a620963fb42d6d86e2f5757a62ea78cb80778e8a62b2
f3f08b3cbc6ceb04bc62a9b85006ef3ee818f9cd4cedd2fb39e3058358682165
f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a
f61e078fa412c05fa2f255e389612f3d89c8a8f7811f8f7b271c3101071d62c6
f6f4886fd171e93e684e99d01d547f4be16dbd021a3b19589f27d99ee6d7452d
f790dbbcf9f8ae42200fc5ebcbe945aae0a49709ab702f01b80439cb577d7860
f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b
fc74f6aa06cf3bd19d76ffb36fa98c527c2ecc9949ec110b5aba6d67147ea9d7
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fedffeb734b7e962d43d6b92c2e1aa820979f28a74c2028c7af9ca3800c1fee1

cymulate.com Open in urlscan Pro 2606:4700:10::6816:4f1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

153 Requests

96 %HTTPS

61 %IPv6

42 Domains

55 Subdomains

49 IPs

6 Countries

2862 kBTransfer

6170 kBSize

45 Cookies

7 Outgoing links

Redirected requests

153 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

cymulate.com Open in urlscan Pro
2606:4700:10::6816:4f1 Public Scan

Screenshot
Live screenshot

Full Image

153
Requests

96 %
HTTPS

61 %
IPv6

42
Domains

55
Subdomains

49
IPs

6
Countries

2862 kB
Transfer

6170 kB
Size

45
Cookies

153 HTTP transactions
0 data transactions