blogs.juniper.net Open in urlscan Pro
44.233.31.59 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
Submission: On September 13 via api (September 13th 2024, 2:14:17 pm UTC) from IN — Scanned from US

Summary HTTP 121 Redirects Links 100 Behaviour Indicators

Summary

This website contacted 42 IPs in 3 countries across 30 domains to perform 121 HTTP transactions. The main IP is 44.233.31.59, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is blogs.juniper.net.
TLS certificate: Issued by Amazon RSA 2048 M03 on May 17th 2024. Valid for: a year.

This is the only time blogs.juniper.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
30	44.233.31.59 44.233.31.59	16509 (AMAZON-02) (AMAZON-02)
10	151.101.195.10 151.101.195.10	54113 (FASTLY) (FASTLY)
1	142.251.41.10 142.251.41.10	15169 (GOOGLE) (GOOGLE)
20	23.199.49.14 23.199.49.14	16625 (AKAMAI-AS) (AKAMAI-AS)
1	23.204.152.170 23.204.152.170	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	3.90.95.212 3.90.95.212	14618 (AMAZON-AES) (AMAZON-AES)
2	13.226.34.62 13.226.34.62	16509 (AMAZON-02) (AMAZON-02)
3	23.55.235.235 23.55.235.235	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	54.165.250.234 54.165.250.234	14618 (AMAZON-AES) (AMAZON-AES)
2	63.140.39.224 63.140.39.224	14618 (AMAZON-AES) (AMAZON-AES)
1 1	34.196.133.17 34.196.133.17	14618 (AMAZON-AES) (AMAZON-AES)
1	63.140.37.145 63.140.37.145	16509 (AMAZON-02) (AMAZON-02)
1	23.200.3.26 23.200.3.26	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 5	142.250.80.70 142.250.80.70	15169 (GOOGLE) (GOOGLE)
1	142.250.64.66 142.250.64.66	15169 (GOOGLE) (GOOGLE)
1	23.201.179.45 23.201.179.45	16625 (AKAMAI-AS) (AKAMAI-AS)
1	192.29.67.231 192.29.67.231	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
3	142.251.40.226 142.251.40.226	15169 (GOOGLE) (GOOGLE)
1	142.251.179.155 142.251.179.155	15169 (GOOGLE) (GOOGLE)
1	52.85.61.96 52.85.61.96	16509 (AMAZON-02) (AMAZON-02)
1	34.96.71.22 34.96.71.22	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	35.244.154.8 35.244.154.8	15169 (GOOGLE) (GOOGLE)
1	13.226.94.12 13.226.94.12	16509 (AMAZON-02) (AMAZON-02)
1	18.164.116.38 18.164.116.38	16509 (AMAZON-02) (AMAZON-02)
3 6	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	142.250.65.164 142.250.65.164	15169 (GOOGLE) (GOOGLE)
1	18.164.111.124 18.164.111.124	16509 (AMAZON-02) (AMAZON-02)
3	150.171.27.10 150.171.27.10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
2	142.250.80.8 142.250.80.8	15169 (GOOGLE) (GOOGLE)
3	142.250.65.162 142.250.65.162	15169 (GOOGLE) (GOOGLE)
1	142.251.40.142 142.251.40.142	15169 (GOOGLE) (GOOGLE)
2	34.210.235.158 34.210.235.158	16509 (AMAZON-02) (AMAZON-02)
1	104.18.20.104 104.18.20.104	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	69.28.187.147 69.28.187.147	22822 (LLNW) (LLNW)
1	18.173.132.63 18.173.132.63	16509 (AMAZON-02) (AMAZON-02)
1	44.197.95.216 44.197.95.216	14618 (AMAZON-AES) (AMAZON-AES)
1	23.201.175.46 23.201.175.46	16625 (AKAMAI-AS) (AKAMAI-AS)
2	192.184.68.166 192.184.68.166	14618 (AMAZON-AES) (AMAZON-AES)
1 2	54.158.131.242 54.158.131.242	14618 (AMAZON-AES) (AMAZON-AES)
1	192.184.68.254 192.184.68.254	() ()
1 2	34.36.216.150 34.36.216.150	() ()
1 2	216.157.106.133 216.157.106.133	() ()
121	42

30 44.233.31.59 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-233-31-59.us-west-2.compute.amazonaws.com

blogs.juniper.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 151.101.195.10 (San Francisco, United States)

ASN54113 (FASTLY, US)

www.juniper.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.41.10 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s40-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 23.199.49.14 (Secaucus, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-199-49-14.deploy.static.akamaitechnologies.com

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.204.152.170 (Edison, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-204-152-170.deploy.static.akamaitechnologies.com

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.90.95.212 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-90-95-212.compute-1.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.226.34.62 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-34-62.ewr53.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.55.235.235 (Newark, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-55-235-235.deploy.static.akamaitechnologies.com

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.165.250.234 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-165-250-234.compute-1.amazonaws.com

junipernetworks.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.140.39.224 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ip-63-140-39-224.data.adobedc.net

junipernetworks.d2.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.196.133.17 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-196-133-17.compute-1.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.37.145 (United States)

ASN16509 (AMAZON-02, US)
PTR: ip-63-140-37-145.data.adobedc.net

junipernetworks.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.200.3.26 (Edison, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-200-3-26.deploy.static.akamaitechnologies.com

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.80.70 (Plainview, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f6.1e100.net

3872718.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
11607354.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.64.66 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s30-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.201.179.45 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-201-179-45.deploy.static.akamaitechnologies.com

img.en25.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.29.67.231 (Toronto, Canada)

ASN31898 (ORACLE-BMC-31898, US)

s1229.t.eloqua.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.40.226 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s39-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.179.155 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: pd-in-f155.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.61.96 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-96.ewr53.r.cloudfront.net

scripts.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.71.22 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 22.71.96.34.bc.googleusercontent.com

s.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.154.8 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 8.154.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.94.12 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-94-12.jfk52.r.cloudfront.net

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.116.38 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-116-38.jfk50.r.cloudfront.net

tag-logger.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 13.107.42.14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.65.164 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s71-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.111.124 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-111-124.jfk50.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 150.171.27.10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.80.8 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s33-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.65.162 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s71-in-f2.1e100.net

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.40.142 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s80-in-f14.1e100.net

google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.210.235.158 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-210-235-158.us-west-2.compute.amazonaws.com

twin-iq.kickfire.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.20.104 (None, )

ASN13335 (CLOUDFLARENET, US)

tracker.pixeltracker.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.28.187.147 (New York, United States)

ASN22822 (LLNW, US)
PTR: https-69-28-187-147.iad.llnw.net

cdn01.basis.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.173.132.63 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-132-63.jfk52.r.cloudfront.net

pixel.veritone-ce.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.197.95.216 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-197-95-216.compute-1.amazonaws.com

p.veritone-ce.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.201.175.46 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-201-175-46.deploy.static.akamaitechnologies.com

servedby.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.184.68.166 (United States)

ASN14618 (AMAZON-AES, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.158.131.242 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-158-131-242.compute-1.amazonaws.com

cnv.event.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.184.68.254 (None, )

ASN- ()

pixel.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.36.216.150 (None, ) 1 redirects

ASN- ()

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.157.106.133 (None, ) 1 redirects

ASN- ()

pixel.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
40	juniper.net blogs.juniper.net www.juniper.net — Cisco Umbrella Rank: 497251	6 MB
20	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 521	166 KB
12	doubleclick.net 2 redirects 3872718.fls.doubleclick.net — Cisco Umbrella Rank: 964149 googleads.g.doubleclick.net — Cisco Umbrella Rank: 77 bid.g.doubleclick.net — Cisco Umbrella Rank: 1443 td.doubleclick.net — Cisco Umbrella Rank: 481 11607354.fls.doubleclick.net — Cisco Umbrella Rank: 833314 ad.doubleclick.net — Cisco Umbrella Rank: 210	9 KB
6	linkedin.com px.ads.linkedin.com — Cisco Umbrella Rank: 669 Failed www.linkedin.com — Cisco Umbrella Rank: 914	3 KB
4	sitescout.com 2 redirects pixel-sync.sitescout.com pixel.sitescout.com	1 KB
4	google.com www.google.com — Cisco Umbrella Rank: 10 google.com — Cisco Umbrella Rank: 1	926 B
4	company-target.com api.company-target.com — Cisco Umbrella Rank: 9578 s.company-target.com — Cisco Umbrella Rank: 2669 segments.company-target.com — Cisco Umbrella Rank: 3589	2 KB
4	typekit.net p.typekit.net — Cisco Umbrella Rank: 1499 use.typekit.net — Cisco Umbrella Rank: 1178	705 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 534	15 KB
3	omtrdc.net junipernetworks.d2.sc.omtrdc.net — Cisco Umbrella Rank: 681962 junipernetworks.tt.omtrdc.net — Cisco Umbrella Rank: 972704	1 KB
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 319 junipernetworks.demdex.net	2 KB
2	bidr.io 1 redirects cnv.event.prod.bidr.io — Cisco Umbrella Rank: 24996	1 KB
2	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 2337 pixel.quantserve.com	10 KB
2	veritone-ce.com pixel.veritone-ce.com p.veritone-ce.com — Cisco Umbrella Rank: 67014	942 B
2	kickfire.com twin-iq.kickfire.com — Cisco Umbrella Rank: 75325	1 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	171 KB
2	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 2631 insight.adsrvr.org — Cisco Umbrella Rank: 1486	6 KB
2	demandbase.com scripts.demandbase.com — Cisco Umbrella Rank: 22842 tag-logger.demandbase.com — Cisco Umbrella Rank: 13079	18 KB
1	quantcount.com rules.quantcount.com Failed pixel.quantcount.com	159 B
1	flashtalking.com servedby.flashtalking.com — Cisco Umbrella Rank: 1478
1	basis.net cdn01.basis.net — Cisco Umbrella Rank: 9836	2 KB
1	pixeltracker.co tracker.pixeltracker.co — Cisco Umbrella Rank: 53938	5 KB
1	rlcdn.com 1 redirects id.rlcdn.com — Cisco Umbrella Rank: 1352	335 B
1	eloqua.com s1229.t.eloqua.com	448 B
1	en25.com img.en25.com — Cisco Umbrella Rank: 15632	3 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 176	20 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1884	14 KB
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 2184	490 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 110	4 KB
0	mdhv.io Failed jelly-v6.mdhv.io Failed
121	30

	Domain	Requested by
30	blogs.juniper.net	blogs.juniper.net
20	assets.adobedtm.com	blogs.juniper.net assets.adobedtm.com
10	www.juniper.net	blogs.juniper.net www.juniper.net
5	px.ads.linkedin.com	snap.licdn.com blogs.juniper.net
3	td.doubleclick.net	www.googletagmanager.com
3	bat.bing.com	blogs.juniper.net bat.bing.com
3	www.google.com	blogs.juniper.net
3	googleads.g.doubleclick.net	www.googleadservices.com www.googletagmanager.com
3	use.typekit.net	blogs.juniper.net
2	pixel.sitescout.com	1 redirects
2	pixel-sync.sitescout.com	1 redirects blogs.juniper.net
2	cnv.event.prod.bidr.io	1 redirects
2	11607354.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	twin-iq.kickfire.com	assets.adobedtm.com
2	www.googletagmanager.com	assets.adobedtm.com
2	3872718.fls.doubleclick.net	1 redirects blogs.juniper.net
2	junipernetworks.d2.sc.omtrdc.net	assets.adobedtm.com blogs.juniper.net
2	api.company-target.com	assets.adobedtm.com scripts.demandbase.com
2	dpm.demdex.net	assets.adobedtm.com blogs.juniper.net
1	pixel.quantserve.com
1	pixel.quantcount.com	secure.quantserve.com
1	secure.quantserve.com	blogs.juniper.net
1	servedby.flashtalking.com	assets.adobedtm.com
1	p.veritone-ce.com
1	pixel.veritone-ce.com	assets.adobedtm.com
1	cdn01.basis.net	assets.adobedtm.com
1	tracker.pixeltracker.co	assets.adobedtm.com
1	ad.doubleclick.net
1	google.com	www.googletagmanager.com
1	insight.adsrvr.org	js.adsrvr.org
1	js.adsrvr.org	assets.adobedtm.com
1	www.linkedin.com	1 redirects
1	tag-logger.demandbase.com	scripts.demandbase.com
1	segments.company-target.com	blogs.juniper.net
1	id.rlcdn.com	1 redirects
1	s.company-target.com	scripts.demandbase.com
1	scripts.demandbase.com	blogs.juniper.net
1	bid.g.doubleclick.net	assets.adobedtm.com
1	s1229.t.eloqua.com	blogs.juniper.net
1	img.en25.com	blogs.juniper.net
1	www.googleadservices.com	assets.adobedtm.com
1	snap.licdn.com	blogs.juniper.net
1	junipernetworks.tt.omtrdc.net	assets.adobedtm.com
1	cm.everesttech.net	1 redirects
1	junipernetworks.demdex.net	assets.adobedtm.com
1	p.typekit.net	blogs.juniper.net
1	fonts.googleapis.com	blogs.juniper.net
0	rules.quantcount.com Failed	secure.quantserve.com
0	jelly-v6.mdhv.io Failed
121	49

This site contains links to these domains. Also see Links.

Domain
www.juniper.net
community.juniper.net
summit.juniper.net
support.juniper.net
supportportal.juniper.net
license.juniper.net
entitlementsearch.juniper.net
kb.juniper.net
prsearch.juniper.net
apps.juniper.net
forums.juniper.net
threatlabs.juniper.net
learningportal.juniper.net
www.certmetrics.com
www.facebook.com
www.linkedin.com
twitter.com
investor.juniper.net

Subject Issuer	Validity	Valid
blogs.juniper.net Amazon RSA 2048 M03	`2024-05-17` - `2025-06-16`	a year	crt.sh
www.juniper.net Sectigo RSA Organization Validation Secure Server CA	`2024-04-30` - `2025-04-30`	a year	crt.sh
upload.video.google.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-09` - `2025-08-09`	a year	crt.sh
use.typekit.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-08-27` - `2025-09-27`	a year	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2024-10-26`	a year	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2024-08-13` - `2025-09-14`	a year	crt.sh
*.d2.sc.omtrdc.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-07` - `2025-03-09`	a year	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2024-02-26` - `2025-03-28`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
*.doubleclick.net WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.googleadservices.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.en25.com DigiCert TLS RSA SHA256 2020 CA1	`2024-07-30` - `2025-07-29`	a year	crt.sh
*.t.eloqua.com DigiCert TLS RSA SHA256 2020 CA1	`2024-03-26` - `2025-04-10`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2024-08-27` - `2025-09-28`	a year	crt.sh
*.company-target.com R11	`2024-08-15` - `2024-11-13`	3 months	crt.sh
*.demandbase.com Amazon RSA 2048 M02	`2024-06-10` - `2025-07-08`	a year	crt.sh
www.google.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-09-11` - `2025-03-11`	6 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2024-04-23` - `2025-05-25`	a year	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 04	`2024-06-19` - `2024-12-16`	6 months	crt.sh
*.google-analytics.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.google.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
twin-iq.kickfire.com Amazon RSA 2048 M02	`2023-11-28` - `2024-12-26`	a year	crt.sh
pixeltracker.co WE1	`2024-08-04` - `2024-11-02`	3 months	crt.sh
cdn01.basis.net GeoTrust TLS RSA CA G1	`2024-05-06` - `2025-06-06`	a year	crt.sh
pixel.veritone-ce.com Amazon RSA 2048 M03	`2024-05-16` - `2025-06-14`	a year	crt.sh
p.veritone-ce.com Amazon RSA 2048 M02	`2024-07-04` - `2025-08-03`	a year	crt.sh
servedby.flashtalking.com DigiCert TLS RSA SHA256 2020 CA1	`2024-07-17` - `2025-07-17`	a year	crt.sh
quantserve.com R11	`2024-08-23` - `2024-11-21`	3 months	crt.sh
*.sitescout.com GeoTrust TLS RSA CA G1	`2024-01-15` - `2025-02-01`	a year	crt.sh

This page contains 12 frames:

Primary Page: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
Frame ID: 2ACF00B9EA60EBEFC96F9849FB08C95C
Requests: 110 HTTP requests in this frame

Frame: https://junipernetworks.demdex.net/dest5.html?d_nsid=0
Frame ID: ACB16427075F0F08BD1E1FCDAD188074
Requests: 1 HTTP requests in this frame

Frame: https://3872718.fls.doubleclick.net/activityi;dc_pre=CKmYy7KNwIgDFaGjjggdsMUNyg;src=3872718;type=gojpnet;cat=pagev0;u1=TFfdnwVwYrblgy0QP9zHMElMVkRzg8GT-1726236851;u2=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;u5=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4912792693272.599
Frame ID: 112F233BD7816A9E450AF17D8DBE4A9D
Requests: 1 HTTP requests in this frame

Frame: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Frame ID: A5B202739993B59DC11510B2607A962C
Requests: 1 HTTP requests in this frame

Frame: https://s.company-target.com/s/sync?exc=lr
Frame ID: 52C8972DBC63180291519850F94B3526
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=ayvdycl&ref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&upid=6x1itd9&upv=1.1.0&paapi=1
Frame ID: 5300F5B4D022194314D0038C0A714A01
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/10817909393?random=1726236854916&cv=11&fst=1726236854916&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be49b0v9174497920za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&hn=www.googleadservices.com&frm=0&tiba=Blackbyte%20Ransomware%20%7C%20Official%20Juniper%20Networks%20Blogs&npa=0&pscdl=noapi&auid=538657626.1726236855&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 280FECBAEF2083D663EE5B80F162DFE6
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/10817909393?random=1726236854945&cv=11&fst=1726236854945&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be49b0v9174497920za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&hn=www.googleadservices.com&frm=0&tiba=Blackbyte%20Ransomware%20%7C%20Official%20Juniper%20Networks%20Blogs&npa=0&pscdl=noapi&auid=538657626.1726236855&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view
Frame ID: 1255706C0481B2AF7E7AA1D5CC4D3E0B
Requests: 1 HTTP requests in this frame

Frame: https://11607354.fls.doubleclick.net/activityi;dc_pre=CP_YsbSNwIgDFeOpjggdGmMwOQ;src=11607354;type=brand0;cat=junip00;ord=2429571672117;npa=0;auiddc=538657626.1726236855;u1=en-us;u2=threat-labs-knowledge-base;u3=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;u5=null;u6=null;u7=null;u8=null;ps=1;pcor=975310582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;user_data_mode=a;gtm=45fe49b0v9189922125za200;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;em=tv.1;~oref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware
Frame ID: 5BAAD16BB83CD8828741644FEE021BFE
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=11607354;type=brand0;cat=junip00;ord=2429571672117;npa=0;auiddc=538657626.1726236855;u1=en-us;u2=threat-labs-knowledge-base;u3=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;u5=null;u6=null;u7=null;u8=null;ps=1;pcor=975310582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;user_data_mode=a;gtm=45fe49b0v9189922125za200;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;em=tv.1;~oref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware
Frame ID: 492238A741DDCD55A53AE8C245AF356A
Requests: 1 HTTP requests in this frame

Frame: https://servedby.flashtalking.com/container/16396;116748;12367;iframe/?ftXRef=[%INSERT_TRANSACTION_ID_HERE%]&ftXValue=[%INSERT_TRANSACTION_VALUE_HERE%]&ftXType=[%INSERT_TRANSACTION_TYPE_HERE%]&ftXName=[%INSERT_TRANSACTION_NAME_HERE%]&ftXNumItems=[%INSERT_TRANSACTION_QUANTITY_HERE%]&ftXCurrency=[%INSERT_TRANSACTION_CURRENCY_HERE%]&U1=[%INSERT_U1_HERE%]&U2=[%INSERT_U2_HERE%]&U3=[%INSERT_U3_HERE%]&U4=[%INSERT_U4_HERE%]&U5=[%INSERT_U5_HERE%]&U6=[%INSERT_U6_HERE%]&U7=[%INSERT_U7_HERE%]&U8=[%INSERT_U8_HERE%]&U9=[%INSERT_U9_HERE%]&U10=[%INSERT_U10_HERE%]&U11=[%INSERT_U11_HERE%]&U12=[%INSERT_U12_HERE%]&U13=[%INSERT_U13_HERE%]&U14=[%INSERT_U14_HERE%]&U15=[%INSERT_U15_HERE%]&U16=[%INSERT_U16_HERE%]&U17=[%INSERT_U17_HERE%]&U18=[%INSERT_U18_HERE%]&U19=[%INSERT_U19_HERE%]&U20=[%INSERT_U20_HERE%]&ft_referrer=&ns=&cb=290708.7004912972
Frame ID: E4141AAD9BEFF718715929539C6F6B6A
Requests: 1 HTTP requests in this frame

Frame: https://pixel-sync.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Frame ID: FF3B8C81BFBE6AF265BD953FC0B7AD2E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Blackbyte Ransomware | Official Juniper Networks Blogs

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/
wp-embed\.min\.js\?ver=([\d.]+)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

121
Requests

93 %
HTTPS

0 %
IPv6

30
Domains

49
Subdomains

42
IPs

3
Countries

7525 kB
Transfer

8689 kB
Size

46
Cookies

100 Outgoing links

These are links going to different origins than the main page.

URL: https://www.juniper.net/us/en.html
Title: United States

Search URL Search Domain Scan URL

URL: https://www.juniper.net/br/pt.html
Title: Brazil - Brasil

Search URL Search Domain Scan URL

URL: https://www.juniper.net/cn/zh.html
Title: China - 中国

Search URL Search Domain Scan URL

URL: https://www.juniper.net/fr/fr.html
Title: France

Search URL Search Domain Scan URL

URL: https://www.juniper.net/de/de.html
Title: Germany - Deutschland

Search URL Search Domain Scan URL

URL: https://www.juniper.net/it/it.html
Title: Italy - Italia

Search URL Search Domain Scan URL

URL: https://www.juniper.net/jp/ja.html
Title: Japan - 日本

Search URL Search Domain Scan URL

URL: https://www.juniper.net/kr/ko.html
Title: Korea - 대한민국

Search URL Search Domain Scan URL

URL: https://www.juniper.net/mx/es.html
Title: Latin America

Search URL Search Domain Scan URL

URL: https://www.juniper.net/ru/ru.html
Title: Russia - Россия

Search URL Search Domain Scan URL

URL: https://www.juniper.net/es/es.html
Title: Spain - España

Search URL Search Domain Scan URL

URL: https://www.juniper.net/nl/nl.html
Title: The Netherlands

Search URL Search Domain Scan URL

URL: https://www.juniper.net/gb/en.html
Title: United Kingdom

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/company/contact-us.html
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.juniper.net/utils/secure/login.html
Title: Log In

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/company.html
Title: Why Juniper?

Search URL Search Domain Scan URL

URL: https://community.juniper.net/home
Title: Community

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/customers.html
Title: Customer Success

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/how-to-buy/form.html
Title: How to Buy

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/company/awards-and-industry-recognition.html
Title: Industry Recognition

Search URL Search Domain Scan URL

URL: https://summit.juniper.net/replay
Title: Juniper Summits

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/partners.html
Title: Partnership

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products.html
Title: Products & Solutions

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products/cloud-services.html
Title: Cloud Services

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products/network-automation.html
Title: Network Automation

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products/routers/mx-series/network-edge-services.html
Title: Network Edge Services

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products/network-operating-system.html
Title: Network Operating System

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products/packet-optical.html
Title: Packet Optical

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products/routers.html
Title: Routers

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products/sdn-and-orchestration.html
Title: SDN, Management & Operations

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products/security.html
Title: Security

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products/software.html
Title: Software

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products/switches.html
Title: Switches

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products/access-points.html
Title: Wireless Access Points

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/products/products-a-to-z.html
Title: All Products A-Z

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/eol/
Title: End of Life

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions.html
Title: Solutions

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/it-networking.html
Title: Enterprise

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/cloud-operator.html
Title: Cloud Provider

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/service-provider.html
Title: Service Provider

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/400g.html
Title: 400G

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/artificial-intelligence-for-it-operations-aiops.html
Title: AI and Machine Learning

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/automation.html
Title: Automation

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/contact-tracing.html
Title: Contact Tracing

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/data-center.html
Title: Data Center

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/ip-transport-solution/metro.html
Title: Metro

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/sase.html
Title: SASE

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/sd-wan.html
Title: SD-WAN

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/security.html
Title: Security

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/automation/segment-routing.html
Title: Segment Routing

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/wireless-access.html
Title: Wired & Wireless Access

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/federal-government.html
Title: Federal Government

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/solutions/healthcare.html
Title: Healthcare

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/services.html
Title: Services

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/services/advisory-services.html
Title: Advisory Services

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/services/implementation-services.html
Title: Implementation Services

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/services/migration-services.html
Title: Migration Services

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/services/optimization-services.html
Title: Optimization Services

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/services/support-services.html
Title: Support Services

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/
Title: Support

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/up-and-running/
Title: Getting Started

Search URL Search Domain Scan URL

URL: https://supportportal.juniper.net/
Title: Juniper Support Portal

Search URL Search Domain Scan URL

URL: https://license.juniper.net/licensemanage/
Title: Product License Keys

Search URL Search Domain Scan URL

URL: https://entitlementsearch.juniper.net/entitlementsearch/
Title: Product Entitlement Search

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/requesting-support/
Title: Contact Support

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/downloads/
Title: Downloads

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/downloads/?f=ex
Title: EX Series

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/downloads/?f=mx
Title: MX Series

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/downloads/?f=ptx
Title: PTX Series

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/downloads/?f=qfx
Title: QFX Series

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/downloads/?f=srx
Title: SRX Series

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/downloads/?f=space
Title: Junos Space

Search URL Search Domain Scan URL

URL: https://support.juniper.net/support/downloads/?f=ssg
Title: SSG Series

Search URL Search Domain Scan URL

URL: https://kb.juniper.net/InfoCenter/index?page=home
Title: Knowledge Base

Search URL Search Domain Scan URL

URL: https://www.juniper.net/documentation/
Title: TechLibrary

Search URL Search Domain Scan URL

URL: https://prsearch.juniper.net/InfoCenter/index?page=prsearch
Title: Problem Report Search

Search URL Search Domain Scan URL

URL: https://apps.juniper.net/home/
Title: Pathfinder

Search URL Search Domain Scan URL

URL: https://forums.juniper.net/
Title: Community

Search URL Search Domain Scan URL

URL: https://threatlabs.juniper.net/home/search/#/list/ips?page_number=1&page_size=20
Title: Security Intelligence

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/report-a-security-vulnerability.html
Title: Report a Vulnerability

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/training.html
Title: Training

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/training/
Title: Training

Search URL Search Domain Scan URL

URL: https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=JUNIPER-TRAINING-SCHEDULE-HOME
Title: Schedule of Classes

Search URL Search Domain Scan URL

URL: https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=ALL-ACCESS-TRAINING-PASS-HOME
Title: All Access Training Pass

Search URL Search Domain Scan URL

URL: https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=JUNIPER-ONDEMAND-TRAINING-HOME
Title: On-demand Courses

Search URL Search Domain Scan URL

URL: https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=11478
Title: Open Learning

Search URL Search Domain Scan URL

URL: https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=JUNIPER-LEARNING-PATHS-HOME
Title: Learning Paths

Search URL Search Domain Scan URL

URL: https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=FREE-JUNIPER-TRAINING-HOME
Title: Getting Started

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/training/certification.html
Title: Certification

Search URL Search Domain Scan URL

URL: https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=JUNIPER-CERTIFICATION-PROGRAM-HOME
Title: Certification Resources

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/training/certification/recertification.html
Title: Recertification

Search URL Search Domain Scan URL

URL: https://www.certmetrics.com/juniper/login.aspx?ReturnUrl=%2fjuniper%2f
Title: Manage My Certs

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/forms/apstra-free-trial.html
Title: Offers and Trials

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/company/culture-careers.html
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.juniper.net/us/en/company/corporate-responsibility.html
Title: Corporate Responsibility

Search URL Search Domain Scan URL

URL: https://investor.juniper.net/investor-relations/default.aspx
Title: Investor Relations

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 48

https://cm.everesttech.net/cm/dd?d_uuid=62973213336239018484255365022483258415 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZuRIrgAAAH0qThva

Request Chain 51

https://3872718.fls.doubleclick.net/activityi;src=3872718;type=gojpnet;cat=pagev0;u1=TFfdnwVwYrblgy0QP9zHMElMVkRzg8GT-1726236851;u2=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;u5=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4912792693272.599 HTTP 302
https://3872718.fls.doubleclick.net/activityi;dc_pre=CKmYy7KNwIgDFaGjjggdsMUNyg;src=3872718;type=gojpnet;cat=pagev0;u1=TFfdnwVwYrblgy0QP9zHMElMVkRzg8GT-1726236851;u2=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;u5=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4912792693272.599

Request Chain 61

https://id.rlcdn.com/464526.gif HTTP 307
https://segments.company-target.com/log?vendor=liveramp&user_id=

Request Chain 66

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4751&time=1726236851636&li_adsId=10b950da-4f30-4ceb-a955-9509084ba0d0&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4751&time=1726236851636&li_adsId=10b950da-4f30-4ceb-a955-9509084ba0d0&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4751%26time%3D1726236851636%26li_adsId%3D10b950da-4f30-4ceb-a955-9509084ba0d0%26url%3Dhttps%253A%252F%252Fblogs.juniper.net%252Fen-us%252Fthreat-labs-knowledge-base%252Fblackbyte-ransomware%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4751&time=1726236851636&li_adsId=10b950da-4f30-4ceb-a955-9509084ba0d0&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&cookiesTest=true&liSync=true

Request Chain 102

https://jelly.mdhv.io/v1/star.gif?pid=lL9ruUN6fSVYtuhdYDioOK6oziLQ&src=mh&evt=hi HTTP 307
https://jelly-v6.mdhv.io/v1/starV6.gif?evt=hi&pid=lL9ruUN6fSVYtuhdYDioOK6oziLQ&src=mh&tx=2d6391df-ad21-44a5-8b3c-1eb04105efd3

Request Chain 103

https://11607354.fls.doubleclick.net/activityi;src=11607354;type=brand0;cat=junip00;ord=2429571672117;npa=0;auiddc=538657626.1726236855;u1=en-us;u2=threat-labs-knowledge-base;u3=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;u5=null;u6=null;u7=null;u8=null;ps=1;pcor=975310582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;user_data_mode=a;gtm=45fe49b0v9189922125za200;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;em=tv.1;~oref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware HTTP 302
https://11607354.fls.doubleclick.net/activityi;dc_pre=CP_YsbSNwIgDFeOpjggdGmMwOQ;src=11607354;type=brand0;cat=junip00;ord=2429571672117;npa=0;auiddc=538657626.1726236855;u1=en-us;u2=threat-labs-knowledge-base;u3=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;u5=null;u6=null;u7=null;u8=null;ps=1;pcor=975310582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;user_data_mode=a;gtm=45fe49b0v9189922125za200;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;em=tv.1;~oref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware

Request Chain 113

https://cnv.event.prod.bidr.io/log/cnv?tag_id=7&buzz_key=demandworks&value=&segment_key=&account_id=2&order=[ORDER]&ord=[CACHEBUSTER] HTTP 303
https://cnv.event.prod.bidr.io/log/cnv?tag_id=7&buzz_key=demandworks&value=&segment_key=&account_id=2&order=%5BORDER%5D&ord=%5BCACHEBUSTER%5D&_bee_ppp=1

Request Chain 118

https://pixel-sync.sitescout.com/dmp/asyncPixelSync HTTP 302
https://pixel-sync.sitescout.com/dmp/asyncPixelSync?cookieQ=1

Request Chain 119

https://pixel.sitescout.com/up/2fb4a0900fc1ab67?cntr_url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware HTTP 302
https://pixel.sitescout.com/up/2fb4a0900fc1ab67?cookieQ=1&cntr_url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware

121 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request blackbyte-ransomware Show response
blogs.juniper.net/en-us/threat-labs-knowledge-base/ 111 KB
112 KB 2794ms
2557ms Document
text/html 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 / PHP/7.4.24

Resource Hash

7328eae42b3e0936e7378714057ce0aadc71d10a652831cca477f3bf167e4f6b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, must-revalidate
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
content-type: text/html; charset=UTF-8
date: Fri, 13 Sep 2024 14:14:03 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
link: <https://blogs.juniper.net/wp-json/>; rel="https://api.w.org/" <https://blogs.juniper.net/wp-json/wp/v2/posts/27024>; rel="alternate"; type="application/json" <https://blogs.juniper.net/?p=27024>; rel=shortlink
permissions-policy: geolocation=(self)
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
strict-transport-security: max-age=31536000
vary: Accept-Encoding,Cookie
x-content-type-options: nosniff
x-powered-by: PHP/7.4.24
x-ua-compatible: IE=edge,chrome=1
x-xss-protection: 1; mode=block

GET
H2 200 dfd_icon_set.css
blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/fonts/dfd_icon_set/ 75 KB
76 KB 151ms
146ms Stylesheet
text/css 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/fonts/dfd_icon_set/dfd_icon_set.css?ver=5.8.10

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

89a733d708f3c1d4e9586f565282da135a31e93a9ad3da1611f64d1a112b457c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:03 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 16 Oct 2021 05:27:39 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "12dba-5ce7192036aaf"
vary: Accept-Encoding,Host
content-type: text/css
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 77242
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 style.min.css
blogs.juniper.net/wp-includes/css/dist/block-library/ 79 KB
79 KB 1228ms
1223ms Stylesheet
text/css 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-includes/css/dist/block-library/style.min.css?ver=5.8.10

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:04 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 16 Oct 2021 05:25:53 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "13abe-5ce718bae115c"
vary: Accept-Encoding,Host
content-type: text/css
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 80574
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 mobile-responsive.css
blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/css/ 106 KB
106 KB 1229ms
1225ms Stylesheet
text/css 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/css/mobile-responsive.css?ver=5.8.10

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

aaca7ef5b10dce82f9dd66e31815f073ef81677f6fc81c17ab6e688f2189fd20

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:04 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 16 Oct 2021 05:27:39 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "1a604-5ce7192035b0f"
vary: Accept-Encoding,Host
content-type: text/css
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 108036
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 global-nav.css
www.juniper.net/assets/styles/ 12 KB
13 KB 371ms
313ms Stylesheet
text/css 151.101.195.10
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.juniper.net/assets/styles/global-nav.css

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.195.10 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e253109e6d843fd0dd5887c79ec1340e56913d38ad179499aeb55163875de6a7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .juniper.net .junipercloud.net .mistsys.com .mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
Strict-Transport-Security	max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000, max-age=31536000; includeSubDomains
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net *.junipercloud.net *.mistsys.com *.mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
x-content-type-options: nosniff
date: Fri, 13 Sep 2024 14:14:04 GMT
x-cache: MISS
content-length: 12372
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1
x-served-by: cache-lga21965-LGA
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 07 May 2020 03:44:53 GMT
x-timer: S1726236844.705495,VS0,VS0,VE308
etag: "3054-5a506b411b740"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS, PUT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=259200, public
permissions-policy: geolocation=(self)
vary: Accept-Encoding
accept-ranges: bytes
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token

GET
H2 200 visual-composer.css
blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/css/ 613 KB
614 KB 1311ms
1308ms Stylesheet
text/css 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/css/visual-composer.css

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

4571e596020138c4fa269eabd1c5ae125d31c168c6d751aeb96d457f91ae9b45

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:04 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 16 Oct 2021 05:27:39 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "99534-5ce71920362df"
vary: Accept-Encoding,Host
content-type: text/css
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 628020
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 font.css
blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/ 3 KB
4 KB 2233ms
2229ms Stylesheet
text/css 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/font.css

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

0d959c38ce96d9eb0b03d81293e3bd3a9d4f7e82a760a67ee14e99cfa6ee601f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:05 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 04 Mar 2021 18:58:14 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "c7e-5bcba8cbe62c5"
vary: Accept-Encoding,Host
content-type: text/css
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 3198
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 app.css
blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/ 1 MB
1 MB 2234ms
2231ms Stylesheet
text/css 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/app.css

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

7af2c659d6f3451b1d60b59d07e71f8b6ddcba906f882bf363c5c8532b01f5ed

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:05 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 30 Jan 2020 08:55:32 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "138090-59d579e978900"
vary: Accept-Encoding,Host
content-type: text/css
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 1278096
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 jnpr.css
blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/ 18 KB
18 KB 2233ms
2230ms Stylesheet
text/css 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/jnpr.css?ver=1.0

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

3458646c92ebe1c0e71b5b65407f90227ccdbc073f8d7331f36c00847974032a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:05 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 09 Apr 2021 11:25:43 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "46d0-5bf886cb5b1ae"
vary: Accept-Encoding,Host
content-type: text/css
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 18128
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 mobile-responsive.css
blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/ 108 KB
108 KB 2237ms
2234ms Stylesheet
text/css 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/mobile-responsive.css

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

ed93f4b57dbafc1b959d886fcaba2d1fcfb4b94d390531cdcf8fcc079521a0e9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:05 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 17 Dec 2019 12:28:36 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "1ae53-599e5778f6500"
vary: Accept-Encoding,Host
content-type: text/css
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 110163
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 style.css
blogs.juniper.net/wp-content/themes/dfd-ronneby-child/ 669 B
1 KB 2320ms
2317ms Stylesheet
text/css 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/style.css

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

4d966ffbf39121ce17dca578684dda721702d20ee534cf9beeeb947b9a4cda12

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:05 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 24 Dec 2019 06:25:19 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "29d-59a6d353f31c0"
vary: Accept-Encoding,Host
content-type: text/css
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 669
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 css
fonts.googleapis.com/ 104 KB
4 KB 347ms
28ms Stylesheet
text/css 142.251.41.10
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%7CRaleway%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100italic%2C200italic%2C300italic%2C400italic%2C500italic%2C600italic%2C700italic%2C800italic%2C900italic%7CDroid+Serif%3A400%2C700%2C400italic%2C700italic%7CLora%3A400%2C700%2C400italic%2C700italic%7CRoboto%3A100%2C300%2C400%2C500%2C700%2C900%2C100italic%2C300italic%2C400italic%2C500italic%2C700italic%2C900italic&subset=latin&ver=1581418109

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.41.10 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s40-in-f10.1e100.net

Software

ESF /

Resource Hash

31e44d0bc68ceafd76cf8ec85d54022021b0cb74856203e43e27359bb0a78123

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 13 Sep 2024 14:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 13 Sep 2024 14:14:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 13 Sep 2024 14:14:03 GMT

GET
H2 200 jquery.min.js Show response
blogs.juniper.net/wp-includes/js/jquery/ 87 KB
88 KB 2318ms
2316ms Script
application/javascript 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:05 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 16 Oct 2021 05:25:53 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "15db1-5ce718baf8470"
vary: Accept-Encoding,Host
content-type: application/javascript
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 89521
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 jquery-migrate.min.js Show response
blogs.juniper.net/wp-includes/js/jquery/ 11 KB
11 KB 228ms
226ms Script
application/javascript 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:03 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 16 Oct 2021 05:25:53 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "2bd8-5ce718baf8088"
vary: Accept-Encoding,Host
content-type: application/javascript
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 11224
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js Show response
assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/ 716 KB
140 KB 356ms
5ms Script
application/x-javascript 23.199.49.14
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.199.49.14 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-199-49-14.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 8bdeccca78a78d8bbc1dc284695d1ac41bfb790521c3470e7947fa28d76ef969

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:03 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:35 GMT
server: AkamaiNetStorage
etag: "42f093221d03cd83715cc188bbe5a846:1725908255.153705"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 143060
expires: Fri, 13 Sep 2024 15:14:03 GMT

GET
H2 200 wp-emoji-release.min.js Show response
blogs.juniper.net/wp-includes/js/ 18 KB
18 KB 85ms
84ms Script
application/javascript 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-includes/js/wp-emoji-release.min.js?ver=5.8.10

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:06 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 16 Oct 2021 05:25:53 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "4705-5ce718bb0093e"
vary: Accept-Encoding,Host
content-type: application/javascript
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 18181
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 agenttesla_original_website-900x600.png
blogs.juniper.net/wp-content/uploads/2022/03/ 540 KB
542 KB 91ms
90ms Image
image/png 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.juniper.net/wp-content/uploads/2022/03/agenttesla_original_website-900x600.png

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

e9714a993c290626c2ade96436f885448d5a87a79bfcbaf2f693b3009de9ffc1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:03 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 19 Apr 2022 23:58:25 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "871bb-5dd0aa70e660c"
vary: Accept-Encoding,Host
content-type: image/png
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 553403
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 Screen-Shot-2022-04-06-at-4.00.37-PM-1024x273-900x600.png
blogs.juniper.net/wp-content/uploads/2022/04/ 464 KB
465 KB 2267ms
2266ms Image
image/png 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.juniper.net/wp-content/uploads/2022/04/Screen-Shot-2022-04-06-at-4.00.37-PM-1024x273-900x600.png

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

1e5835bdeb64e527df1798a27b0ed61c8b6003759bd6dcd57e7b59e1e5aa3f99

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:05 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 19 Apr 2022 23:58:09 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "741c5-5dd0aa60fba98"
vary: Accept-Encoding,Host
content-type: image/png
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 475589
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 icon-900x600.png
blogs.juniper.net/wp-content/uploads/2022/04/ 65 KB
66 KB 99ms
99ms Image
image/png 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.juniper.net/wp-content/uploads/2022/04/icon-900x600.png

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

46f5a39d726c1bf2ab0352d162587be095ec976e7d0b07ac28de888054a7537a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:04 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 19 Apr 2022 23:56:41 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "10415-5dd0aa0dba327"
vary: Accept-Encoding,Host
content-type: image/png
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 66581
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 js_composer.min.css
blogs.juniper.net/wp-content/plugins/js_composer/assets/css/ 473 KB
475 KB 85ms
85ms Stylesheet
text/css 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.0.5

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

bf376bda577cabdec91f4e3f27597af77cb736bd548e87e987e1ee97e0549f1c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:04 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 10 Dec 2019 10:09:43 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "765f9-59956b5fc47c0"
vary: Accept-Encoding,Host
content-type: text/css
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 484857
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 utils.js Show response
blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/js/ 2 KB
2 KB 83ms
83ms Script
application/javascript 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/js/utils.js

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

e4ccf32b4d570f678ef818d0ab645defe462926db4e3a7eb1985430e25a71d96

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:04 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 03 Mar 2020 10:37:20 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "722-59ff0e3718f2d"
vary: Accept-Encoding,Host
content-type: application/javascript
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 1826
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 jquery.form.min.js Show response
blogs.juniper.net/wp-includes/js/jquery/ 16 KB
16 KB 83ms
82ms Script
application/javascript 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-includes/js/jquery/jquery.form.min.js?ver=4.3.0

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

7dcbd9ddb813cf06084d60b6158da5289b9e33ba3f9e7c463fd20e7ec8462014

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:04 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 16 Oct 2021 05:25:53 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "3ef4-5ce718baf7ca0"
vary: Accept-Encoding,Host
content-type: application/javascript
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 16116
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 global-nav.js Show response
www.juniper.net/assets/scripts/ 220 KB
221 KB 315ms
314ms Script
application/javascript 151.101.195.10
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.195.10 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

290c5b04153c8864dd5d33449f64898b350019dca6e852654c92e5b5b63117d9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .juniper.net .junipercloud.net .mistsys.com .mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
Strict-Transport-Security	max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000, max-age=31536000; includeSubDomains
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net *.junipercloud.net *.mistsys.com *.mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
x-content-type-options: nosniff
date: Fri, 13 Sep 2024 14:14:04 GMT
x-cache: MISS
content-length: 225168
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1
x-served-by: cache-lga21965-LGA
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 11 Nov 2020 18:10:33 GMT
x-timer: S1726236844.436868,VS0,VS0,VE311
etag: "36f90-5b3d8b619b840"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS, PUT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=259200, public
permissions-policy: geolocation=(self)
vary: Accept-Encoding
accept-ranges: bytes
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token

GET
H2 200 uncompresed.js Show response
blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/js_pub/ 721 KB
722 KB 6147ms
6146ms Script
application/javascript 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/js_pub/uncompresed.js

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

bbd96c67188ee6d1977bd7bfc382000eff01010cb8656023d6bdf8b77ab91c95

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:11 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 03 Mar 2020 10:34:32 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "b43eb-59ff0d9735fb1"
vary: Accept-Encoding,Host
content-type: application/javascript
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 738283
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 wp-embed.min.js Show response
blogs.juniper.net/wp-includes/js/ 1 KB
2 KB 84ms
83ms Script
application/javascript 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-includes/js/wp-embed.min.js?ver=5.8.10

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

6a482d2d94c0d1bc6937a1759389d01b475e6b28a0d9b5d7eaa3f9cc8f59f3cd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:06 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 16 May 2023 21:35:32 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "5c6-5fbd659d2378d"
vary: Accept-Encoding,Host
content-type: application/javascript
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 1478
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 js_composer_front.min.js Show response
blogs.juniper.net/wp-content/plugins/js_composer/assets/js/dist/ 20 KB
21 KB 84ms
83ms Script
application/javascript 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.0.5

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

43cdf46f331fec5ba92e402e3d5cad473099892cbdafca02e607cd03705104bf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:06 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 10 Dec 2019 10:09:44 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "5079-59956b60b8a00"
vary: Accept-Encoding,Host
content-type: application/javascript
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 20601
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 p.css
p.typekit.net/ 5 B
172 B 343ms
4ms Stylesheet
text/css 23.204.152.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=xma4cpx&ht=tk&f=15701.15703.15705.15708&a=67798657&app=typekit&e=css
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/font.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.204.152.170 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-204-152-170.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:06 GMT
last-modified: Sun, 10 Mar 2024 12:44:13 GMT
server: nginx
etag: "65edab1d-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 id Show response
dpm.demdex.net/ 602 B
1 KB 47ms
17ms XHR
application/json 3.90.95.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=D206123F524450F50A490D45%40AdobeOrg&d_nsid=0&ts=1726236846315

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.90.95.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-90-95-212.compute-1.amazonaws.com

Software

Resource Hash

260602af164a617c57f1e7891ce27d99be6b3fa6727dfc9c7122302d4b8fabc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

dcs: dcs-prod-va6-2-v064-0d4f5c5a1.edge-va6.demdex.com 6 ms
pragma: no-cache
date: Fri, 13 Sep 2024 14:14:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-tid: vyw8r7GkTNU=
vary: Origin
content-type: application/json;charset=utf-8
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://blogs.juniper.net
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials: true
content-length: 443
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 EXa4b17e6a46f94e7eb3e0be11da647d34-libraryCode_source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 34 KB
13 KB 7ms
7ms Script
application/x-javascript 23.199.49.14
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/EXa4b17e6a46f94e7eb3e0be11da647d34-libraryCode_source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.199.49.14 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-199-49-14.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a0017954d36e42d9f624ad09e6ea706e253683a036ccfae96137f6b487eeb2e6

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:06 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 12904
expires: Fri, 13 Sep 2024 15:14:06 GMT

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 491 B
981 B 57ms
36ms XHR
application/json 13.226.34.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?key=KPoJNUhqFN4BlhMgpIM033sl6wtdnfvyBcHrASKk&page=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&referrer=&page_title=Blackbyte%20Ransomware%20%7C%20Official%20Juniper%20Networks%20Blogs&src=adobelaunch
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.34.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-34-62.ewr53.r.cloudfront.net
Software: nginx /
Resource Hash: bd94bd76671f4d3b3358adec3b8308025cefdf2140a0ca8a37ceb95e69bcfe15

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:06 GMT
identification-source: CENTRAL
content-encoding: gzip
via: 1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR53-C2
x-cache: Miss from cloudfront
request-id: 52301f63-66b1-4e85-aa90-47406ec31fa3
pragma: no-cache
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blogs.juniper.net
access-control-expose-headers: x-amz-cf-id
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
vary: Accept-Encoding, Origin
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Slu_apZFBDst7TMsMcmeYGIUymPaUPrA7txRmNkUKdv1eYP2CbbhRg==
expires: Thu, 12 Sep 2024 14:14:06 GMT

GET
H2 200 Juniper-Networks-518251288-GREEN.jpg
blogs.juniper.net/wp-content/uploads/2020/01/ 397 KB
398 KB 90ms
89ms Image
image/jpeg 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.juniper.net/wp-content/uploads/2020/01/Juniper-Networks-518251288-GREEN.jpg

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

e140beffd54616292cdd8060a530be3bf2b03f0d8186233186474b8e267db1bb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:06 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 24 Jan 2020 07:09:48 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "6324f-59cdd71698700"
vary: Accept-Encoding,Host
content-type: image/jpeg
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 406095
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 search-icon.svg
blogs.juniper.net/assets/svg/ 445 B
950 B 89ms
89ms Image
image/svg+xml 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.juniper.net/assets/svg/search-icon.svg

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/jnpr.css?ver=1.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

2ad4e96fb2e21b58c32607429b7597950140dee740489604ba141308622b8929

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/jnpr.css?ver=1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:06 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 13 Feb 2020 10:18:32 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "1bd-59e7269338e00"
vary: Accept-Encoding,Host
content-type: image/svg+xml
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 445
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 l
use.typekit.net/af/220823/000000000000000000015231/27/ 228 KB
228 KB 340ms
13ms Font
application/font-woff2 23.55.235.235
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/220823/000000000000000000015231/27/l?primer=f592e0a4b9356877842506ce344308576437e4f677d7c9b78ca2162e6cad991a&fvd=n7&v=3
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/font.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.55.235.235 Newark, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-55-235-235.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 8557ceef587615c421b7697a3a046e1b5605c514c6299787b89882797e97f120

Request headers

Referer: https://blogs.juniper.net/
Origin: https://blogs.juniper.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:06 GMT
server: nginx
etag: "a6d7ec334355c982af1029545363c128b8ebf3ec"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 233504

GET
H2 200 l
use.typekit.net/af/180254/00000000000000000001522c/27/ 230 KB
230 KB 352ms
26ms Font
application/font-woff2 23.55.235.235
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/180254/00000000000000000001522c/27/l?primer=f592e0a4b9356877842506ce344308576437e4f677d7c9b78ca2162e6cad991a&fvd=n4&v=3
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/font.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.55.235.235 Newark, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-55-235-235.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a0f10ac61e20d25989eea5b54c5fcc43934853847f67054b401333413ac132d0

Request headers

Referer: https://blogs.juniper.net/
Origin: https://blogs.juniper.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:06 GMT
server: nginx
etag: "b368e5602e52f93ea8bb04f8e30b4af6a24b1c6d"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 235028

GET
H2 200 l
use.typekit.net/af/bdde80/00000000000000000001522d/27/ 247 KB
247 KB 330ms
5ms Font
application/font-woff2 23.55.235.235
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/bdde80/00000000000000000001522d/27/l?primer=f592e0a4b9356877842506ce344308576437e4f677d7c9b78ca2162e6cad991a&fvd=i4&v=3
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/font.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.55.235.235 Newark, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-55-235-235.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a2230e9dd7b979f89ff7b0af3aba00aa58f6ec169db58ce5dbc782d08371dd66

Request headers

Referer: https://blogs.juniper.net/
Origin: https://blogs.juniper.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:06 GMT
server: nginx
etag: "d62548ca39fe9b02351a1ca312096b30d863179d"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 252724

GET
H2 200 soc-icons.woff
blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/fonts/ 34 KB
35 KB 85ms
84ms Font
application/font-woff 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/fonts/soc-icons.woff

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/app.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

21ac17720285646169355f26dc7e527c20d2882a8d1de2a902e429dc94f9acd5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/wp-content/themes/dfd-ronneby-child/assets/css/app.css
Origin: https://blogs.juniper.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:06 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 10 Dec 2019 10:01:29 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "899c-59956988a7040"
vary: Accept-Encoding,Host
content-type: application/font-woff
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 35228
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 dfd_icon_set.woff
blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/fonts/dfd_icon_set/ 573 KB
574 KB 84ms
83ms Font
application/font-woff 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/fonts/dfd_icon_set/dfd_icon_set.woff?t0y29j

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/fonts/dfd_icon_set/dfd_icon_set.css?ver=5.8.10

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

eb8b8bd903a4e388dca1baac5a72110f4eb1f479ee7b655ca53490081726680c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/wp-content/themes/dfd-ronneby/assets/fonts/dfd_icon_set/dfd_icon_set.css?ver=5.8.10
Origin: https://blogs.juniper.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:06 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 16 Oct 2021 05:27:39 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "8f374-5ce719203821f"
vary: Accept-Encoding,Host
content-type: application/font-woff
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 586612
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 ransom_note-1024x444.png
blogs.juniper.net/wp-content/uploads/2022/03/ 236 KB
237 KB 168ms
165ms Image
image/png 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.juniper.net/wp-content/uploads/2022/03/ransom_note-1024x444.png

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

ac842a7d8f8ad92c6210375fbd8ed2373888ce7853659d61981d8372fe1c9eb8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:06 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 21 Mar 2022 06:50:41 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "3b16a-5dab4ea34f303"
vary: Accept-Encoding,Host
content-type: image/png
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 242026
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 blackbyte_static_properties.png
blogs.juniper.net/wp-content/uploads/2022/03/ 5 KB
5 KB 202ms
200ms Image
image/png 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.juniper.net/wp-content/uploads/2022/03/blackbyte_static_properties.png

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

45d726de893364cc8c294fbb28b94d03276325f6ec77cb0bcda6eddafc6119fe

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:06 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 21 Mar 2022 06:50:39 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "1287-5dab4ea129d9c"
vary: Accept-Encoding,Host
content-type: image/png
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 4743
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 blackbyte_functions.png
blogs.juniper.net/wp-content/uploads/2022/03/ 16 KB
17 KB 204ms
202ms Image
image/png 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogs.juniper.net/wp-content/uploads/2022/03/blackbyte_functions.png

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

dfad551a53c767e229da4a2f650e4b10d698f1b361b74e9f88a862dddaf64041

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:06 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 21 Mar 2022 06:50:38 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "419b-5dab4ea046cd2"
vary: Accept-Encoding,Host
content-type: image/png
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 16795
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 jnpr-logo.svg Show response
www.juniper.net/assets/svg/ 3 KB
4 KB 329ms
316ms XHR
image/svg+xml 151.101.195.10
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.juniper.net/assets/svg/jnpr-logo.svg

Requested by

Host: www.juniper.net
URL: https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.195.10 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

57f53d1b65316e7362b02a42d2a07319fcd3a8d75f2dc91d0094caf98181c741

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .juniper.net .junipercloud.net .mistsys.com .mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
Strict-Transport-Security	max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000, max-age=31536000; includeSubDomains
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net *.junipercloud.net *.mistsys.com *.mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
x-content-type-options: nosniff
date: Fri, 13 Sep 2024 14:14:06 GMT
x-cache: MISS
content-length: 3131
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1
x-served-by: cache-lga21978-LGA
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 02 Nov 2018 05:55:25 GMT
x-timer: S1726236846.474380,VS0,VS0,VE313
etag: "c3b-579a82e7d8d40"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS, PUT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=259200, public
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token

GET
H2 200 jnpr-social-icon_blog.svg Show response
www.juniper.net/assets/icons/social/ 3 KB
4 KB 321ms
315ms XHR
image/svg+xml 151.101.195.10
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.juniper.net/assets/icons/social/jnpr-social-icon_blog.svg

Requested by

Host: www.juniper.net
URL: https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.195.10 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4ac6f3f96ba95b41a75dace029d6f460e9721949d91b2680723394f1c8ecce29

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .juniper.net .junipercloud.net .mistsys.com .mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
Strict-Transport-Security	max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000, max-age=31536000; includeSubDomains
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net *.junipercloud.net *.mistsys.com *.mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
x-content-type-options: nosniff
date: Fri, 13 Sep 2024 14:14:06 GMT
x-cache: MISS
content-length: 3560
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1
x-served-by: cache-lga21978-LGA
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 19 Feb 2020 09:37:43 GMT
x-timer: S1726236846.474715,VS0,VS0,VE310
etag: "de8-59eea8a4707c0"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS, PUT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=259200, public
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token

GET
H2 200 jnpr-social-icon_facebook.svg Show response
www.juniper.net/assets/icons/social/ 366 B
885 B 324ms
318ms XHR
image/svg+xml 151.101.195.10
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.juniper.net/assets/icons/social/jnpr-social-icon_facebook.svg

Requested by

Host: www.juniper.net
URL: https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.195.10 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

7ff5a2ce1b7603d6e9f61f85587efe96cbed61d71ace91bcc6ca7d0bc07cc7ce

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .juniper.net .junipercloud.net .mistsys.com .mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
Strict-Transport-Security	max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000, max-age=31536000; includeSubDomains
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net *.junipercloud.net *.mistsys.com *.mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
x-content-type-options: nosniff
date: Fri, 13 Sep 2024 14:14:06 GMT
x-cache: MISS
content-length: 366
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1
x-served-by: cache-lga21978-LGA
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 25 Sep 2018 21:30:52 GMT
x-timer: S1726236846.474526,VS0,VS0,VE316
etag: "16e-576b8d1f35b00"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS, PUT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=259200, public
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token

GET
H2 200 jnpr-social-icon_twitter.svg Show response
www.juniper.net/assets/icons/social/ 582 B
2 KB 321ms
315ms XHR
image/svg+xml 151.101.195.10
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.juniper.net/assets/icons/social/jnpr-social-icon_twitter.svg

Requested by

Host: www.juniper.net
URL: https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.195.10 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

15c14a35beeabe632f718ce14189ade1b8b6760b977e1e8149b5e1211d3efde5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .juniper.net .junipercloud.net .mistsys.com .mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
Strict-Transport-Security	max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000, max-age=31536000; includeSubDomains
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net *.junipercloud.net *.mistsys.com *.mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
x-content-type-options: nosniff
date: Fri, 13 Sep 2024 14:14:06 GMT
x-cache: MISS
content-length: 582
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1
x-served-by: cache-lga21978-LGA
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 25 Sep 2018 21:30:52 GMT
x-timer: S1726236846.474598,VS0,VS0,VE312
etag: "246-576b8d1f35b00"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS, PUT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=259200, public
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token

GET
H2 200 jnpr-social-icon_youtube.svg Show response
www.juniper.net/assets/icons/social/ 451 B
977 B 312ms
308ms XHR
image/svg+xml 151.101.195.10
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.juniper.net/assets/icons/social/jnpr-social-icon_youtube.svg

Requested by

Host: www.juniper.net
URL: https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.195.10 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c6846556479addb85175eb801d75cd64485ccec53b42fac54441fef1895c0408

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .juniper.net .junipercloud.net .mistsys.com .mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
Strict-Transport-Security	max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000, max-age=31536000; includeSubDomains
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net *.junipercloud.net *.mistsys.com *.mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
x-content-type-options: nosniff
date: Fri, 13 Sep 2024 14:14:06 GMT
x-cache: MISS
content-length: 451
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1
x-served-by: cache-lga21978-LGA
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 25 Sep 2018 21:30:52 GMT
x-timer: S1726236846.475112,VS0,VS0,VE304
etag: "1c3-576b8d1f35b00"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS, PUT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=259200, public
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token

GET
H2 200 jnpr-social-icon_linkedin.svg Show response
www.juniper.net/assets/icons/social/ 724 B
2 KB 324ms
320ms XHR
image/svg+xml 151.101.195.10
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.juniper.net/assets/icons/social/jnpr-social-icon_linkedin.svg

Requested by

Host: www.juniper.net
URL: https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.195.10 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

70349fe86be7c6dcd4062011d02d91185a4a45b60e2826f05985d67f8ae43bd3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .juniper.net .junipercloud.net .mistsys.com .mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
Strict-Transport-Security	max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000, max-age=31536000; includeSubDomains
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net *.junipercloud.net *.mistsys.com *.mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
x-content-type-options: nosniff
date: Fri, 13 Sep 2024 14:14:06 GMT
x-cache: MISS
content-length: 724
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1
x-served-by: cache-lga21978-LGA
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 25 Sep 2018 21:30:52 GMT
x-timer: S1726236846.474598,VS0,VS0,VE317
etag: "2d4-576b8d1f35b00"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS, PUT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=259200, public
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token

GET
H2 200 jnpr-social-icon_instgram.svg Show response
www.juniper.net/assets/icons/social/ 1 KB
2 KB 242ms
239ms XHR
image/svg+xml 151.101.195.10
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.juniper.net/assets/icons/social/jnpr-social-icon_instgram.svg

Requested by

Host: www.juniper.net
URL: https://www.juniper.net/assets/scripts/global-nav.js?ver=1.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.195.10 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e8d5b01af589f68a0f2da663d3efc472fabb22d9ede91a7ffcf74d21e6295506

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .juniper.net .junipercloud.net .mistsys.com .mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
Strict-Transport-Security	max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000, max-age=31536000; includeSubDomains
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net *.junipercloud.net *.mistsys.com *.mist.com https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com
x-content-type-options: nosniff
date: Fri, 13 Sep 2024 14:14:06 GMT
x-cache: MISS
content-length: 1037
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1
x-served-by: cache-lga21978-LGA
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 03 Dec 2018 20:00:23 GMT
x-timer: S1726236846.474924,VS0,VS0,VE236
etag: "40d-57c23996843c0"
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS, PUT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=259200, public
permissions-policy: geolocation=(self)
accept-ranges: bytes
access-control-allow-headers: x-requested-with, Content-Type, origin, authorization, accept, client-security-token

GET
H2 200 dest5.html
junipernetworks.demdex.net/ Frame ACB1 0
0 66ms
13ms Document
text/html 54.165.250.234
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://junipernetworks.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.165.250.234 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-165-250-234.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://blogs.juniper.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Fri, 13 Sep 2024 14:14:06 GMT
dcs: dcs-prod-va6-2-v064-0a03f1fa2.edge-va6.demdex.com 0 ms
expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Mon, 19 Aug 2024 12:41:17 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
x-tid: ScEjxTpNQjE=

GET
H2 200 id Show response
junipernetworks.d2.sc.omtrdc.net/ 2 B
268 B 53ms
14ms XHR
application/x-javascript 63.140.39.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://junipernetworks.d2.sc.omtrdc.net/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=D206123F524450F50A490D45%40AdobeOrg&mid=68102981704594369273668614592120153544&ts=1726236846478

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.39.224 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ip-63-140-39-224.data.adobedc.net

Software

jag /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 13 Sep 2024 14:14:06 GMT
x-content-type-options: nosniff
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: https://blogs.juniper.net
p3p: CP="This is not a P3P policy"
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-length: 2
x-xss-protection: 1; mode=block

GET
H2

200

ibs:dpid=411&dpuuid=ZuRIrgAAAH0qThva
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=62973213336239018484255365022483258415
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZuRIrgAAAH0qThva

42 B
717 B

33ms
32ms

Image
image/gif

3.90.95.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZuRIrgAAAH0qThva

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Server

3.90.95.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-90-95-212.compute-1.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

dcs: dcs-prod-va6-2-v064-02995f1bf.edge-va6.demdex.com 21 ms
pragma: no-cache
date: Fri, 13 Sep 2024 14:14:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: usFNdxxsQ1c=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZuRIrgAAAH0qThva
Date: Fri, 13 Sep 2024 14:14:06 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 json Show response
junipernetworks.tt.omtrdc.net/m2/junipernetworks/mbox/ 537 B
945 B 320ms
105ms XHR
application/json 63.140.37.145
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://junipernetworks.tt.omtrdc.net/m2/junipernetworks/mbox/json?mbox=target-global-mbox&mboxSession=3692ebae2c1742748de67fe7950fc268&mboxPC=&mboxPage=a780684e4c4647dca5a500a5119977e0&mboxRid=fec47b540c39480ba33ee5b2fde6ba45&mboxVersion=1.8.3&mboxCount=1&mboxTime=1726200846502&mboxHost=blogs.juniper.net&mboxURL=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&mboxReferrer=&browserHeight=1200&browserWidth=1600&browserTimeOffset=-600&screenHeight=1200&screenWidth=1600&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&webGLRenderer=Intel%20Iris%20OpenGL%20Engine&at_property=731b0e75-98c0-3152-d94c-88331af4fd48&mboxMCSDID=6256AE644768177E-7068F1B16AD18C60&vst.trk=junipernetworks.d2.sc.omtrdc.net&vst.trks=junipernetworks.d2.sc.omtrdc.net&mboxMCGVID=68102981704594369273668614592120153544&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&mboxMCGLH=7

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.37.145 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-63-140-37-145.data.adobedc.net

Software

jag /

Resource Hash

7e1e02911da45d0fb20716a22d2733e2f6cb1fdc5143e6a196757ba1dd3d1b9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 14:14:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
server: jag
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://blogs.juniper.net
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 537
x-xss-protection: 1; mode=block
x-request-id: fec47b540c39480ba33ee5b2fde6ba45

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 339ms
4ms Script
application/javascript 23.200.3.26
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.200.3.26 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-200-3-26.deploy.static.akamaitechnologies.com

Software

Resource Hash

4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 22 Aug 2024 11:06:54 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=73185
accept-ranges: bytes
content-length: 14628

GET
H2

200

activityi;dc_pre=CKmYy7KNwIgDFaGjjggdsMUNyg;src=3872718;type=gojpnet;cat=pagev0;u1=TFfdnwVwYrblgy0QP9zHMElMVkRzg8GT-1726236851;u2=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-bas...
3872718.fls.doubleclick.net/ Frame 112F
Redirect Chain

https://3872718.fls.doubleclick.net/activityi;src=3872718;type=gojpnet;cat=pagev0;u1=TFfdnwVwYrblgy0QP9zHMElMVkRzg8GT-1726236851;u2=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-b...
https://3872718.fls.doubleclick.net/activityi;dc_pre=CKmYy7KNwIgDFaGjjggdsMUNyg;src=3872718;type=gojpnet;cat=pagev0;u1=TFfdnwVwYrblgy0QP9zHMElMVkRzg8GT-1726236851;u2=https%3A%2F%2Fblogs.juniper.net...

0
0

89ms
87ms

Document
text/html

142.250.80.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3872718.fls.doubleclick.net/activityi;dc_pre=CKmYy7KNwIgDFaGjjggdsMUNyg;src=3872718;type=gojpnet;cat=pagev0;u1=TFfdnwVwYrblgy0QP9zHMElMVkRzg8GT-1726236851;u2=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;u5=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4912792693272.599?

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.70 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 1091
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Sep 2024 14:14:11 GMT
expires: Fri, 13 Sep 2024 14:14:11 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Sep 2024 14:14:11 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://3872718.fls.doubleclick.net/activityi;dc_pre=CKmYy7KNwIgDFaGjjggdsMUNyg;src=3872718;type=gojpnet;cat=pagev0;u1=TFfdnwVwYrblgy0QP9zHMElMVkRzg8GT-1726236851;u2=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;u5=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4912792693272.599?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 conversion.js Show response
www.googleadservices.com/pagead/ 56 KB
20 KB 56ms
35ms Script
text/javascript 142.250.64.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.66 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s30-in-f2.1e100.net

Software

cafe /

Resource Hash

7e02d82244afece4d81dbfa0318378cfe946de1cb062cc2c0ddb498f3ff3eb79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:11 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20848
x-xss-protection: 0
server: cafe
etag: 13646012712460357126
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 13 Sep 2024 14:14:11 GMT

GET
H/1.1 200
OK elqCfg.min.js Show response
img.en25.com/i/ 6 KB
3 KB 50ms
35ms Script
application/x-javascript 23.201.179.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://img.en25.com/i/elqCfg.min.js

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.201.179.45 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-201-179-45.deploy.static.akamaitechnologies.com

Software

Resource Hash

3346de8e2ae1bfde250c7ac5c06f79a0a60c7faef8e5e08a2c9e8fbf5ec2c9e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Fri, 13 Sep 2024 14:14:11 GMT
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Connection: keep-alive
Content-Length: 2183
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Fri, 12 Jul 2024 05:36:33 GMT
ETag: "5fbd42741dd4da1:0"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: no-store
Accept-Ranges: bytes
X-Robots-Tag: noindex, nofollow
Expires: Fri, 13 Sep 2024 14:14:11 GMT

GET
H/1.1 200
OK svrGP
s1229.t.eloqua.com/visitor/v200/ 49 B
448 B 66ms
23ms Image
image/gif 192.29.67.231
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1229.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=1229&ref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&ref2=elqNone&tzo=600&ms=429&optin=disabled

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

192.29.67.231 Toronto, Canada, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

Resource Hash

f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Date: Fri, 13 Sep 2024 14:14:11 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: no-store
X-Robots-Tag: noindex, nofollow
Content-Length: 49
X-Xss-Protection: 1; mode=block
Expires: -1

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/956680084/ 5 KB
3 KB 651ms
32ms Script
text/javascript 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/956680084/?random=1726236851436&cv=9&fst=1726236851436&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=376635471%2C375603260%2C466465925%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-600&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&tiba=Blackbyte%20Ransomware%20%7C%20Official%20Juniper%20Networks%20Blogs&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

cafe /

Resource Hash

653d215d9d85dffedc07db2a451ab6fdaac8f9cffa578166d3d9806a19e07c35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 14:14:12 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel
bid.g.doubleclick.net/xbbe/ Frame A5B2 0
0 62ms
30ms Document
text/html 142.251.179.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/pixel?d=KAE

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.179.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Sep 2024 14:14:11 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 RC818ad63b83d845bf86e25bc68d85042a-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 1022 B
755 B 6ms
5ms Script
application/x-javascript 23.199.49.14
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC818ad63b83d845bf86e25bc68d85042a-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.199.49.14 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-199-49-14.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 99f112114fdf68a2c9913bbdff0f0ec524243ce621aa8b46f6275620695fb208

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:11 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 498
expires: Fri, 13 Sep 2024 15:14:11 GMT

GET
H2 200 RC2950651f62ef416783ad5b44afec1390-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 592 B
631 B 5ms
5ms Script
application/x-javascript 23.199.49.14
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC2950651f62ef416783ad5b44afec1390-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.199.49.14 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-199-49-14.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 47d50114dccf7494ae9299fec825f1eae1aabfb94154b5f8ab9923754104e3f0

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:11 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 374
expires: Fri, 13 Sep 2024 15:14:11 GMT

GET
H2 200 wRPiG49f.min.js Show response
scripts.demandbase.com/ 63 KB
18 KB 16ms
4ms Script
application/javascript 52.85.61.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://scripts.demandbase.com/wRPiG49f.min.js

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.85.61.96 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-85-61-96.ewr53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

8d652933fc07439cc510cffb3133311ee07f6f424d2964cb7f4ef3eb4e2b2793

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: 9A6IZpdegZk_aH6qZQV_nTcBMeEATLlq
content-encoding: gzip
via: 1.1 99b519fb7ca87e7fd6040aacb1160452.cloudfront.net (CloudFront)
date: Fri, 13 Sep 2024 13:31:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: EWR53-P1
age: 2585
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 27 Aug 2024 19:15:01 GMT
server: AmazonS3
etag: W/"59f7314e86d7f85ab0bc9bea5d9ea05e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
x-amz-cf-id: _K9STS2FRR-gKvpvWngdq5OkO8thFChrn0HkFlltpJZ4mhmelfxuYg==

GET
H2 200 sync
s.company-target.com/s/ Frame 52C8 0
0 33ms
13ms Document
text/html 34.96.71.22
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.company-target.com/s/sync?exc=lr
Requested by: Host: scripts.demandbase.com
URL: https://scripts.demandbase.com/wRPiG49f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.71.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 22.71.96.34.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Referer: https://blogs.juniper.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-methods: GET,OPTIONS
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 634
content-type: text/html; charset=UTF-8
date: Fri, 13 Sep 2024 14:14:11 GMT
via: 1.1 google

GET
H/1.1

200
OK

log
segments.company-target.com/
Redirect Chain

https://id.rlcdn.com/464526.gif
https://segments.company-target.com/log?vendor=liveramp&user_id=

26 B
349 B

24ms
12ms

Image
image/gif

13.226.94.12
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/log?vendor=liveramp&user_id=
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
Protocol: HTTP/1.1
Server: 13.226.94.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-94-12.jfk52.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Fri, 13 Sep 2024 14:14:11 GMT
Via: 1.1 20807453c5a15da53ec1d3eb5e2fdcca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: JFK52-P10
X-Cache: Miss from cloudfront
Content-Type: image/gif
Connection: keep-alive
Content-Length: 26
X-Amz-Cf-Id: 4TT7al-8zx_shz9PfiwzXlzCfnr1jGxfk6JZFIccufSiFucYI3qntQ==

Redirect headers

date: Fri, 13 Sep 2024 14:14:11 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://segments.company-target.com/log?vendor=liveramp&user_id=
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H2 200 ip.json Show response
api.company-target.com/api/v3/ 491 B
985 B 58ms
56ms XHR
application/json 13.226.34.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v3/ip.json?referrer=&page=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&page_title=Blackbyte%20Ransomware%20%7C%20Official%20Juniper%20Networks%20Blogs
Requested by: Host: scripts.demandbase.com
URL: https://scripts.demandbase.com/wRPiG49f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.34.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-34-62.ewr53.r.cloudfront.net
Software: nginx /
Resource Hash: 4d9cffcc2365a3bd401c73a2d2e5f769c1730cdeb289dab56fe185ecd6279ec3

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 13 Sep 2024 14:14:11 GMT
identification-source: CENTRAL
content-encoding: gzip
via: 1.1 2772ea7c91d6d2b9d83ea6d082faecc8.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR53-C2
x-cache: Miss from cloudfront
request-id: 5c5ff02a-e5b1-4930-ad2a-272338b96031
pragma: no-cache
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blogs.juniper.net
access-control-expose-headers: x-amz-cf-id
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
vary: Accept-Encoding, Origin
api-version: v3
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: vvqEOKgyBO-RHudUAFD2Tz_qXxicP_bieQaLCFTT-ZeXDKWwQvvaZg==
expires: Thu, 12 Sep 2024 14:14:11 GMT

GET
H2 200 s68004972287651
junipernetworks.d2.sc.omtrdc.net/b/ss/jnprod/1/JS-2.12.0-LEWM/ 43 B
224 B 16ms
14ms Image
image/gif 63.140.39.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://junipernetworks.d2.sc.omtrdc.net/b/ss/jnprod/1/JS-2.12.0-LEWM/s68004972287651?AQB=1&ndh=1&pf=1&t=13%2F8%2F2024%204%3A14%3A11%205%20600&sdid=6256AE644768177E-7068F1B16AD18C60&mid=68102981704594369273668614592120153544&aamlh=7&ce=UTF-8&pageName=blogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&g=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&cc=USD&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=blogs.juniper.net&v5=TFfdnwVwYrblgy0QP9zHMElMVkRzg8GT-1726236851&v6=D%3Dmid&v15=D%3DpageName&v19=%28Non-Company%20Visitor%29&v20=%28Non-Company%20Visitor%29%22&v25=%28Non-Company%20Visitor%29&v26=%28Non-Company%20Visitor%29&v27=%28Non-Company%20Visitor%29&v28=%28Non-Company%20Visitor%29&v29=%28Non-Company%20Visitor%29&v30=%22%28Non-Company%20Visitor%29&v31=%28Non-Company%20Visitor%29&v32=%28Non-Company%20Visitor%29&v33=%28Non-Company%20Visitor%29&v34=%28Non-Company%20Visitor%29&v35=%28Non-Company%20Visitor%29&v36=%28Non-Company%20Visitor%29&v37=%28Non-Company%20Visitor%29%22&v38=%22%28Non-Company%20Visitor%29&v39=%28Non-Company%20Visitor%29&v40=%28Non-Company%20Visitor%29&v41=%28Non-Company%20Visitor%29&v42=%28Non-Company%20Visitor%29&v43=%28Non-Company%20Visitor%29&v44=%28Non-Company%20Visitor%29&v45=Residential%22&v46=%22%28Non-Company%20Visitor%29&v80=blackbyte-ransomware&v84=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=D206123F524450F50A490D45%40AdobeOrg&AQE=1

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.39.224 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ip-63-140-39-224.data.adobedc.net

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 14:14:11 GMT
x-content-type-options: nosniff
last-modified: Sat, 14 Sep 2024 14:14:11 GMT
server: jag
etag: 3707065411533930496-4618547927757234949
vary: *
p3p: CP="This is not a P3P policy"
access-control-allow-origin: *
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0, no-transform, private
content-length: 43
x-xss-protection: 1; mode=block
expires: Thu, 12 Sep 2024 14:14:11 GMT

GET
H2 200 bg9s Show response
tag-logger.demandbase.com/ 0
419 B 344ms
26ms XHR
text/html 18.164.116.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag-logger.demandbase.com/bg9s?x-amz-cf-id=vvqEOKgyBO-RHudUAFD2Tz_qXxicP_bieQaLCFTT-ZeXDKWwQvvaZg==&api-version=v3
Requested by: Host: scripts.demandbase.com
URL: https://scripts.demandbase.com/wRPiG49f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.164.116.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-164-116-38.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: 8SdDCdpJvGjkSiMFPv08XcVSgwOMVVmH
date: Thu, 12 Sep 2024 20:04:17 GMT
via: 1.1 2f276f8b7ce92ba7a0844268d20c32ba.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P6
age: 65394
x-amz-server-side-encryption: AES256
x-cache: Error from cloudfront
content-length: 0
last-modified: Tue, 07 Mar 2023 20:47:02 GMT
server: AmazonS3
etag: "d41d8cd98f00b204e9800998ecf8427e"
vary: accept-encoding
content-type: text/html
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: Do7cT6YQTA9u0Cj1aEhTNQrk3EtXImTWrdRQB7aqDDo6ohTmMj-hPA==

GET attribution_trigger
px.ads.linkedin.com/ 0
0

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4751&time=1726236851636&li_adsId=10b950da-4f30-4ceb-a955-9509084ba0d0&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fb...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4751&time=1726236851636&li_adsId=10b950da-4f30-4ceb-a955-9509084ba0d0&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fb...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4751%26time%3D1726236851636%26li_adsId%3D10b950da-4f30-4ceb-a955-9509084ba0d0%26u...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4751&time=1726236851636&li_adsId=10b950da-4f30-4ceb-a955-9509084ba0d0&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fb...

0
163 B

104ms
103ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4751&time=1726236851636&li_adsId=10b950da-4f30-4ceb-a955-9509084ba0d0&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&cookiesTest=true&liSync=true
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:11 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 657550D294154AFA820A5FAD1151AA6A Ref B: EWR30EDGE1107 Ref C: 2024-09-13T14:14:12Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: application/javascript
x-li-fabric: prod-lor1
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYiANZhk0PPAdLu74DUtQ==

Redirect headers

strict-transport-security: max-age=31536000
content-security-policy: frame-ancestors 'self'
x-content-type-options: nosniff
date: Fri, 13 Sep 2024 14:14:11 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-length: 0
x-li-uuid: AAYiANZf57xvSVqcEFCb0A==
pragma: no-cache
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 784DF88701EB4DD5BB665FB46F2587FA Ref B: EWR30EDGE1107 Ref C: 2024-09-13T14:14:12Z
x-frame-options: sameorigin
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4751&time=1726236851636&li_adsId=10b950da-4f30-4ceb-a955-9509084ba0d0&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&cookiesTest=true&liSync=true
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/956680084/ 42 B
455 B 641ms
23ms Image
image/gif 142.250.65.164
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/956680084/?random=1726236851436&cv=9&fst=1726236000000&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=376635471%2C375603260%2C466465925%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-600&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&tiba=Blackbyte%20Ransomware%20%7C%20Official%20Juniper%20Networks%20Blogs&hn=www.googleadservices.com&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnf25gWEyFwQkSvEp81IWjgCTezubUBkkKe_Kscz7Yfzhv-BLEz&random=2330871460&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.164 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 14:14:12 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
200 B 124ms
122ms XHR
text/plain 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 13 Sep 2024 14:14:11 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: C25C8EA2CBA34C658B13C4B9713341CE Ref B: EWR30EDGE1107 Ref C: 2024-09-13T14:14:12Z
linkedin-action: 1
vary: Origin
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lor1
access-control-allow-origin: https://blogs.juniper.net
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYiANZjXk2ZDYo7RK1OgQ==

GET
H2 200 attribution_trigger
px.ads.linkedin.com/ 2 B
807 B 1660ms
1660ms Image
application/json 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=4751&time=1726236851636&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

attribution-reporting-register-trigger: {"event_trigger_data":[{"priority":"0","trigger_data":"4"}],"filters":[{"c":["337843546"]},{"c":["337843326"]},{"c":["337835186"]},{"c":["337826536"]},{"c":["337817176"]}],"debug_key":"14423004"}
content-encoding: gzip
date: Fri, 13 Sep 2024 14:14:13 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-cache: CONFIG_NOCACHE
x-li-uuid: AAYiANZn6Sc3u9mt8VzJFQ==
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 736B094DD73A47F1B4E135CE7E65A795 Ref B: EWR30EDGE1107 Ref C: 2024-09-13T14:14:12Z
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lor1
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-fs-uuid: 00062200d667e92737bbd9adf15cc915

GET
H2 200 RCa7fb60ad9a5747ea9dd5b02061f0f551-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 514 B
573 B 8ms
7ms Script
application/x-javascript 23.199.49.14
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RCa7fb60ad9a5747ea9dd5b02061f0f551-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.199.49.14 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-199-49-14.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 6e568d43eff272dd73b9bd6fe8e5ca55c71583f238e7648353ea19c4ceb261b0

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:14 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 316
expires: Fri, 13 Sep 2024 15:14:14 GMT

GET
H2 200 RCcf9a61f85a714672a0e883a73e8658d3-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 774 B
651 B 10ms
9ms Script
application/x-javascript 23.199.49.14
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RCcf9a61f85a714672a0e883a73e8658d3-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.199.49.14 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-199-49-14.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 46703bc4a3c94e65c92173441a572f55539bad28e898b8eaab2714408272f947

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:14 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 394
expires: Fri, 13 Sep 2024 15:14:14 GMT

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 14 KB
6 KB 25ms
5ms Script
application/x-javascript 18.164.111.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.164.111.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-164-111-124.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 71d18af9ee879a36717e1ea3367b669031e3f6b12cb0aa1373fd200d278c4e6a

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Thu, 12 Sep 2024 15:02:38 GMT
Content-Encoding: gzip
Via: 1.1 4229f114865802c4acd3e785fddcbf9c.cloudfront.net (CloudFront)
Last-Modified: Thu, 29 Aug 2024 18:19:06 GMT
Server: AmazonS3
X-Amz-Cf-Pop: JFK50-P6
Age: 83497
x-amz-server-side-encryption: AES256
ETag: W/"0a898f6edf2d77595f7378557dd8fb96"
Transfer-Encoding: chunked
Vary: accept-encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: 6DvylNJU6GG-mgw-hNyaSh7JOtt31XEtmbrVWdrIK-T7M2P0nvzXew==

GET
H2 200 RC5c3737b4f0b346d3b8381d5ab790c103-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 737 B
713 B 5ms
5ms Script
application/x-javascript 23.199.49.14
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC5c3737b4f0b346d3b8381d5ab790c103-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.199.49.14 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-199-49-14.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: ac6b7a946ec79473fad9578bdeeeb0d7b8065236a2441c5ecf425a509d3afb4d

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:14 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 456
expires: Fri, 13 Sep 2024 15:14:14 GMT

GET
H2 200 favicon.ico
www.juniper.net/ 10 KB
10 KB 7ms
5ms Other
image/x-icon 151.101.195.10
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.juniper.net/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.195.10 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e0291270eacaaeea992dddc8c314fa3a9a3c2c06e3aacb14f971b4f794200a2b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors .juniper.net .junipercloud.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com https://courses.mist.com
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net *.junipercloud.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com https://mist.talentlms.com https://courses.mist.com
date: Fri, 13 Sep 2024 14:14:14 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
content-md5: 2F6SbJ6KQmix49Eze+3WvQ==
age: 270098
x-vhost: juniper-publish
x-cache: HIT
content-disposition: attachment; filename="favicon.ico"; filename*=UTF-8''favicon.ico
content-length: 9854
x-xss-protection: 1; mode=block
x-served-by: cache-lga21965-LGA
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 08 May 2024 08:21:26 GMT
x-timer: S1726236854.402193,VS0,VS0,VE3
etag: "0x8DC6F37DAD67723"
x-frame-options: SAMEORIGIN
content-type: image/x-icon
access-control-allow-origin: *
cache-control: max-age=604800, public
permissions-policy: geolocation=(self)
accept-ranges: bytes

GET
H2 200 favicon.ico
blogs.juniper.net/wp-content/uploads/2020/01/ 42 KB
42 KB 85ms
84ms Other
image/vnd.microsoft.icon 44.233.31.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://blogs.juniper.net/wp-content/uploads/2020/01/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.233.31.59 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-233-31-59.us-west-2.compute.amazonaws.com

Software

Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24 /

Resource Hash

454b39bc48bb4276bfbbfd066ae2e5fb777dc34b8339dbd5f3526e3f96cbcb82

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:14 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 24 Jan 2020 11:25:45 GMT
server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/7.4.24
content-security-policy: upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
etag: "a63e-59ce104c2c040"
vary: Accept-Encoding,Host
content-type: image/vnd.microsoft.icon
permissions-policy: geolocation=(self)
accept-ranges: bytes
content-length: 42558
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 bat.js Show response
bat.bing.com/ 49 KB
14 KB 345ms
17ms Script
application/javascript 150.171.27.10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

150.171.27.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

60ed45fe20ede817f77c4e774e77fd9a9a4f4046c67456f1442eac2095918438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Fri, 13 Sep 2024 14:14:13 GMT
last-modified: Fri, 06 Sep 2024 21:17:16 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4A00E73417FB4FB3961FD6C316934C29 Ref B: EWR30EDGE1011 Ref C: 2024-09-13T14:14:14Z
etag: "016326a20db1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 14305

GET
H2 200 RC1eb9572d42e14899ba30ba82754f1f5f-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 702 B
668 B 7ms
7ms Script
application/x-javascript 23.199.49.14
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC1eb9572d42e14899ba30ba82754f1f5f-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.199.49.14 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-199-49-14.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 301acbee50a7f8f6f6c1936ecde0a24817cf92af70dfd5fabda6c0615f0ae51d

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:14 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 412
expires: Fri, 13 Sep 2024 15:14:14 GMT

GET
H2 200 up
insight.adsrvr.org/track/ Frame 5300 0
0 34ms
10ms Document
text/html 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=ayvdycl&ref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&upid=6x1itd9&upv=1.1.0&paapi=1
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash

Request headers

Referer: https://blogs.juniper.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-length: 0
content-type: text/html
date: Fri, 13 Sep 2024 14:14:14 GMT
server: Kestrel

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 269 KB
93 KB 389ms
56ms Script
application/javascript 142.250.80.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10817909393

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.8 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

73729f640d50ff60b20eb013967f0d642420e0951bf4b920f7c8f568a1589312

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:14 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 94711
x-xss-protection: 0
last-modified: Fri, 13 Sep 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 13 Sep 2024 14:14:14 GMT

GET
H2 200 RC0319207ef260453c9e9138e5c53d6383-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 1 KB
826 B 8ms
8ms Script
application/x-javascript 23.199.49.14
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC0319207ef260453c9e9138e5c53d6383-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.199.49.14 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-199-49-14.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: c5f15a70092ec3d2df51f031acc448833369721750b2a8a291fc4e89b8890059

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:14 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 569
expires: Fri, 13 Sep 2024 15:14:14 GMT

GET
H2 200 RC5d254212e1d341e091e323f690883dba-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 2 KB
1 KB 7ms
6ms Script
application/x-javascript 23.199.49.14
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC5d254212e1d341e091e323f690883dba-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.199.49.14 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-199-49-14.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 346d20eb0f3800ef6bb0f2d0641be87380603da567edccd1b23e10cd67e068a3

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:14 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 1099
expires: Fri, 13 Sep 2024 15:14:14 GMT

GET
H2 200 RC907cb723b33e43c6be777d1a58315393-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 392 B
521 B 5ms
4ms Script
application/x-javascript 23.199.49.14
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC907cb723b33e43c6be777d1a58315393-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.199.49.14 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-199-49-14.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5030a5190ea5bcfb12e186233d1a10b8470897223e6ec5fb6cdce857c915acf9

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:14 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 264
expires: Fri, 13 Sep 2024 15:14:14 GMT

GET
H2 200 RC79b0852125f5494f9e00ff9e66f6f584-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 358 B
484 B 5ms
4ms Script
application/x-javascript 23.199.49.14
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC79b0852125f5494f9e00ff9e66f6f584-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.199.49.14 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-199-49-14.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 50b4976fb3abca7428ce7c060cfd9d1c370f442fb465a7b117424b39e9dc8854

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:14 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 228
expires: Fri, 13 Sep 2024 15:14:14 GMT

GET
H2 200 RCc7e9ad68f84344aeb32e287defa49d77-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 1 KB
768 B 6ms
6ms Script
application/x-javascript 23.199.49.14
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RCc7e9ad68f84344aeb32e287defa49d77-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.199.49.14 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-199-49-14.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: da94c16c4331bdda0f80784ad7c2c31713bf3aee6c6c4ddec1606d0ba077f4dd

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:14 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 512
expires: Fri, 13 Sep 2024 15:14:14 GMT

GET
H2 200 RC509ece53612f4cbdb740b0685cd41ee3-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 464 B
546 B 6ms
5ms Script
application/x-javascript 23.199.49.14
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC509ece53612f4cbdb740b0685cd41ee3-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.199.49.14 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-199-49-14.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 96f6e313bffe4d3b6c1018cd4257c1d3e1e6ee5b151f5c876637d027cf12cef9

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:14 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 290
expires: Fri, 13 Sep 2024 15:14:14 GMT

GET
H2 200 RC14926df3f6d744689db84e66f6c16762-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 410 B
516 B 6ms
5ms Script
application/x-javascript 23.199.49.14
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC14926df3f6d744689db84e66f6c16762-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.199.49.14 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-199-49-14.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: b5534f9b8235574a84a3e5b39394435f69872050496532d1b274cd7f2996ebd3

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:14 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 259
expires: Fri, 13 Sep 2024 15:14:14 GMT

GET
H2 200 RC9129fa1efe5247489b0b813e6c7bd6e0-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 558 B
624 B 6ms
5ms Script
application/x-javascript 23.199.49.14
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC9129fa1efe5247489b0b813e6c7bd6e0-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.199.49.14 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-199-49-14.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 8fb803a264e369f926808ada4799693ea7aee214f1f3c8006510f10c4273e78f

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:14 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 367
expires: Fri, 13 Sep 2024 15:14:14 GMT

GET
H2 200 RCdcabda4eb1c746eeb40a07be07898d91-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 3 KB
1 KB 8ms
8ms Script
application/x-javascript 23.199.49.14
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RCdcabda4eb1c746eeb40a07be07898d91-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.199.49.14 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-199-49-14.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 25cc9d09d9ccea303a325189dac41d865b8f74229b33a5754da6031aef42a185

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:14 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 1196
expires: Fri, 13 Sep 2024 15:14:14 GMT

GET
H2 200 RC523dad21147b431dba5e923b678e8d52-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 914 B
756 B 5ms
4ms Script
application/x-javascript 23.199.49.14
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC523dad21147b431dba5e923b678e8d52-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.199.49.14 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-199-49-14.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: eb60df77e978752bd08be68bb7bbd09c84b4d4f472ddac1f7107518194051e3b

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:14 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 499
expires: Fri, 13 Sep 2024 15:14:14 GMT

GET
H2 200 RC7470316f91bd443b9d778475ef48d1bd-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 891 B
706 B 6ms
5ms Script
application/x-javascript 23.199.49.14
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RC7470316f91bd443b9d778475ef48d1bd-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.199.49.14 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-199-49-14.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: f5b595408d533b5c2ab830811bd19711f4b9407d7b20a8772b94f3251cfb5083

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:14 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 449
expires: Fri, 13 Sep 2024 15:14:14 GMT

GET
H2 200 56185393.js Show response
bat.bing.com/p/action/ 370 B
424 B 21ms
20ms Script
application/javascript 150.171.27.10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/56185393.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

150.171.27.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

7f47f02c93d5de5de03db0ebffa39fe1060767437b086996e295c9818a05b2f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Fri, 13 Sep 2024 14:14:13 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 02DDDAC50A0A43A5B914A90B11EE631F Ref B: EWR30EDGE1011 Ref C: 2024-09-13T14:14:14Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=1800

GET
H2 204 0
bat.bing.com/action/ 0
361 B 21ms
21ms Image
text/plain 150.171.27.10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=56185393&Ver=2&mid=e7764904-056c-49ea-9eb5-dc1c6ec1526d&sid=74cae58071da11ef92b9ed3763271104&vid=74cb218071da11ef9b6e5d2808158076&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1600&sh=1200&sc=24&tl=Blackbyte%20Ransomware%20%7C%20Official%20Juniper%20Networks%20Blogs&p=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&r=&lt=13535&evt=pageLoad&sv=1&cdb=AQAQ&rn=806477

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

150.171.27.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 13 Sep 2024 14:14:13 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E9FEC47E0B634A1BA907E3B89AE8308C Ref B: EWR30EDGE1011 Ref C: 2024-09-13T14:14:14Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10817909393/ 5 KB
2 KB 60ms
59ms Script
text/javascript 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10817909393/?random=1726236854916&cv=11&fst=1726236854916&bg=ffffff&guid=ON&async=1&gtm=45be49b0v9174497920za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&hn=www.googleadservices.com&frm=0&tiba=Blackbyte%20Ransomware%20%7C%20Official%20Juniper%20Networks%20Blogs&npa=0&pscdl=noapi&auid=538657626.1726236855&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10817909393

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

cafe /

Resource Hash

e3844b31bf834cae9757695721a5dd3691736925c9af9d3c60b342fbf92e548a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 14:14:14 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2360
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 10817909393
td.doubleclick.net/td/rul/ Frame 280F 0
0 489ms
40ms Document
text/html 142.250.65.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/10817909393?random=1726236854916&cv=11&fst=1726236854916&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be49b0v9174497920za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&hn=www.googleadservices.com&frm=0&tiba=Blackbyte%20Ransomware%20%7C%20Official%20Juniper%20Networks%20Blogs&npa=0&pscdl=noapi&auid=538657626.1726236855&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10817909393

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.162 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Sep 2024 14:14:15 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 10817909393
google.com/ccm/form-data/ 0
255 B 692ms
19ms Ping
text/plain 142.251.40.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google.com/ccm/form-data/10817909393?gtm=45be49b0v9174497920za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&npa=0&frm=0&pscdl=noapi&auid=538657626.1726236855&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10817909393
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.40.142 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s80-in-f14.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 14:14:15 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blogs.juniper.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10817909393/ 5 KB
2 KB 62ms
62ms Script
text/javascript 142.251.40.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10817909393/?random=1726236854945&cv=11&fst=1726236854945&bg=ffffff&guid=ON&async=1&gtm=45be49b0v9174497920za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&hn=www.googleadservices.com&frm=0&tiba=Blackbyte%20Ransomware%20%7C%20Official%20Juniper%20Networks%20Blogs&npa=0&pscdl=noapi&auid=538657626.1726236855&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10817909393

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s39-in-f2.1e100.net

Software

cafe /

Resource Hash

f27793ba4245129c46446203d97d5f76808792457079ad3481b1d91217aea5c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 14:14:14 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2359
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 10817909393
td.doubleclick.net/td/rul/ Frame 1255 0
0 498ms
59ms Document
text/html 142.250.65.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/10817909393?random=1726236854945&cv=11&fst=1726236854945&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be49b0v9174497920za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&hn=www.googleadservices.com&frm=0&tiba=Blackbyte%20Ransomware%20%7C%20Official%20Juniper%20Networks%20Blogs&npa=0&pscdl=noapi&auid=538657626.1726236855&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10817909393

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.162 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Sep 2024 14:14:15 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 220 KB
78 KB 43ms
41ms Script
application/javascript 142.250.80.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-11607354

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.8 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

c7a99c00662a52e9ab41916dbf3aee322f8a7a07e7a9345bed5a82cb0e2a4744

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:14 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 80230
x-xss-protection: 0
last-modified: Fri, 13 Sep 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 13 Sep 2024 14:14:14 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/10817909393/ 42 B
108 B 29ms
28ms Image
image/gif 142.250.65.164
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10817909393/?random=1726236854916&cv=11&fst=1726236000000&bg=ffffff&guid=ON&async=1&gtm=45be49b0v9174497920za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&hn=www.googleadservices.com&frm=0&tiba=Blackbyte%20Ransomware%20%7C%20Official%20Juniper%20Networks%20Blogs&npa=0&pscdl=noapi&auid=538657626.1726236855&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfCLgDHCzPL17DbRfLipllQV2enratKmeYtk5dPEjOeL1TliHd&random=1471612214&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.164 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 14:14:15 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/10817909393/ 42 B
108 B 23ms
22ms Image
image/gif 142.250.65.164
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10817909393/?random=1726236854945&cv=11&fst=1726236000000&bg=ffffff&guid=ON&async=1&gtm=45be49b0v9174497920za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&hn=www.googleadservices.com&frm=0&tiba=Blackbyte%20Ransomware%20%7C%20Official%20Juniper%20Networks%20Blogs&npa=0&pscdl=noapi&auid=538657626.1726236855&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfXkTsi8po8lKHnFRj83CGH6vTfSbse3ocg3zhF0fSyE_coV19&random=2639566544&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.164 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 14:14:15 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 twin.js Show response
twin-iq.kickfire.com/ 424 B
696 B 578ms
73ms Script
application/javascript 34.210.235.158
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://twin-iq.kickfire.com/twin.js?15530

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.210.235.158 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-210-235-158.us-west-2.compute.amazonaws.com

Software

Apache/2.4.58 () /

Resource Hash

034acd3ced0cf00cdfcb684283fdc624a48c2dc8dcddeb55e09412f92971056d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:15 GMT
content-security-policy: frame-ancestors 'none';
x-content-type-options: nosniff
last-modified: Thu, 06 Jan 2022 20:12:30 GMT
server: Apache/2.4.58 ()
etag: "1a8-5d4ef7d746e6f"
x-frame-options: DENY
content-type: application/javascript
accept-ranges: bytes
content-length: 424
x-xss-protection: 1; mode=block

GET

starV6.gif
jelly-v6.mdhv.io/v1/
Redirect Chain

https://jelly.mdhv.io/v1/star.gif?pid=lL9ruUN6fSVYtuhdYDioOK6oziLQ&src=mh&evt=hi
https://jelly-v6.mdhv.io/v1/starV6.gif?evt=hi&pid=lL9ruUN6fSVYtuhdYDioOK6oziLQ&src=mh&tx=2d6391df-ad21-44a5-8b3c-1eb04105efd3

0
0

GET
H3

200

activityi;dc_pre=CP_YsbSNwIgDFeOpjggdGmMwOQ;src=11607354;type=brand0;cat=junip00;ord=2429571672117;npa=0;auiddc=538657626.1726236855;u1=en-us;u2=threat-labs-knowledge-base;u3=https%3A%2F%2Fblogs.ju...
11607354.fls.doubleclick.net/ Frame 5BAA
Redirect Chain

https://11607354.fls.doubleclick.net/activityi;src=11607354;type=brand0;cat=junip00;ord=2429571672117;npa=0;auiddc=538657626.1726236855;u1=en-us;u2=threat-labs-knowledge-base;u3=https%3A%2F%2Fblogs...
https://11607354.fls.doubleclick.net/activityi;dc_pre=CP_YsbSNwIgDFeOpjggdGmMwOQ;src=11607354;type=brand0;cat=junip00;ord=2429571672117;npa=0;auiddc=538657626.1726236855;u1=en-us;u2=threat-labs-kno...

0
0

85ms
85ms

Document
text/html

142.250.80.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://11607354.fls.doubleclick.net/activityi;dc_pre=CP_YsbSNwIgDFeOpjggdGmMwOQ;src=11607354;type=brand0;cat=junip00;ord=2429571672117;npa=0;auiddc=538657626.1726236855;u1=en-us;u2=threat-labs-knowledge-base;u3=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;u5=null;u6=null;u7=null;u8=null;ps=1;pcor=975310582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;user_data_mode=a;gtm=45fe49b0v9189922125za200;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;em=tv.1;~oref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-11607354

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.70 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Sep 2024 14:14:15 GMT
expires: Fri, 13 Sep 2024 14:14:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Sep 2024 14:14:15 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://11607354.fls.doubleclick.net/activityi;dc_pre=CP_YsbSNwIgDFeOpjggdGmMwOQ;src=11607354;type=brand0;cat=junip00;ord=2429571672117;npa=0;auiddc=538657626.1726236855;u1=en-us;u2=threat-labs-knowledge-base;u3=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;u5=null;u6=null;u7=null;u8=null;ps=1;pcor=975310582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;user_data_mode=a;gtm=45fe49b0v9189922125za200;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;em=tv.1;~oref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 activityi;fledge=1;src=11607354;type=brand0;cat=junip00;ord=2429571672117;npa=0;auiddc=538657626.1726236855;u1=en-us;u2=threat-labs-knowledge-base;u3=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthrea...
td.doubleclick.net/td/fls/rul/ Frame 4922 0
0 439ms
147ms Document
text/html 142.250.65.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=11607354;type=brand0;cat=junip00;ord=2429571672117;npa=0;auiddc=538657626.1726236855;u1=en-us;u2=threat-labs-knowledge-base;u3=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;u5=null;u6=null;u7=null;u8=null;ps=1;pcor=975310582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;user_data_mode=a;gtm=45fe49b0v9189922125za200;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;em=tv.1;~oref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-11607354

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.162 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 13 Sep 2024 14:14:15 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 activity;register_conversion=1;src=11607354;type=brand0;cat=junip00;ord=2429571672117;npa=0;auiddc=538657626.1726236855;u1=en-us;u2=threat-labs-knowledge-base;u3=https%3A%2F%2Fblogs.juniper.net%2Fe...
ad.doubleclick.net/ 0
22 B 84ms
70ms Image
image/png 142.250.80.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/activity;register_conversion=1;src=11607354;type=brand0;cat=junip00;ord=2429571672117;npa=0;auiddc=538657626.1726236855;u1=en-us;u2=threat-labs-knowledge-base;u3=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;u5=null;u6=null;u7=null;u8=null;ps=1;pcor=975310582;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;user_data_mode=a;gtm=45fe49b0v9189922125za200;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;em=tv.1;~oref=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware?

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.70 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 14:14:15 GMT
attribution-reporting-register-trigger: {"aggregatable_deduplication_keys":[{"deduplication_key":"16561107735767674381"}],"aggregatable_trigger_data":[{"filters":[{"14":["12656578"]}],"key_piece":"0x2fe2a09f489bf310","source_keys":["12","13","14","15","16","17","18","19","20","21","16772804","16772805","16772806","16772807","20511968","20511969","20511970","20511971","638547196","638547197","638547198","638547199","640975976","640975977","640975978","640975979","900013960","900013961","900013962","900013963","900136808","900136809","900136810","900136811"]},{"key_piece":"0xbe49d1bc8fd42553","not_filters":{"14":["12656578"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","16772804","16772805","16772806","16772807","20511968","20511969","20511970","20511971","638547196","638547197","638547198","638547199","640975976","640975977","640975978","640975979","900013960","900013961","900013962","900013963","900136808","900136809","900136810","900136811"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"16772804":36,"16772805":36,"16772806":36,"16772807":3530,"17":65,"18":6356,"19":65,"20":65,"20511968":65,"20511969":65,"20511970":65,"20511971":6356,"21":6356,"638547196":40,"638547197":40,"638547198":40,"638547199":3973,"640975976":32,"640975977":32,"640975978":32,"640975979":3177,"900013960":218,"900013961":218,"900013962":218,"900013963":21189,"900136808":72,"900136809":72,"900136810":72,"900136811":7062},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"4449658842845229945","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"16561107735767674381","filters":[{"14":["12656578"],"source_type":["event"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"16561107735767674381","filters":[{"14":["12656578"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"16561107735767674381","filters":[{"source_type":["event"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"16561107735767674381","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["11607354"]}}
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 twin.php
twin-iq.kickfire.com/ 95 B
365 B 79ms
79ms Image
image/png 34.210.235.158
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://twin-iq.kickfire.com/twin.php?TWIQ=15530&kftwiqpg=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&Hst=blogs.juniper.net&r=0.4162155552556377

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.210.235.158 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-210-235-158.us-west-2.compute.amazonaws.com

Software

Apache/2.4.58 () / PHP/7.2.34

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:15 GMT
content-security-policy: frame-ancestors 'none';
x-content-type-options: nosniff
server: Apache/2.4.58 ()
x-powered-by: PHP/7.2.34
x-frame-options: DENY
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/png
x-xss-protection: 1; mode=block

GET
H2 200 pixel.js Show response
tracker.pixeltracker.co/ 16 KB
5 KB 42ms
19ms Script
application/javascript 104.18.20.104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracker.pixeltracker.co/pixel.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.20.104 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df724f74070c9f7d427aa98f9b2e8c95262b1948da1997951c86f9431dbe7f15

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:15 GMT
content-encoding: gzip
cf-cache-status: HIT
x-goog-meta-goog-reserved-file-mtime: 1699445830
age: 2492049
x-guploader-uploadid: ABPtcPrYCg9cj6l_G5X1GqlhMTtyp8CkuJnmuNmcHV7JVbVeXXyv-zN-vvnKzFAxipHP2boww7Ryx5oWwQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
last-modified: Wed, 08 Nov 2023 12:17:13 GMT
server: cloudflare
etag: W/"c310953f3323fe59557d930a372307a8"
vary: Accept-Encoding
x-goog-generation: 1699445832975217
content-type: application/javascript
x-goog-hash: crc32c=+GBbkQ==, md5=wxCVPzMj/llVfZMKNyMHqA==
cache-control: public, max-age=14400
x-goog-stored-content-length: 16833
cf-ray: 8c28be1c18d20cc2-EWR
expires: Fri, 13 Sep 2024 18:14:15 GMT

GET
H2 200 up.js Show response
cdn01.basis.net/assets/ 4 KB
2 KB 79ms
24ms Script
text/javascript 69.28.187.147
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn01.basis.net/assets/up.js?um=1
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.28.187.147 New York, United States, ASN22822 (LLNW, US),
Reverse DNS: https-69-28-187-147.iad.llnw.net
Software: AC1.1 /
Resource Hash: 64f79d2b82f30e45a0f64e55d407500f68dd1de845dac688084e88cc4bfff4e4

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:15 GMT
content-encoding: gzip
last-modified: Tue, 02 Apr 2024 15:41:58 GMT
server: AC1.1
age: 13953
vary: accept-encoding
content-type: text/javascript
accept-ranges: bytes
content-length: 1714
x-llid: 1a154cc4cb65835e55c667d2063770f4

GET
H2 200 / Show response
pixel.veritone-ce.com/ 1 KB
806 B 18ms
4ms Script
text/javascript 18.173.132.63
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.veritone-ce.com/
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.132.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-132-63.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c00190e30cbb6e0ce4ca18e3bdda48da3d86e7ed819d231ecdb7a858ea9b559a

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 12:34:37 GMT
content-encoding: br
via: 1.1 3b25d3847d37119898f877230ee8f426.cloudfront.net (CloudFront)
last-modified: Fri, 06 Sep 2024 00:12:18 GMT
server: AmazonS3
x-amz-cf-pop: JFK52-P2
age: 5979
etag: W/"16ec03509624e05586b03d423dfa180b"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: tPekE8Y7ksj28_HIldofHe9o2vUNJxWU-2fjmZPhZDO5NC9LVe3hBg==

GET
H2 200 05bcf15a-3bdd-4b63-b81c-dd7882f974f1
p.veritone-ce.com/ 43 B
136 B 76ms
40ms Image
image/gif 44.197.95.216
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.veritone-ce.com/05bcf15a-3bdd-4b63-b81c-dd7882f974f1?ts=1726236855830&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware&ref=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.197.95.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-197-95-216.compute-1.amazonaws.com
Software: /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:15 GMT
content-length: 43
apigw-requestid: eDBMxguHIAMEMow=
content-type: image/gif

GET
H/1.1 200
OK /
servedby.flashtalking.com/container/16396;116748;12367;iframe/ Frame E414 0
0 29ms
16ms Document
text/html 23.201.175.46
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://servedby.flashtalking.com/container/16396;116748;12367;iframe/?ftXRef=[%INSERT_TRANSACTION_ID_HERE%]&ftXValue=[%INSERT_TRANSACTION_VALUE_HERE%]&ftXType=[%INSERT_TRANSACTION_TYPE_HERE%]&ftXName=[%INSERT_TRANSACTION_NAME_HERE%]&ftXNumItems=[%INSERT_TRANSACTION_QUANTITY_HERE%]&ftXCurrency=[%INSERT_TRANSACTION_CURRENCY_HERE%]&U1=[%INSERT_U1_HERE%]&U2=[%INSERT_U2_HERE%]&U3=[%INSERT_U3_HERE%]&U4=[%INSERT_U4_HERE%]&U5=[%INSERT_U5_HERE%]&U6=[%INSERT_U6_HERE%]&U7=[%INSERT_U7_HERE%]&U8=[%INSERT_U8_HERE%]&U9=[%INSERT_U9_HERE%]&U10=[%INSERT_U10_HERE%]&U11=[%INSERT_U11_HERE%]&U12=[%INSERT_U12_HERE%]&U13=[%INSERT_U13_HERE%]&U14=[%INSERT_U14_HERE%]&U15=[%INSERT_U15_HERE%]&U16=[%INSERT_U16_HERE%]&U17=[%INSERT_U17_HERE%]&U18=[%INSERT_U18_HERE%]&U19=[%INSERT_U19_HERE%]&U20=[%INSERT_U20_HERE%]&ft_referrer=&ns=&cb=290708.7004912972

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.201.175.46 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-201-175-46.deploy.static.akamaitechnologies.com

Software

prod-xre-app21.ash11 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://blogs.juniper.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Allow-Fenced-Frame-Automatic-Beacons: true
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 952
Content-Type: text/html
Date: Fri, 13 Sep 2024 14:14:15 GMT
Expires: Fri, 13 Sep 2024 14:14:15 GMT
Pragma: no-cache
Server: prod-xre-app21.ash11
Strict-Transport-Security: max-age=86400
Vary: Accept-Encoding

GET
H2 200 quant.js Show response
secure.quantserve.com/ 23 KB
10 KB 335ms
10ms Script
application/javascript 192.184.68.166
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.184.68.166 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 76c46df9a6ba94318fafe8023e3f52e28b1b9a1eaf16dcd4d7ce95ab6942859b

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:16 GMT
content-encoding: gzip
etag: "tIg8n6xaLBY4WwNLLw9OGA=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Fri, 20 Sep 2024 14:14:16 GMT

GET
H/1.1

200
OK

cnv
cnv.event.prod.bidr.io/log/
Redirect Chain

https://cnv.event.prod.bidr.io/log/cnv?tag_id=7&buzz_key=demandworks&value=&segment_key=&account_id=2&order=[ORDER]&ord=[CACHEBUSTER]
https://cnv.event.prod.bidr.io/log/cnv?tag_id=7&buzz_key=demandworks&value=&segment_key=&account_id=2&order=%5BORDER%5D&ord=%5BCACHEBUSTER%5D&_bee_ppp=1

43 B
796 B

11ms
11ms

Image
image/gif

54.158.131.242
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cnv.event.prod.bidr.io/log/cnv?tag_id=7&buzz_key=demandworks&value=&segment_key=&account_id=2&order=%5BORDER%5D&ord=%5BCACHEBUSTER%5D&_bee_ppp=1

Protocol

HTTP/1.1

Server

54.158.131.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-158-131-242.compute-1.amazonaws.com

Software

gunicorn /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
Date: Fri, 13 Sep 2024 14:14:15 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
content-type: image/gif
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cnv.event.prod.bidr.io/log/cnv?tag_id=7&buzz_key=demandworks&value=&segment_key=&account_id=2&order=%5BORDER%5D&ord=%5BCACHEBUSTER%5D&_bee_ppp=1
Date: Fri, 13 Sep 2024 14:14:15 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

GET
H2 200 RCfdf8ffc36ef44bec9aaafc383e9d9a76-source.min.js Show response
assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/ 625 B
636 B 16ms
16ms Script
application/x-javascript 23.199.49.14
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/5b254441120f/578a62d85472/4f44882c669a/RCfdf8ffc36ef44bec9aaafc383e9d9a76-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/998b2d6d4944658536fe36266a249b07e626b86d/satelliteLib-6d05b7c7a99e1cbbdcac4fcfe7005e6bee80a0e9.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.199.49.14 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-199-49-14.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5bed28fd0d04dc891e931c1be98ee7b011942f62d6ccc03a9c2176bcb321499a

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 14:14:15 GMT
content-encoding: gzip
last-modified: Mon, 09 Sep 2024 18:57:36 GMT
server: AkamaiNetStorage
etag: "8bb4193b5bae4f0fd64c1eb5505b7cce:1725908256.715296"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://blogs.juniper.net
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 379
expires: Fri, 13 Sep 2024 15:14:15 GMT

GET rules-p-12W2nEaTZGDpg.js
rules.quantcount.com/ 0
0

POST
H2 200 error Show response
pixel.quantcount.com/tag/ 0
159 B 461ms
12ms XHR
text/plain 192.184.68.254

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.quantcount.com/tag/error
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.184.68.254 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Fri, 13 Sep 2024 14:14:16 GMT
access-control-allow-headers: Accept, Accept-Language, Content-Type, Content-Language
content-length: 0
access-control-allow-methods: POST, OPTIONS

GET
H2 200 pixel;r=1755131438;rf=1;a=p-12W2nEaTZGDpg;url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;uht=2;fpan=1;fpa=P0-1536144424-1726236856185;pbc=;ns=0;ce=1...
pixel.quantserve.com/ 35 B
456 B 15ms
12ms Image
image/gif 192.184.68.166
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1755131438;rf=1;a=p-12W2nEaTZGDpg;url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware;uht=2;fpan=1;fpa=P0-1536144424-1726236856185;pbc=;ns=0;ce=1;qjs=1;qv=15f23c9a-20240703164903;cm=;gdpr=0;ref=;d=juniper.net;dst=0;et=1726236856271;tzo=600;ogl=locale.en_US%2Ctype.article%2Ctitle.Blackbyte%20Ransomware%20%7C%20Official%20Juniper%20Networks%20Blogs%2Cdescription.Threat%20Description%C2%A0%20%C2%A0Sha256%3A%201df11bc19aa52b623bdf15380e3fded56d8eb6fb7b53a224077%2Curl.https%3A%2F%2Fblogs%252Ejuniper%252Enet%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware%2Csite_name.Official%20Juniper%20Networks%20Blogs%2Cimage.https%3A%2F%2Fblogs%252Ejuniper%252Enet%2Fwp-content%2Fuploads%2F2022%2F03%2Fransom_note-1024x444%252Epng%2Curl.https%3A%2F%2Fblogs%252Ejuniper%252Enet%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware%2Ctitle.Blackbyte%20Ransomware;ses=e570ebe9-25d2-4809-a8ac-756c7a4292d4;mdl=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.184.68.166 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 14:14:16 GMT
attribution-reporting-register-trigger: {"event_trigger_data":[{"filters":[],"trigger_data":"1"}]}
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

asyncPixelSync
pixel-sync.sitescout.com/dmp/ Frame FF3B
Redirect Chain

https://pixel-sync.sitescout.com/dmp/asyncPixelSync
https://pixel-sync.sitescout.com/dmp/asyncPixelSync?cookieQ=1

0
0

13ms
12ms

Document
text/html

34.36.216.150

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-sync.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Requested by: Host: blogs.juniper.net
URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.36.216.150 -, , ASN (),
Reverse DNS
Software: A /
Resource Hash

Request headers

Referer: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: max-age=0,no-cache,no-store
content-length: 1174
content-type: text/html;charset=UTF-8
date: Fri, 13 Sep 2024 14:14:15 GMT
expires: Tue, 11 Oct 1977 12:34:56 GMT
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
server: A
via: 1.1 google

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Fri, 13 Sep 2024 14:14:15 GMT
location: https://pixel-sync.sitescout.com/dmp/asyncPixelSync?cookieQ=1
server: A
via: 1.1 google

GET
H2

200

2fb4a0900fc1ab67
pixel.sitescout.com/up/
Redirect Chain

https://pixel.sitescout.com/up/2fb4a0900fc1ab67?cntr_url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware
https://pixel.sitescout.com/up/2fb4a0900fc1ab67?cookieQ=1&cntr_url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware

43 B
408 B

13ms
13ms

Image
image/gif

216.157.106.133

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sitescout.com/up/2fb4a0900fc1ab67?cookieQ=1&cntr_url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware
Protocol: H2
Server: 216.157.106.133 -, , ASN (),
Reverse DNS
Software: AC1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://blogs.juniper.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 13 Sep 2024 14:14:15 GMT
server: AC1.1
content-type: image/gif
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
cache-control: max-age=0,no-cache,no-store
content-length: 43
expires: Tue, 11 Oct 1977 12:34:56 GMT

Redirect headers

location: https://pixel.sitescout.com/up/2fb4a0900fc1ab67?cookieQ=1&cntr_url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware
date: Fri, 13 Sep 2024 14:14:16 GMT
server: AC1.1
content-length: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: px.ads.linkedin.com
URL: https://px.ads.linkedin.com/attribution_trigger?pid=4751&time=1726236851636&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware

Domain: jelly-v6.mdhv.io
URL: https://jelly-v6.mdhv.io/v1/starV6.gif?evt=hi&pid=lL9ruUN6fSVYtuhdYDioOK6oziLQ&src=mh&tx=2d6391df-ad21-44a5-8b3c-1eb04105efd3

Domain: rules.quantcount.com
URL: https://rules.quantcount.com/rules-p-12W2nEaTZGDpg.js

Verdicts & Comments Add Verdict or Comment

210 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

46 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
blogs.juniper.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: tqh7vinpfsr2j34taioqv50o3p
www.juniper.net/	1970-01-20 23:40:41	Name: AWSALBAPP-0 Value: _remove_
www.juniper.net/	1970-01-20 23:40:41	Name: AWSALBAPP-1 Value: _remove_
www.juniper.net/	1970-01-20 23:40:41	Name: AWSALBAPP-2 Value: _remove_
www.juniper.net/	1970-01-20 23:40:41	Name: AWSALBAPP-3 Value: _remove_
www.juniper.net/	1970-01-20 23:40:41	Name: AWSALBTG Value: fdtpe5dGyzbtDEIcLHeT/gXdlRQT+cTPGRGiLco6whoXiyS76PGhWwwZLeaL6Ro1zxxgWmE7nbSDSMkeFmQqGOzQAr8JPy/6EoDGkyOmBY5KeuunFM1YuYYmI/nMLrNU1Vx+/80eIdtZdIzKYcbh/VruYP7+TI4+86tANoYo5X7lukdDNpQ=
www.juniper.net/	1970-01-20 23:40:41	Name: AWSALBTGCORS Value: fdtpe5dGyzbtDEIcLHeT/gXdlRQT+cTPGRGiLco6whoXiyS76PGhWwwZLeaL6Ro1zxxgWmE7nbSDSMkeFmQqGOzQAr8JPy/6EoDGkyOmBY5KeuunFM1YuYYmI/nMLrNU1Vx+/80eIdtZdIzKYcbh/VruYP7+TI4+86tANoYo5X7lukdDNpQ=
.demdex.net/	1970-01-21 03:49:48	Name: demdex Value: 62973213336239018484255365022483258415
.juniper.net/	1969-12-31 23:59:59	Name: AMCVS_D206123F524450F50A490D45%40AdobeOrg Value: 1
.juniper.net/	1969-12-31 23:59:59	Name: at_check Value: true
.demdex.net/	1970-01-21 03:49:48	Name: dextp Value: 771-1-1726236846591
.doubleclick.net/	1970-01-21 09:06:36	Name: IDE Value: AHWqTUkdGlELIqcE0T6b0yUNjn9tR1seUEdzZiZfSbeNgymYAoqniRLSRsZ9mRJQJNA
.dpm.demdex.net/	1970-01-21 03:49:48	Name: dpm Value: 62973213336239018484255365022483258415
.juniper.net/	1970-01-21 09:06:36	Name: mbox Value: session#3692ebae2c1742748de67fe7950fc268#1726238707\|PC#3692ebae2c1742748de67fe7950fc268.35_0#1789481647
.juniper.net/	1970-01-21 09:06:36	Name: AMCV_D206123F524450F50A490D45%40AdobeOrg Value: 179643557%7CMCIDTS%7C19980%7CMCMID%7C68102981704594369273668614592120153544%7CMCAAMLH-1726841646%7C7%7CMCAAMB-1726841646%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1726244046s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19987%7CvVersion%7C5.5.0
blogs.juniper.net/	1969-12-31 23:59:59	Name: jnpr_vID Value: TFfdnwVwYrblgy0QP9zHMElMVkRzg8GT-1726236851
.doubleclick.net/	1970-01-21 03:49:48	Name: receive-cookie-deprecation Value: 1
.juniper.net/	1969-12-31 23:59:59	Name: s_cc Value: true
.company-target.com/	1970-01-21 09:06:36	Name: tuuid Value: 9d79a9a7-4e0e-4258-85f5-346bca489da4
.company-target.com/	1970-01-21 09:06:36	Name: tuuid_lu Value: 1726236851\|ix:0\|mctv:0\|rp:0
.rlcdn.com/	1970-01-21 00:57:00	Name: pxrc Value: CLORkbcGEgYIyt0qEAA=
.casalemedia.com/	1970-01-21 08:16:12	Name: CMID Value: ZuRIs9HM6e8AAAieACNJ0QAA
.casalemedia.com/	1970-01-21 01:40:12	Name: CMPS Value: 3667
.casalemedia.com/	1970-01-21 01:40:12	Name: CMPRO Value: 3667
.doubleclick.net/	1970-01-21 00:13:48	Name: ar_debug Value: 1
.tremorhub.com/	1970-01-21 08:16:33	Name: tvid Value: c11f529d03254fc7adca8e89d4d4f11c
.tremorhub.com/	1970-01-21 09:06:36	Name: tv_UIDM Value: 9d79a9a7-4e0e-4258-85f5-346bca489da4
.linkedin.com/	1970-01-21 01:40:12	Name: li_sugr Value: b3eae81d-bfee-4939-878e-939432420da6
.linkedin.com/	1970-01-21 08:16:12	Name: bcookie Value: "v=2&17f055c2-86cc-4f0b-8236-4ce172abdccc"
.linkedin.com/	1970-01-20 23:32:03	Name: lidc Value: "b=OGST04:s=O:r=O:a=O:p=O:g=3297:u=1:x=1:i=1726236852:t=1726323252:v=2:sig=AQG0LTUGhLrcrh5QbteQrADgBiDu45zv"
.rubiconproject.com/	1970-01-21 08:16:12	Name: audit_p Value: 1\|7nZiwk6dK3dEH9HXzG/fC3tYcFmYxwhUNpvFztqkzQbFwpmMCvAS5uFTLLuyPNb8s1U5J227OZcwHTRO1/p4iJLoYn4tEwhGVPqNxgMY1hDan/TGM+QG4fVPVx51E3RccHiOE1NJxpCvE79hoBKRyDaY3wPrBQcOVFGxpdJGiDeWvEnWSmTsitzpQ7vzkXQ/
.rubiconproject.com/	1970-01-21 08:16:12	Name: khaos Value: M10SUNO0-26-J8DH
.rubiconproject.com/	1970-01-21 08:16:12	Name: khaos_p Value: M10SUNO0-26-J8DH
.rubiconproject.com/	1970-01-21 08:16:12	Name: audit Value: 1\|7nZiwk6dK3dEH9HXzG/fC3tYcFmYxwhUNpvFztqkzQbFwpmMCvAS5uFTLLuyPNb8s1U5J227OZcwHTRO1/p4iJLoYn4tEwhGVPqNxgMY1hDan/TGM+QG4fVPVx51E3RccHiOE1NJxpCvE79hoBKRyDaY3wPrBQcOVFGxpdJGiDeWvEnWSmTsitzpQ7vzkXQ/
.rubiconproject.com/	1970-01-21 01:40:12	Name: receive-cookie-deprecation Value: 1
.linkedin.com/	1970-01-21 00:13:48	Name: UserMatchHistory Value: AQIt3Wt8wtE4fwAAAZHru_-Xtuq1vN98AMtvBsrE5-l9_aUuc6A-dkJEqoB7c-yXj_DezLgnr5_FoQ
.linkedin.com/	1970-01-21 00:13:48	Name: AnalyticsSyncHistory Value: AQLQoAxplC7teAAAAZHru_-Xg_Vp-3szMLP8t1JueidD1s4fbmXHq-c0gNLm2cnjFIbf4K2NkKO20E8c9_NW4Q
.www.linkedin.com/	1970-01-21 08:16:12	Name: bscookie Value: "v=1&20240913141412bb9e4893-1cd0-4541-8d33-8702afd92d0aAQHT9enR7lb5Yq3Ms4zLJn18KGiMVD25"
px.ads.linkedin.com/	1970-01-21 00:14:26	Name: ar_debug Value: 1
.juniper.net/	1970-01-20 23:32:03	Name: _uetsid Value: 74cae58071da11ef92b9ed3763271104
.juniper.net/	1970-01-21 08:52:12	Name: _uetvid Value: 74cb218071da11ef9b6e5d2808158076
.bing.com/	1970-01-21 08:52:12	Name: MUID Value: 0D03B54C0DCA643901A2A1B50CA8659A
.bat.bing.com/	1970-01-20 23:40:41	Name: MR Value: 0
.juniper.net/	1970-01-21 01:40:12	Name: _gcl_au Value: 1.1.538657626.1726236855
.bidr.io/	1970-01-21 08:59:10	Name: bito Value: AAE2xk7NyJEAABQ9kWdVQw
.bidr.io/	1970-01-21 08:59:10	Name: bitoIsSecure Value: ok

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://blogs.juniper.net/en-us/threat-labs-knowledge-base/blackbyte-ransomware Message: Access to XMLHttpRequest at 'https://px.ads.linkedin.com/attribution_trigger?pid=4751&time=1726236851636&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware' from origin 'https://blogs.juniper.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://px.ads.linkedin.com/attribution_trigger?pid=4751&time=1726236851636&url=https%3A%2F%2Fblogs.juniper.net%2Fen-us%2Fthreat-labs-knowledge-base%2Fblackbyte-ransomware Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests; frame-ancestors *.juniper.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

11607354.fls.doubleclick.net
3872718.fls.doubleclick.net
ad.doubleclick.net
api.company-target.com
assets.adobedtm.com
bat.bing.com
bid.g.doubleclick.net
blogs.juniper.net
cdn01.basis.net
cm.everesttech.net
cnv.event.prod.bidr.io
dpm.demdex.net
fonts.googleapis.com
google.com
googleads.g.doubleclick.net
id.rlcdn.com
img.en25.com
insight.adsrvr.org
jelly-v6.mdhv.io
js.adsrvr.org
junipernetworks.d2.sc.omtrdc.net
junipernetworks.demdex.net
junipernetworks.tt.omtrdc.net
p.typekit.net
p.veritone-ce.com
pixel-sync.sitescout.com
pixel.quantcount.com
pixel.quantserve.com
pixel.sitescout.com
pixel.veritone-ce.com
px.ads.linkedin.com
rules.quantcount.com
s.company-target.com
s1229.t.eloqua.com
scripts.demandbase.com
secure.quantserve.com
segments.company-target.com
servedby.flashtalking.com
snap.licdn.com
tag-logger.demandbase.com
td.doubleclick.net
tracker.pixeltracker.co
twin-iq.kickfire.com
use.typekit.net
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.juniper.net
www.linkedin.com
jelly-v6.mdhv.io
px.ads.linkedin.com
rules.quantcount.com
104.18.20.104
13.107.42.14
13.226.34.62
13.226.94.12
142.250.64.66
142.250.65.162
142.250.65.164
142.250.80.70
142.250.80.8
142.251.179.155
142.251.40.142
142.251.40.226
142.251.41.10
150.171.27.10
151.101.195.10
18.164.111.124
18.164.116.38
18.173.132.63
192.184.68.166
192.184.68.254
192.29.67.231
216.157.106.133
23.199.49.14
23.200.3.26
23.201.175.46
23.201.179.45
23.204.152.170
23.55.235.235
3.90.95.212
34.196.133.17
34.210.235.158
34.36.216.150
34.96.71.22
35.244.154.8
35.71.131.137
44.197.95.216
44.233.31.59
52.85.61.96
54.158.131.242
54.165.250.234
63.140.37.145
63.140.39.224
69.28.187.147
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
034acd3ced0cf00cdfcb684283fdc624a48c2dc8dcddeb55e09412f92971056d
0d959c38ce96d9eb0b03d81293e3bd3a9d4f7e82a760a67ee14e99cfa6ee601f
15c14a35beeabe632f718ce14189ade1b8b6760b977e1e8149b5e1211d3efde5
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1e5835bdeb64e527df1798a27b0ed61c8b6003759bd6dcd57e7b59e1e5aa3f99
21ac17720285646169355f26dc7e527c20d2882a8d1de2a902e429dc94f9acd5
25cc9d09d9ccea303a325189dac41d865b8f74229b33a5754da6031aef42a185
260602af164a617c57f1e7891ce27d99be6b3fa6727dfc9c7122302d4b8fabc4
290c5b04153c8864dd5d33449f64898b350019dca6e852654c92e5b5b63117d9
2ad4e96fb2e21b58c32607429b7597950140dee740489604ba141308622b8929
301acbee50a7f8f6f6c1936ecde0a24817cf92af70dfd5fabda6c0615f0ae51d
31e44d0bc68ceafd76cf8ec85d54022021b0cb74856203e43e27359bb0a78123
3346de8e2ae1bfde250c7ac5c06f79a0a60c7faef8e5e08a2c9e8fbf5ec2c9e8
3458646c92ebe1c0e71b5b65407f90227ccdbc073f8d7331f36c00847974032a
346d20eb0f3800ef6bb0f2d0641be87380603da567edccd1b23e10cd67e068a3
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
43cdf46f331fec5ba92e402e3d5cad473099892cbdafca02e607cd03705104bf
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
454b39bc48bb4276bfbbfd066ae2e5fb777dc34b8339dbd5f3526e3f96cbcb82
4571e596020138c4fa269eabd1c5ae125d31c168c6d751aeb96d457f91ae9b45
45d726de893364cc8c294fbb28b94d03276325f6ec77cb0bcda6eddafc6119fe
46703bc4a3c94e65c92173441a572f55539bad28e898b8eaab2714408272f947
46f5a39d726c1bf2ab0352d162587be095ec976e7d0b07ac28de888054a7537a
47d50114dccf7494ae9299fec825f1eae1aabfb94154b5f8ab9923754104e3f0
4ac6f3f96ba95b41a75dace029d6f460e9721949d91b2680723394f1c8ecce29
4d966ffbf39121ce17dca578684dda721702d20ee534cf9beeeb947b9a4cda12
4d9cffcc2365a3bd401c73a2d2e5f769c1730cdeb289dab56fe185ecd6279ec3
4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da
5030a5190ea5bcfb12e186233d1a10b8470897223e6ec5fb6cdce857c915acf9
50b4976fb3abca7428ce7c060cfd9d1c370f442fb465a7b117424b39e9dc8854
57f53d1b65316e7362b02a42d2a07319fcd3a8d75f2dc91d0094caf98181c741
5bed28fd0d04dc891e931c1be98ee7b011942f62d6ccc03a9c2176bcb321499a
60ed45fe20ede817f77c4e774e77fd9a9a4f4046c67456f1442eac2095918438
64f79d2b82f30e45a0f64e55d407500f68dd1de845dac688084e88cc4bfff4e4
653d215d9d85dffedc07db2a451ab6fdaac8f9cffa578166d3d9806a19e07c35
6a482d2d94c0d1bc6937a1759389d01b475e6b28a0d9b5d7eaa3f9cc8f59f3cd
6e568d43eff272dd73b9bd6fe8e5ca55c71583f238e7648353ea19c4ceb261b0
70349fe86be7c6dcd4062011d02d91185a4a45b60e2826f05985d67f8ae43bd3
71d18af9ee879a36717e1ea3367b669031e3f6b12cb0aa1373fd200d278c4e6a
7328eae42b3e0936e7378714057ce0aadc71d10a652831cca477f3bf167e4f6b
73729f640d50ff60b20eb013967f0d642420e0951bf4b920f7c8f568a1589312
76c46df9a6ba94318fafe8023e3f52e28b1b9a1eaf16dcd4d7ce95ab6942859b
7af2c659d6f3451b1d60b59d07e71f8b6ddcba906f882bf363c5c8532b01f5ed
7dcbd9ddb813cf06084d60b6158da5289b9e33ba3f9e7c463fd20e7ec8462014
7e02d82244afece4d81dbfa0318378cfe946de1cb062cc2c0ddb498f3ff3eb79
7e1e02911da45d0fb20716a22d2733e2f6cb1fdc5143e6a196757ba1dd3d1b9b
7f47f02c93d5de5de03db0ebffa39fe1060767437b086996e295c9818a05b2f2
7ff5a2ce1b7603d6e9f61f85587efe96cbed61d71ace91bcc6ca7d0bc07cc7ce
8557ceef587615c421b7697a3a046e1b5605c514c6299787b89882797e97f120
89a733d708f3c1d4e9586f565282da135a31e93a9ad3da1611f64d1a112b457c
8bdeccca78a78d8bbc1dc284695d1ac41bfb790521c3470e7947fa28d76ef969
8d652933fc07439cc510cffb3133311ee07f6f424d2964cb7f4ef3eb4e2b2793
8fb803a264e369f926808ada4799693ea7aee214f1f3c8006510f10c4273e78f
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
96f6e313bffe4d3b6c1018cd4257c1d3e1e6ee5b151f5c876637d027cf12cef9
99f112114fdf68a2c9913bbdff0f0ec524243ce621aa8b46f6275620695fb208
a0017954d36e42d9f624ad09e6ea706e253683a036ccfae96137f6b487eeb2e6
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0f10ac61e20d25989eea5b54c5fcc43934853847f67054b401333413ac132d0
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2230e9dd7b979f89ff7b0af3aba00aa58f6ec169db58ce5dbc782d08371dd66
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
aaca7ef5b10dce82f9dd66e31815f073ef81677f6fc81c17ab6e688f2189fd20
ac6b7a946ec79473fad9578bdeeeb0d7b8065236a2441c5ecf425a509d3afb4d
ac842a7d8f8ad92c6210375fbd8ed2373888ce7853659d61981d8372fe1c9eb8
b5534f9b8235574a84a3e5b39394435f69872050496532d1b274cd7f2996ebd3
bbd96c67188ee6d1977bd7bfc382000eff01010cb8656023d6bdf8b77ab91c95
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bd94bd76671f4d3b3358adec3b8308025cefdf2140a0ca8a37ceb95e69bcfe15
bf376bda577cabdec91f4e3f27597af77cb736bd548e87e987e1ee97e0549f1c
c00190e30cbb6e0ce4ca18e3bdda48da3d86e7ed819d231ecdb7a858ea9b559a
c5f15a70092ec3d2df51f031acc448833369721750b2a8a291fc4e89b8890059
c6846556479addb85175eb801d75cd64485ccec53b42fac54441fef1895c0408
c7a99c00662a52e9ab41916dbf3aee322f8a7a07e7a9345bed5a82cb0e2a4744
da94c16c4331bdda0f80784ad7c2c31713bf3aee6c6c4ddec1606d0ba077f4dd
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
df724f74070c9f7d427aa98f9b2e8c95262b1948da1997951c86f9431dbe7f15
dfad551a53c767e229da4a2f650e4b10d698f1b361b74e9f88a862dddaf64041
e0291270eacaaeea992dddc8c314fa3a9a3c2c06e3aacb14f971b4f794200a2b
e140beffd54616292cdd8060a530be3bf2b03f0d8186233186474b8e267db1bb
e253109e6d843fd0dd5887c79ec1340e56913d38ad179499aeb55163875de6a7
e3844b31bf834cae9757695721a5dd3691736925c9af9d3c60b342fbf92e548a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4ccf32b4d570f678ef818d0ab645defe462926db4e3a7eb1985430e25a71d96
e8d5b01af589f68a0f2da663d3efc472fabb22d9ede91a7ffcf74d21e6295506
e9714a993c290626c2ade96436f885448d5a87a79bfcbaf2f693b3009de9ffc1
eb60df77e978752bd08be68bb7bbd09c84b4d4f472ddac1f7107518194051e3b
eb8b8bd903a4e388dca1baac5a72110f4eb1f479ee7b655ca53490081726680c
ed93f4b57dbafc1b959d886fcaba2d1fcfb4b94d390531cdcf8fcc079521a0e9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab
f27793ba4245129c46446203d97d5f76808792457079ad3481b1d91217aea5c8
f5b595408d533b5c2ab830811bd19711f4b9407d7b20a8772b94f3251cfb5083

blogs.juniper.net Open in urlscan Pro 44.233.31.59 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

121 Requests

93 %HTTPS

0 %IPv6

30 Domains

49 Subdomains

42 IPs

3 Countries

7525 kBTransfer

8689 kBSize

46 Cookies

100 Outgoing links

Redirected requests

121 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

blogs.juniper.net Open in urlscan Pro
44.233.31.59 Public Scan

Screenshot
Live screenshot

Full Image

121
Requests

93 %
HTTPS

0 %
IPv6

30
Domains

49
Subdomains

42
IPs

3
Countries

7525 kB
Transfer

8689 kB
Size

46
Cookies

121 HTTP transactions
0 data transactions