www.securonix.com Open in urlscan Pro
141.193.213.20 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-syst...
Submission: On May 22 via api (May 22nd 2024, 2:13:02 am UTC) from TR — Scanned from DE

Summary HTTP 106 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 27 IPs in 6 countries across 21 domains to perform 106 HTTP transactions. The main IP is 141.193.213.20, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.securonix.com. The Cisco Umbrella rank of the primary domain is 949676.
TLS certificate: Issued by E1 on April 29th 2024. Valid for: 3 months.

This is the only time www.securonix.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
44	141.193.213.20 141.193.213.20	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
8	2606:4700:10:... 2606:4700:10::6816:46c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::6816:47c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:310... 2606:4700:3108::ac42:283b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2.17.147.176 2.17.147.176	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a04:4e42::485 2a04:4e42::485	54113 (FASTLY) (FASTLY)
3	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:149b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 6	2600:9000:212... 2600:9000:2127:d600:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	2606:4700::68... 2606:4700::6811:f7cb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	65.9.95.107 65.9.95.107	16509 (AMAZON-02) (AMAZON-02)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9b	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
4 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a05:d018:cc3... 2a05:d018:cc3:fe04:b66c:5c27:5eeb:63c9	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:ab0... 2a02:26f0:ab00::214:8e41	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	76.223.9.105 76.223.9.105	16509 (AMAZON-02) (AMAZON-02)
3	104.18.37.212 104.18.37.212	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700::68... 2606:4700::6810:762b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
106	27

44 141.193.213.20 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.securonix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:10::6816:46c5 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:47c5 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3108::ac42:283b (United States)

ASN13335 (CLOUDFLARENET, US)

embed.formhq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2.17.147.176 (Prague, Czech Republic)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-147-176.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:149b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:2127:d600:6:9280:1080:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:f7cb (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 65.9.95.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-107.prg50.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:cc3:fe04:b66c:5c27:5eeb:63c9 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:ab00::214:8e41 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.9.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: ac3ff6aafb2cddae2.awsglobalaccelerator.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.37.212 (None, )

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:762b (United States)

ASN13335 (CLOUDFLARENET, US)

ws-assets.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	securonix.com www.securonix.com — Cisco Umbrella Rank: 949676	11 MB
10	6sc.co j.6sc.co — Cisco Umbrella Rank: 5787 c.6sc.co — Cisco Umbrella Rank: 8716 ipv6.6sc.co — Cisco Umbrella Rank: 5928 b.6sc.co — Cisco Umbrella Rank: 3876	20 KB
9	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 4069	33 KB
7	adroll.com 1 redirects s.adroll.com — Cisco Umbrella Rank: 3361 d.adroll.com — Cisco Umbrella Rank: 1556	119 KB
6	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 338 www.linkedin.com — Cisco Umbrella Rank: 619 px4.ads.linkedin.com — Cisco Umbrella Rank: 6419	4 KB
5	zoominfo.com ws-assets.zoominfo.com — Cisco Umbrella Rank: 11817 ws.zoominfo.com — Cisco Umbrella Rank: 4715	30 KB
5	driftt.com js.driftt.com — Cisco Umbrella Rank: 5864	71 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 6903	4 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 345	14 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	284 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 9185	730 B
2	unpkg.com 1 redirects unpkg.com — Cisco Umbrella Rank: 771	4 KB
2	formhq.net embed.formhq.net — Cisco Umbrella Rank: 153220	4 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 33 ajax.googleapis.com — Cisco Umbrella Rank: 380	32 KB
1	google.de www.google.de — Cisco Umbrella Rank: 7810	63 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 89	247 B
1	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3095	256 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 803	17 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 310	3 KB
1	gstatic.com fonts.gstatic.com	50 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 237	2 KB
106	21

	Domain	Requested by
44	www.securonix.com	www.securonix.com
9	static.addtoany.com	www.securonix.com static.addtoany.com
7	b.6sc.co	www.securonix.com
6	s.adroll.com	1 redirects www.googletagmanager.com www.securonix.com s.adroll.com
5	js.driftt.com	www.securonix.com js.driftt.com
4	ws.zoominfo.com	js.zi-scripts.com ws-assets.zoominfo.com
4	px.ads.linkedin.com	3 redirects snap.licdn.com
3	js.zi-scripts.com	www.securonix.com js.zi-scripts.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.securonix.com
3	www.googletagmanager.com	www.securonix.com www.googletagmanager.com
2	epsilon.6sense.com	j.6sc.co
2	unpkg.com	1 redirects www.securonix.com
2	embed.formhq.net	www.googletagmanager.com embed.formhq.net
1	ws-assets.zoominfo.com	js.zi-scripts.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	d.adroll.com	s.adroll.com
1	px4.ads.linkedin.com	www.securonix.com
1	www.linkedin.com	1 redirects
1	www.google.de	www.securonix.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	cdn.jsdelivr.net	www.securonix.com
1	j.6sc.co	www.securonix.com
1	fonts.gstatic.com	fonts.googleapis.com
1	ajax.googleapis.com	www.securonix.com
1	cdnjs.cloudflare.com	www.securonix.com
1	fonts.googleapis.com	www.securonix.com
106	29

This site contains links to these domains. Also see Links.

Domain
securonix.force.com
in.linkedin.com
twitter.com
www.youtube.com
www.addtoany.com
unicode-explorer.com
www.virusbulletin.com
ss64.com
learn.microsoft.com

Subject Issuer	Validity	Valid
www.securonix.com E1	`2024-04-29` - `2024-07-28`	3 months	crt.sh
upload.video.google.com WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
static.addtoany.com E1	`2024-04-23` - `2024-07-22`	3 months	crt.sh
*.google-analytics.com WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
*.gstatic.com WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
formhq.net E1	`2024-04-29` - `2024-07-28`	3 months	crt.sh
6sc.co R3	`2024-04-09` - `2024-07-08`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-09-27` - `2024-10-28`	a year	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 02	`2024-05-01` - `2024-06-27`	2 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
s.adroll.com Amazon RSA 2048 M02	`2024-05-03` - `2025-06-01`	a year	crt.sh
drift.com Amazon RSA 2048 M02	`2023-08-15` - `2024-09-11`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-05-06` - `2024-07-29`	3 months	crt.sh
*.google.de WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
d.adroll.com Amazon RSA 2048 M01	`2023-10-09` - `2024-11-07`	a year	crt.sh
*.6sense.com Amazon RSA 2048 M03	`2024-03-31` - `2025-04-29`	a year	crt.sh
zi-scripts.com GTS CA 1P5	`2024-03-29` - `2024-06-27`	3 months	crt.sh
zoominfo.com E1	`2024-05-20` - `2024-08-18`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Frame ID: 2752916BA1A5157D259EF0428D3F1DA1
Requests: 100 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.25.html
Frame ID: 5C651E3F9BCD03DC747556063B39EA0E
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=r32rm8p2zmht&eId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=686c804d-648d-4a1e-bfaf-c7a0c5b98090&sessionStarted=1716343978.447&campaignRefreshToken=ddf42309-212d-41d2-ba38-c151c40e8663&hideController=false&pageLoadStartTime=1716343976709&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware%2F
Frame ID: CB8D86AA735AEB923DC215399141A51F
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1716343976709
Frame ID: B03D20B7D59FBB7E78819ABF43D825B0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Analysis and Detection of CLOUD#REVERSER: An Attack Involving Threat Actors Compromising Systems Using A Sophisticated Cloud-Based Malware - Securonix

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

106
Requests

95 %
HTTPS

77 %
IPv6

21
Domains

29
Subdomains

27
IPs

6
Countries

11601 kB
Transfer

13337 kB
Size

24
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://securonix.force.com/
Title: Partner Portal Login

Search URL Search Domain Scan URL

URL: https://in.linkedin.com/company/securonix
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://twitter.com/Securonix
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@securonix
Title: Youtube

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware%2F&title=Analysis%20and%20Detection%20of%20CLOUD%23REVERSER%3A%20An%20Attack%20Involving%20Threat%20Actors%20Compromising%20Systems%20Using%20A%20Sophisticated%20Cloud-Based%20Malware
Title: Teilen

Search URL Search Domain Scan URL

URL: https://unicode-explorer.com/c/202E
Title: Left to Right override characters

Search URL Search Domain Scan URL

URL: https://www.virusbulletin.com/blog/2014/09/left-right-override-makes-return-spam/
Title: not new

Search URL Search Domain Scan URL

URL: https://ss64.com/vb/shellexecute.html
Title: ShellExecute

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/office/vba/language/reference/user-interface-help/deletefile-method
Title: objFSO.DeleteFile

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fwww.securonix.com%2Ffooter%2F&title=Footer
Title: Teilen

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 55

https://unpkg.com/web-vitals/dist/web-vitals.iife.js HTTP 302
https://unpkg.com/web-vitals@4.0.0/dist/web-vitals.iife.js

Request Chain 64

https://s.adroll.com/j/pre/VJKZ2AZ6BRDQFPNHOW6CAP/4OKRMX7MDFHPZJ45XTA2IN/fpconsent.js HTTP 302
https://s.adroll.com/j/pre/index.js

Request Chain 66

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1716343977321&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware%2F&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1716343977321&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware%2F&tm=gtmv2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D61924%26time%3D1716343977321%26url%3Dhttps%253A%252F%252Fwww.securonix.com%252Fblog%252Fanalysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware%252F%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1716343977321&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware%2F&tm=gtmv2&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1716343977321&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQK4L6cBr9K_hgAAAY-eErfYVA6vKWYhg3AU9x_t7DZaFvW_3xnKYFImMJKSFRXctTYWsdN0YrPs3jHlNr9E5MwzZN1fJQ

106 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ 148 KB
26 KB 307ms
228ms Document
text/html 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

d8253130dac9e743c75b51d4886cd86c06a18b8f4b4a2801b9cf20a216fec931

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=600, must-revalidate
cf-cache-status: DYNAMIC
cf-edge-cache: cache,platform=wordpress
cf-ray: 887948bd086d9201-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 22 May 2024 02:12:56 GMT
link: <https://www.securonix.com/wp-json/>; rel="https://api.w.org/" <https://www.securonix.com/wp-json/wp/v2/blog/27484>; rel="alternate"; type="application/json" <https://www.securonix.com/?p=27484>; rel=shortlink
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: HIT: 34
x-cache-group: normal
x-cacheable: SHORT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: WP Engine

GET
H2 404 bootstrap.min.css
www.securonix.com/wp-content/themes/punch/styles/css/ 0
0 266ms
263ms Stylesheet
text/html 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securonix.com/wp-content/themes/punch/styles/css/bootstrap.min.css?ver=3.3.2
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:56 GMT
content-encoding: br
cf-cache-status: EXPIRED
server: cloudflare
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/html
cf-ray: 887948be88ec9201-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 404 style.css
www.securonix.com/wp-content/themes/punch/styles/css/ 0
0 233ms
230ms Stylesheet
text/html 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securonix.com/wp-content/themes/punch/styles/css/style.css?ver=6.5.3
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:56 GMT
content-encoding: br
cf-cache-status: EXPIRED
server: cloudflare
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/html
cf-ray: 887948be88ed9201-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 wpcdt-public.css
www.securonix.com/wp-content/plugins/countdown-timer-ultimate/assets/css/ 822 B
446 B 42ms
40ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/countdown-timer-ultimate/assets/css/wpcdt-public.css?ver=2.5

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

09bfea7e712355726b2d97bf0a13a80f8f8e5e5834a13d666d1cea2bd3ab31a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 188
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:44 GMT
server: cloudflare
etag: W/"66334868-336"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 887948be88ee9201-FRA

GET
H2 200 jquery.powertip.min.css
www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/css/ 2 KB
525 B 41ms
39ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/css/jquery.powertip.min.css?ver=1.2.0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

814189be4de21d42597f62ffcc0ee1d28b6326d795bbad2e922952cad4dabab1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 501453
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:44 GMT
server: cloudflare
etag: W/"66334868-70d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 887948be98ef9201-FRA

GET
H2 200 maps_points.css
www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/css/ 7 KB
2 KB 44ms
41ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/css/maps_points.css?ver=1.2.3

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a55a1504046635db1567af44c96b2a820151041a3d384726e32dad566684d899

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 188
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:44 GMT
server: cloudflare
etag: W/"66334868-1c2f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 887948be98f09201-FRA

GET
H2 200 default.css
www.securonix.com/wp-content/plugins/tablepress/css/build/ 6 KB
2 KB 45ms
43ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/tablepress/css/build/default.css?ver=2.1.7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c10bfd761676feda6e280e0d31794b1a8d21279f437ddb817a708d6fe0b72db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 501453
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:41 GMT
server: cloudflare
etag: W/"66334865-17cb"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 887948be98f19201-FRA

GET
H2 200 tablepress-responsive.min.css
www.securonix.com/wp-content/plugins/tablepress-responsive-tables/css/ 9 KB
1 KB 44ms
42ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.8

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

27e54854af25b175f482f4acc3c32a5dfd363ae62292e66b9212764d323af2db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 501453
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:41 GMT
server: cloudflare
etag: W/"66334865-22aa"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 887948be98f29201-FRA

GET
H2 200 addtoany.min.css
www.securonix.com/wp-content/plugins/add-to-any/ 2 KB
600 B 43ms
40ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.16

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c19e3e4151ea4933fa9ba9703c51fe20ad469237771214b1c5001d1b107ddef5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 501453
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:49 GMT
server: cloudflare
etag: W/"6633486d-644"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 887948be98f39201-FRA

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
932 B 87ms
33ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Work+Sans:ital,wght@0,300..700;1,300..700&display=swap

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

09ba5df6e121c4577cac7addaca7ab9f189e8c1afd745652396b05f8e45baf0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Wed, 22 May 2024 02:12:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 22 May 2024 02:12:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 22 May 2024 02:12:56 GMT

GET
H3 200 select2.min.css
cdnjs.cloudflare.com/ajax/libs/select2/4.1.0-beta.1/css/ 15 KB
2 KB 55ms
30ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/select2/4.1.0-beta.1/css/select2.min.css?ver=1.2.44

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

907f4395f54e25a1da1181672f1a498e98b26f7bfc6dcb6c209a737472451e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 355936
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1676
last-modified: Tue, 26 May 2020 03:00:41 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5ecc8659-3dcf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y7MvTgqUNb2XvxZI2q3Qed8sSopiOH0vFUSKsIdwmAJ%2FTDZ0n8O9PLQpkUV2uTQf%2FjQdyl3UEQjK9DF1d7hENdO1saQHSzlGhK5BiDckYtq7fB1FB6sMaDha8Z%2Fw%2BYaffmUmwV1i9OtPOpVChetzrV66"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 887948beb8379764-FRA
expires: Mon, 12 May 2025 02:12:56 GMT

GET
H2 200 single-common.css
www.securonix.com/wp-content/themes/securonix-hybrid/assets/css/ 20 KB
3 KB 46ms
44ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/themes/securonix-hybrid/assets/css/single-common.css?ver=1.2.44

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

815efed52d302d63cc90dd4c2984f2bcddd384161193043c6baa1f35a4b82d39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 490266
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 16 May 2024 06:06:24 GMT
server: cloudflare
etag: W/"6645a260-4ecf"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 887948be98f49201-FRA

GET
H2 200 avia-merged-styles-6292885bf0f081c03abe0eedd6656911---66438f1cd60d8.css
www.securonix.com/wp-content/uploads/dynamic_avia/ 128 KB
22 KB 45ms
43ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/uploads/dynamic_avia/avia-merged-styles-6292885bf0f081c03abe0eedd6656911---66438f1cd60d8.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d086eb4e753d9937b5a54ec517bc5e2a13f320121a35834e8d00354a991bdc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 501453
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 14 May 2024 16:19:40 GMT
server: cloudflare
etag: W/"66438f1c-1ffe6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 887948be98f59201-FRA

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ 86 KB
31 KB 73ms
21ms Script
text/javascript 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js?ver=3.4.1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 14:47:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41138
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30774
x-xss-protection: 0
last-modified: Mon, 13 May 2019 14:37:17 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 May 2025 14:47:18 GMT

GET
H2 404 library.js
www.securonix.com/wp-content/themes/punch/js/ 0
0 229ms
228ms Script
text/html 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securonix.com/wp-content/themes/punch/js/library.js?ver=6.5.3
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:56 GMT
content-encoding: br
cf-cache-status: EXPIRED
server: cloudflare
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/html
cf-ray: 887948beb8fd9201-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 ajax.js Show response
www.securonix.com/wp-content/mu-plugins/kmdg-framework//assets/js/ 3 KB
1 KB 64ms
63ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/mu-plugins/kmdg-framework//assets/js/ajax.js?ver=KMDG_FRAMEWORK_VERSION

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ba0dc4a2c348e233bb9d06d948ac25172b3dafbe04aac1692e925742fcf095a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 501452
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:49 GMT
server: cloudflare
etag: W/"6633486d-bd5"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 887948beb8fe9201-FRA

GET
H2 404 bootstrap.min.js
www.securonix.com/wp-content/themes/punch/js/ 0
0 233ms
232ms Script
text/html 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securonix.com/wp-content/themes/punch/js/bootstrap.min.js?ver=3.3.2
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:56 GMT
content-encoding: br
cf-cache-status: EXPIRED
server: cloudflare
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/html
cf-ray: 887948beb8ff9201-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 page.js Show response
static.addtoany.com/menu/ 3 KB
2 KB 62ms
35ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e0cc78c402cbc02fdfd41cd77c5fd6ffbd8066cc07935ea8eb5f3fcc59744a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10646
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"e346c2841e4abbb66ee259e9540abb61"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pSWuwGEKYp3%2FHrXsJvtDWSMOwSr%2BCVL%2B9Z%2F45gMajqHvRRQZ558MLdalVyC%2F2CY7f0ogoiQrJFoyNs9g8Gxk3AtXGW9nbQwoV6%2BNhjWTQnTaRHZJ9DSfqhOseS6bAXgcc0b9CUCP"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400, stale-while-revalidate=30, public
cf-ray: 887948c06b309b6e-FRA

GET
H3 200 addtoany.min.js Show response
www.securonix.com/wp-content/plugins/add-to-any/ 129 B
474 B 114ms
112ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 501454
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:49 GMT
server: cloudflare
etag: W/"6633486d-81"
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 887948c048422bf3-FRA

GET
H2 200 Securonix-logo.webp
www.securonix.com/wp-content/uploads/2024/04/ 14 KB
14 KB 64ms
64ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/04/Securonix-logo.webp

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2bf92d09ea70e1745242a22e86adb8088bc17c61a744c2f3d984601f6bd4e423

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 501451
alt-svc: h3=":443"; ma=86400
content-length: 14448
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:30 GMT
server: cloudflare
etag: "6633485a-3870"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 887948beb9009201-FRA

GET
H2 200 advisory_cloud_reverser_hero.png
www.securonix.com/wp-content/uploads/2024/05/ 1 MB
1 MB 66ms
65ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/05/advisory_cloud_reverser_hero.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d96ba030f3d3780ac143e918ba6ee787eaf4f796934f4d3343924583fbd92d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58321
cf-polished: origFmt=png, origSize=2066449
content-disposition: inline; filename="advisory_cloud_reverser_hero.webp"
alt-svc: h3=":443"; ma=86400
content-length: 1106316
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 20 May 2024 23:05:55 GMT
server: cloudflare
etag: "664bd753-1f8811"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 887948beb9029201-FRA

GET
H2 200 advisory_cloud_reverser_1.png
www.securonix.com/wp-content/uploads/2024/05/ 657 KB
658 KB 89ms
89ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/05/advisory_cloud_reverser_1.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8776d481e57e6ce40e31e96d1bcd9586147bfe699a554e9a679e62923fd47be6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58321
cf-polished: origFmt=png, origSize=1917491
content-disposition: inline; filename="advisory_cloud_reverser_1.webp"
alt-svc: h3=":443"; ma=86400
content-length: 672971
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 20 May 2024 23:05:47 GMT
server: cloudflare
etag: "664bd74b-1d4233"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 887948beb9049201-FRA

GET
H3 200 advisory_cloud_reverser_2.png
www.securonix.com/wp-content/uploads/2024/05/ 717 KB
718 KB 41ms
41ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/05/advisory_cloud_reverser_2.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

87eee01d7725fdd4e4f8194269b3b91105aff6dff516e38aeb8f9c5aecd07a28

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58321
cf-polished: origFmt=png, origSize=2071940
content-disposition: inline; filename="advisory_cloud_reverser_2.webp"
alt-svc: h3=":443"; ma=86400
content-length: 734510
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 20 May 2024 23:05:40 GMT
server: cloudflare
etag: "664bd744-1f9d84"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 887948bf8fd22bf3-FRA

GET
H3 200 advisory_cloud_reverser_3.png
www.securonix.com/wp-content/uploads/2024/05/ 1 MB
1 MB 174ms
174ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/05/advisory_cloud_reverser_3.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2b665f6f976d349e0cf57ccc337acb60f8070c6c752e60c26dc01d4993b4709

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58321
cf-polished: origFmt=png, origSize=2991538
content-disposition: inline; filename="advisory_cloud_reverser_3.webp"
alt-svc: h3=":443"; ma=86400
content-length: 1057445
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 20 May 2024 23:05:29 GMT
server: cloudflare
etag: "664bd739-2da5b2"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 887948bf9fd92bf3-FRA

GET
H3 200 advisory_cloud_reverser_4.png
www.securonix.com/wp-content/uploads/2024/05/ 949 KB
950 KB 115ms
113ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/05/advisory_cloud_reverser_4.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f22d7123257bc9de7677f0bf8a8f87809854b51b23385428d7be1679f2330cdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58322
cf-polished: origFmt=png, origSize=2876488
content-disposition: inline; filename="advisory_cloud_reverser_4.webp"
alt-svc: h3=":443"; ma=86400
content-length: 971737
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 20 May 2024 23:05:19 GMT
server: cloudflare
etag: "664bd72f-2be448"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 887948c048432bf3-FRA

GET
H3 200 advisory_cloud_reverser_5.png
www.securonix.com/wp-content/uploads/2024/05/ 945 KB
946 KB 564ms
562ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/05/advisory_cloud_reverser_5.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

548e07a84aaf92271f7632e58401a21ded0e9df8a25c07e50254d7e6c48da51e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58322
cf-polished: origFmt=png, origSize=2910487
content-disposition: inline; filename="advisory_cloud_reverser_5.webp"
alt-svc: h3=":443"; ma=86400
content-length: 967962
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 20 May 2024 23:05:09 GMT
server: cloudflare
etag: "664bd725-2c6917"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 887948c048442bf3-FRA

GET
H3 200 advisory_cloud_reverser_6.png
www.securonix.com/wp-content/uploads/2024/05/ 747 KB
748 KB 121ms
119ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/05/advisory_cloud_reverser_6.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0fcd5fbef48c9194895bf43033a7710672ad97e5a605647e8563d0d9fa973c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58322
cf-polished: origFmt=png, origSize=2212553
content-disposition: inline; filename="advisory_cloud_reverser_6.webp"
alt-svc: h3=":443"; ma=86400
content-length: 764924
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 20 May 2024 23:05:01 GMT
server: cloudflare
etag: "664bd71d-21c2c9"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 887948c048452bf3-FRA

GET
H3 200 advisory_cloud_reverser_7.png
www.securonix.com/wp-content/uploads/2024/05/ 957 KB
957 KB 165ms
164ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/05/advisory_cloud_reverser_7.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed7d5f0f1cdd3cef6ce4dc63316939d611132b88170aecc005c9959b7aac3498

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58322
cf-polished: origFmt=png, origSize=2920161
content-disposition: inline; filename="advisory_cloud_reverser_7.webp"
alt-svc: h3=":443"; ma=86400
content-length: 979538
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 20 May 2024 23:04:51 GMT
server: cloudflare
etag: "664bd713-2c8ee1"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 887948c048462bf3-FRA

GET
H3 200 advisory_cloud_reverser_8.png
www.securonix.com/wp-content/uploads/2024/05/ 929 KB
930 KB 210ms
209ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/05/advisory_cloud_reverser_8.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e85eb9077e02db39d520e42745a7bb4b20306402bc28f974656e5a37bfa08a5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58322
cf-polished: origFmt=png, origSize=2849701
content-disposition: inline; filename="advisory_cloud_reverser_8.webp"
alt-svc: h3=":443"; ma=86400
content-length: 951440
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 20 May 2024 23:04:42 GMT
server: cloudflare
etag: "664bd70a-2b7ba5"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 887948c048472bf3-FRA

GET
H3 200 advisory_cloud_reverser_10.png
www.securonix.com/wp-content/uploads/2024/05/ 1 MB
1 MB 237ms
236ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/05/advisory_cloud_reverser_10.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c7c9d975f6f8560b3bb76c3c4e9d840ac386875245819d85d4a45351a3aa203

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58322
cf-polished: origFmt=png, origSize=3671250
content-disposition: inline; filename="advisory_cloud_reverser_10.webp"
alt-svc: h3=":443"; ma=86400
content-length: 1310967
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 20 May 2024 23:04:21 GMT
server: cloudflare
etag: "664bd6f5-3804d2"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 887948c048482bf3-FRA

GET
H3 200 advisory_cloud_reverser_11.png
www.securonix.com/wp-content/uploads/2024/05/ 524 KB
524 KB 283ms
282ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/05/advisory_cloud_reverser_11.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

72d9d32e497540a227247b9a64fd1a86c023db9eb731146ff5884aa83b2ce453

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58322
cf-polished: origFmt=png, origSize=1558054
content-disposition: inline; filename="advisory_cloud_reverser_11.webp"
alt-svc: h3=":443"; ma=86400
content-length: 536150
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 20 May 2024 23:04:13 GMT
server: cloudflare
etag: "664bd6ed-17c626"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 887948c048492bf3-FRA

GET
H3 200 advisory_cloud_reverser_12.png
www.securonix.com/wp-content/uploads/2024/05/ 745 KB
745 KB 308ms
307ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/05/advisory_cloud_reverser_12.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

08414f9cb992a59955b46083d8f93797b1e729123fe737434d3fe1a53c6e6580

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58322
cf-polished: origFmt=png, origSize=2231810
content-disposition: inline; filename="advisory_cloud_reverser_12.webp"
alt-svc: h3=":443"; ma=86400
content-length: 762403
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 20 May 2024 23:04:04 GMT
server: cloudflare
etag: "664bd6e4-220e02"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 887948c0484a2bf3-FRA

GET
H3 404 global.js
www.securonix.com/wp-content/themes/punch/js/ 0
0 262ms
262ms Script
text/html 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.securonix.com/wp-content/themes/punch/js/global.js?ver=6.5.3
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
content-encoding: br
cf-cache-status: EXPIRED
server: cloudflare
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/html
cf-ray: 887948c048352bf3-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 jquery.powertip.min.js Show response
www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/js/ 11 KB
4 KB 110ms
108ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/js/jquery.powertip.min.js?ver=1.2.0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

80b41604ed76eb37787a40ba315a3af3a5c83b3bce68e39037deb9202582abc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 501452
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:44 GMT
server: cloudflare
etag: W/"66334868-2ae5"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 887948c048392bf3-FRA

GET
H3 200 maps_points.js Show response
www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/js/ 628 B
699 B 110ms
109ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/js/maps_points.js?ver=1.2.3

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0230904fa157dff50d8ecc1a80a203635fa812479f4432a69c3779986ab560e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 501452
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:44 GMT
server: cloudflare
etag: W/"66334868-274"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 887948c0483a2bf3-FRA

GET
H3 200 new-tab.js Show response
www.securonix.com/wp-content/plugins/page-links-to/dist/ 34 KB
13 KB 111ms
109ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/page-links-to/dist/new-tab.js?ver=3.3.7

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6dceecf8eaa03968e40b767206be8a36a13d7444557fced227454ae4f100e5c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 501452
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:44 GMT
server: cloudflare
etag: W/"66334868-8687"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 887948c0483c2bf3-FRA

GET
H3 200 smush-lazy-load.min.js Show response
www.securonix.com/wp-content/plugins/wp-smushit/app/assets/js/ 8 KB
4 KB 113ms
111ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.16.2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5bdcc9e3e427ad3a787ec7efe46d8c305e880eb44402c0000ff52f17ef6b0cdb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 501452
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:40 GMT
server: cloudflare
etag: W/"66334864-2018"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 887948c0483e2bf3-FRA

GET
H3 200 dropdown.js Show response
www.securonix.com/wp-content/plugins/gtranslate/js/ 13 KB
5 KB 356ms
355ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/gtranslate/js/dropdown.js?ver=6.5.3

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fcc408630bdf993595abbcc2a7ace8a55058dd7a3107236a68cd76a690e1ae9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 501452
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:44 GMT
server: cloudflare
etag: W/"66334868-326d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 887948c0484b2bf3-FRA

GET
H3 200 avia-footer-scripts-580cdc29960fb4a0f1ab0c8168a4daf0---66438f1d73677.js Show response
www.securonix.com/wp-content/uploads/dynamic_avia/ 12 KB
3 KB 114ms
112ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/uploads/dynamic_avia/avia-footer-scripts-580cdc29960fb4a0f1ab0c8168a4daf0---66438f1d73677.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ebb2ce2e9e5c77cc2c4081b2d88c1f10d471b0f9b440e672465d276f507273a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 501452
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 14 May 2024 16:19:41 GMT
server: cloudflare
etag: W/"66438f1d-31a1"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 887948c048402bf3-FRA

GET
BLOB 200
OK 38c2bd65-7512-416a-a4db-a81c9979b888
https://www.securonix.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.securonix.com/38c2bd65-7512-416a-a4db-a81c9979b888
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Length: 1185
Content-Type: text/javascript

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 314 KB
105 KB 97ms
45ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fd963f519fc61abe81b72d433e0fbba40d85650d2fe3f880096964bc3ff30b2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 107273
x-xss-protection: 0
last-modified: Wed, 22 May 2024 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 22 May 2024 02:12:57 GMT

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 QGYsz_wNahGAdqQ43Rh_fKDp.woff2
fonts.gstatic.com/s/worksans/v19/ 49 KB
50 KB 73ms
23ms Font
font/woff2 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/worksans/v19/QGYsz_wNahGAdqQ43Rh_fKDp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Work+Sans:ital,wght@0,300..700;1,300..700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6912f7388531e949bd5406b5668cd6b55fea4cc7e2d123dbaed489054dd98438

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 14:41:20 GMT
x-content-type-options: nosniff
age: 41497
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50668
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 01:13:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 May 2025 14:41:20 GMT

GET
H3 200 Dev-Gradient-Bottom-Top-Purple-Lines.png
www.securonix.com/wp-content/themes/securonix-hybrid/assets/img/png/ 120 KB
120 KB 350ms
350ms Image
image/png 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/themes/securonix-hybrid/assets/img/png/Dev-Gradient-Bottom-Top-Purple-Lines.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/wp-content/uploads/dynamic_avia/avia-merged-styles-6292885bf0f081c03abe0eedd6656911---66438f1cd60d8.css

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

55a87f3988c2d2dc254d7fcf23779d87635baace698dda2ff0c1472a37a04599

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/wp-content/uploads/dynamic_avia/avia-merged-styles-6292885bf0f081c03abe0eedd6656911---66438f1cd60d8.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 501452
cf-polished: origSize=632173, status=webp_bigger
alt-svc: h3=":443"; ma=86400
content-length: 122642
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 02 May 2024 21:18:03 GMT
server: cloudflare
etag: "6634030b-9a56d"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 887948c0584e2bf3-FRA

GET
H3 200 securonix-icons.woff2
www.securonix.com/wp-content/uploads/avia_fonts/securonix-icons/ 12 KB
13 KB 315ms
314ms Font
font/woff2 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/uploads/avia_fonts/securonix-icons/securonix-icons.woff2?ver=1.2.44

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dca84be2a8ca915e8c51d04e316d25f8a7d49374c6b22a688ceb7eb05e457920

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 501452
alt-svc: h3=":443"; ma=86400
content-length: 12604
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:29 GMT
server: cloudflare
etag: "66334859-313c"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 887948c0786a2bf3-FRA

GET
H3 200 fa-fontello.woff2
www.securonix.com/wp-content/themes/punch/assets/fonts/ 5 KB
5 KB 315ms
315ms Font
font/woff2 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/themes/punch/assets/fonts/fa-fontello.woff2?ver=1.2.44

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e67d703e0c13b20be535d048fac3610238856ddda14cfb9cb5aa8c4a77486b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 8841
alt-svc: h3=":443"; ma=86400
content-length: 4636
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:39 GMT
server: cloudflare
etag: "66334863-121c"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 887948c0786b2bf3-FRA

GET
H3 200 sm.25.html
static.addtoany.com/menu/ Frame 5C65 0
0 65ms
43ms Document
text/html 2606:4700:10::6816:47c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.25.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.securonix.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
age: 27333
alt-svc: h3=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 887948c0ce233636-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 22 May 2024 02:12:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zf100L6iTlFg050p7ry6jRCgFGHrlS0bsxSt474zPbv6Js%2FpRKoLWALzrYpDxRf3QjEFWUE4M2zn0fPIU%2FMuTy3YgdnJMM4pjeMhyeSgmPbO3S%2BATW9DbP6u5N%2FFxnuqjOOjZMjq"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H3 200 core.BRQnzO8v.js Show response
static.addtoany.com/menu/modules/ 70 KB
26 KB 62ms
37ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91b9b24f0aa59668e4d0a770ee7a294b9baa361a76a20ade8128cd0482a5d805

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11297
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"25da5432b1057724b8210f17e9b9db05"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yHIY1owk9y7zgtZGrqGdPXn45fVyf3b3nAQMc3AjR9hIPWDWuLPHjHjg0vS9RDzOQUAAcwxytubTg%2F70S%2Frruv0%2Fy6lnduMOULf1eWIZBfOB2ayut9VeTLok397yciq0GpQgt5et"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000, immutable
cf-ray: 887948c0d8111c3e-FRA

GET
H2 200 base.js Show response
embed.formhq.net/v1/ 6 KB
3 KB 438ms
381ms Script
application/javascript 2606:4700:3108::ac42:283b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.formhq.net/v1/base.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:283b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7495655518a178afcfca8f950660f990e6169eb01960dd2bc8c9a19fd533557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=6385
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Tue, 01 Nov 2022 14:37:50 GMT
server: cloudflare
etag: W/"63612f3e-18f1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DqhiorY%2B9z3XDOr%2FtjDvpmX9xOaNkM5BJFiG%2FtyjjPrr9X2VeBvvt8CIAOiXaRXgtoIPuZE72uE1WLUe%2B4B1vF21GugkAaEp9oPl8tq%2FqsqWRO4RFyQ1vA%2B1DX3KeG6m0VFUyyarYyTdNyHwXfYJ"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=1800
cf-ray: 887948c1d8962bc6-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 278 KB
96 KB 42ms
41ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-JPYDLXGD3Q&l=improvedGA4dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

445e8d306421fb1863eb8507312d7a20787cc4d0020347ace7adc0abdb52d15c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 97966
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 22 May 2024 02:12:57 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 66 KB
18 KB 176ms
39ms Script
application/javascript 2.17.147.176
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-147-176.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dc93c5b3243e66c7b2e27c51b76fa6a11bd7a6d7546c5fa26bbffa001f885305

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 22 May 2024 02:12:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 09 May 2024 06:01:25 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "663c66b5-106b3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 18038
expires: Wed, 22 May 2024 02:12:57 GMT

GET
H2 200 attributor.min.js Show response
cdn.jsdelivr.net/gh/derekcavaliero/attributor@latest/dist/ 7 KB
3 KB 64ms
21ms Script
application/javascript 2a04:4e42::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/derekcavaliero/attributor@latest/dist/attributor.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

435c1051149272e940e0bfbda1b4e09662f4408e658aa0ee899177819c9b8008

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 22 May 2024 02:12:57 GMT
x-content-type-options: nosniff
content-encoding: br
age: 33857
x-jsd-version: master
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2823
x-served-by: cache-fra-etou8220061-FRA
x-jsd-version-type: branch
etag: W/"1da1-KfePJ46ikK9jPpNwOZncE3ivfdg"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 233 KB
83 KB 44ms
44ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-1004449086&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

698c32ec06fb424309d16f308661ac1fccad457ee9ae20657c32e1c164d4bea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85059
x-xss-protection: 0
last-modified: Wed, 22 May 2024 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 22 May 2024 02:12:57 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 110ms
46ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Wed, 22 May 2024 02:12:56 GMT
last-modified: Thu, 29 Feb 2024 19:58:06 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 02D6113C96C14E4D8BAC330B3B01B14E Ref B: DUS30EDGE0418 Ref C: 2024-05-22T02:12:57Z
etag: "01b4e9c496bda1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13261

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 47 KB
17 KB 113ms
37ms Script
application/javascript 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 06 May 2024 17:20:18 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=60576
accept-ranges: bytes
content-length: 16683

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 88 KB
27 KB 112ms
34ms Script
text/javascript 2600:9000:2127:d600:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:d600:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 54034a97c2cd2fd617136446cef1993cfef5937fe2896ee7e4bd569cd18c94e5

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

X-Amz-Version-Id: e6sYwBOpzRqd5bOAndACb6fCQ4ER0PM6
Content-Encoding: gzip
Via: 1.1 0bb58964819755c192fe9c24c342bd1a.cloudfront.net (CloudFront)
Date: Wed, 22 May 2024 01:43:24 GMT
Age: 1774
X-Amz-Cf-Pop: PRG50-C1
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Tue, 21 May 2024 20:50:40 GMT
Server: AmazonS3
Etag: W/"da9bcd3341c4a1872c566741252e0d5f"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: vK0BfEG4LDxSCn9aKjsFuy6AR7HDNlOCb06NOVkutS01trPqC8Bq0w==

GET
H2

200

web-vitals.iife.js Show response
unpkg.com/web-vitals@4.0.0/dist/
Redirect Chain

https://unpkg.com/web-vitals/dist/web-vitals.iife.js
https://unpkg.com/web-vitals@4.0.0/dist/web-vitals.iife.js

7 KB
3 KB

30ms
30ms

Script
application/javascript

2606:4700::6811:f7cb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/web-vitals@4.0.0/dist/web-vitals.iife.js

Requested by

Protocol

Server

2606:4700::6811:f7cb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ca9f20823ffa1266144cc2c6af10f9fe097305ace8fb845dd48ee045e81b235

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 712394
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HXSSRW3C1EGBHX3E75TJKWSD-fra
server: cloudflare
etag: "1be8-Asejo4oSGPcpOI3xecqzNKSnPdQ"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 887948c21e003a44-FRA

Redirect headers

date: Wed, 22 May 2024 02:12:57 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
fly-request-id: 01HYF0SV0A6S0TDPDA0Y5X5HWJ-fra
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 379
server: cloudflare
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /web-vitals@4.0.0/dist/web-vitals.iife.js
cache-control: public, s-maxage=600, max-age=60
cf-ray: 887948c1dddd3a44-FRA

GET
H2 200 r32rm8p2zmht.js Show response
js.driftt.com/include/1716344100000/ 221 KB
62 KB 506ms
446ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1716344100000/r32rm8p2zmht.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b5ef7dd34cf17eb441a01a651d089e520dff86ae2337ff95ee079f46a394880a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
x-amz-version-id: Z_PrOFTRMvL4O0aYU62zlt9FokvO7ucK
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 77d19519a1c9ed821ab469548b9d17f4.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 33
last-modified: Fri, 03 May 2024 15:33:08 GMT
server: istio-envoy
etag: W/"cb9fee71607daf9b9d3bb7b3d5abc6da"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: juOeb7DUBNdqBlR3DqOxTzAooYR1Zs3VyYGqRDiNfdy9mP-ZoGzqBw==

GET
H3 200 Securonix-logo-alt.webp
www.securonix.com/wp-content/uploads/2024/04/ 14 KB
14 KB 79ms
79ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/04/Securonix-logo-alt.webp

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

195ead3f2c695bbc2891e27e0f4fb3d31f08097370ed4fc66abfe75b07fc238b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 501450
alt-svc: h3=":443"; ma=86400
content-length: 14378
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:30 GMT
server: cloudflare
etag: "6633485a-382a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 887948c1f9302bf3-FRA

GET
H3 200 body.css
www.securonix.com/wp-content/themes/punch/assets/css/ 6 KB
2 KB 77ms
77ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/themes/punch/assets/css/body.css?v=1.0.94

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

585855ece0f56ae59cf584f5068fc0b2f0742d9e55d6b1ef79b6e54916afbe5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 501449
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 08:01:39 GMT
server: cloudflare
etag: W/"66334863-160c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 887948c1f9342bf3-FRA

POST
H2 204 collect
region1.analytics.google.com/g/ 0
256 B 89ms
30ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-JPYDLXGD3Q&gtm=45je45k0v891181397za200&_p=1716343977.29&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=34590684.1716343977&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.207%7CGoogle%2520Chrome%3B124.0.6367.207%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&frm=0&pscdl=noapi&_s=1&cu=USD&dl=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware%2F&sid=1716343977&sct=1&seg=0&dt=Analysis%20and%20Detection%20of%20CLOUD%23REVERSER%3A%20An%20Attack%20Involving%20Threat%20Actors%20Compromising%20Systems%20Using%20A%20Sophisticated%20Cloud-Based%20Malware%20-%20Securonix&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=902
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JPYDLXGD3Q&l=improvedGA4dataLayer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 22 May 2024 02:12:57 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.securonix.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
247 B 98ms
34ms Ping
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-JPYDLXGD3Q&cid=34590684.1716343977&gtm=45je45k0v891181397za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JPYDLXGD3Q&l=improvedGA4dataLayer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 22 May 2024 02:12:57 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.securonix.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 65ms
33ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-JPYDLXGD3Q&cid=34590684.1716343977&gtm=45je45k0v891181397za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=2030979556

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 22 May 2024 02:12:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 27010718.js Show response
bat.bing.com/p/action/ 0
118 B 46ms
46ms Script
text/plain 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/27010718.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Wed, 22 May 2024 02:12:56 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9B0804B0B72D4CA58FEC5B90986BAE54 Ref B: DUS30EDGE0418 Ref C: 2024-05-22T02:12:57Z
x-cache: CONFIG_NOCACHE

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
619 B 257ms
201ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: *
Referer: https://www.securonix.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:56 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: AE010260A5F64C5B982E881AFC670ACC Ref B: FRAEDGE1211 Ref C: 2024-05-22T02:12:57Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
access-control-allow-origin: https://www.securonix.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYZAXkW5xaAaUcqYI4YKw==

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/pre/
Redirect Chain

https://s.adroll.com/j/pre/VJKZ2AZ6BRDQFPNHOW6CAP/4OKRMX7MDFHPZJ45XTA2IN/fpconsent.js
https://s.adroll.com/j/pre/index.js

0
756 B

46ms
28ms

Script
application/javascript

2600:9000:2127:d600:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/index.js
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Protocol: HTTP/1.1
Server: 2600:9000:2127:d600:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

X-Amz-Version-Id: nQEe8wQ7h0ROt7P4GJfDfstto6x684Hy
Date: Tue, 21 May 2024 07:29:40 GMT
Via: 1.1 a1c66294cb416b399374a845b97656d2.cloudfront.net (CloudFront)
Age: 67398
X-Amz-Cf-Pop: PRG50-C1
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Wed, 15 Jan 2020 23:54:18 GMT
Server: AmazonS3
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: etKNNsagTrtyxESJfyk00iE1EVP2CqKJb3id2tkcCfmewuMhxsNtPQ==

Redirect headers

Date: Tue, 21 May 2024 22:16:12 GMT
Via: 1.1 0bb58964819755c192fe9c24c342bd1a.cloudfront.net (CloudFront)
Age: 14204
X-Amz-Cf-Pop: PRG50-C1
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Location: https://s.adroll.com/j/pre/index.js
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: CWNPTHYqaWymXV4P6In3g-SNkoMpZc7tW-bX4m-a2cediNhkhGQxfg==

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/VJKZ2AZ6BRDQFPNHOW6CAP/4OKRMX7MDFHPZJ45XTA2IN/ 9 KB
4 KB 74ms
44ms Script
text/javascript 2600:9000:2127:d600:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/VJKZ2AZ6BRDQFPNHOW6CAP/4OKRMX7MDFHPZJ45XTA2IN/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:d600:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a7616157191cea33870e61c8f37b9842c4a63088c5821eeee34e570679e904f

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

X-Amz-Version-Id: 2.4Yj6b9BGkLX0WUp91Tt_gbv.CooOgv
Content-Encoding: gzip
Via: 1.1 0bb58964819755c192fe9c24c342bd1a.cloudfront.net (CloudFront)
Date: Wed, 22 May 2024 01:14:32 GMT
Age: 3505
X-Amz-Cf-Pop: PRG50-C1
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Sat, 18 May 2024 11:21:20 GMT
Server: AmazonS3
Etag: W/"706be4fd28aeb971d2ff83a528c2073a"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: qm4uqQQuDz46firEG_u6sW0H2g0XlZVfp5gtp8BqS5_tN00_yLgbBw==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1716343977321&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-co...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1716343977321&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-co...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D61924%26time%3D1716343977321%26url%3Dhttps%253A%252F%252Fwww.securonix.com%252Fbl...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1716343977321&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-co...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1716343977321&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-c...

0
265 B

403ms
332ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1716343977321&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQK4L6cBr9K_hgAAAY-eErfYVA6vKWYhg3AU9x_t7DZaFvW_3xnKYFImMJKSFRXctTYWsdN0YrPs3jHlNr9E5MwzZN1fJQ
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 75DA3447DFF54AAFA061A89F9384BDD2 Ref B: FRAEDGE1520 Ref C: 2024-05-22T02:12:58Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYZAXkiW0bfbSWZG8oLlg==

Redirect headers

date: Wed, 22 May 2024 02:12:57 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 9C6E4A85C59B40EC9F77ADB9EF18EFAF Ref B: FRAEDGE1211 Ref C: 2024-05-22T02:12:57Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1716343977321&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQK4L6cBr9K_hgAAAY-eErfYVA6vKWYhg3AU9x_t7DZaFvW_3xnKYFImMJKSFRXctTYWsdN0YrPs3jHlNr9E5MwzZN1fJQ
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYZAXkeCu4P72qwQGyCnw==

GET
H3 200 body.css
www.securonix.com/wp-content/themes/securonix-hybrid/assets/css/ 31 KB
7 KB 37ms
37ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/themes/securonix-hybrid/assets/css/body.css?v=1.2.44

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7005419bf0746448cdd34e001e2d0893da52625b926233ae7f085002c05f2bd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 501449
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 May 2024 21:18:03 GMT
server: cloudflare
etag: W/"6634030b-7ab2"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 887948c279702bf3-FRA

GET
H3 200 de.js Show response
static.addtoany.com/menu/locale/ 750 B
1021 B 35ms
35ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/locale/de.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e26044e4f60fab991ddde9378091a990f77cad49dadf8d6b4bd96c632428546c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 22611
cf-polished: origSize=902
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"86610d84a116a5704d658324728b063f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Dk50oChM5XKQ6LIJlOkmIg9HD9gV032LmVAdZeibN02rsd1SOcuvLeE%2BGgt%2FVUs%2FosJTQE0znBwKk9xeiwGB%2BmcXw40sxyFiBnWC6je2ANaWYfg18ykGlIQ1A%2BUPPnaUew1rPLCqsxL%2FzYPnNA6LJjL"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400, stale-while-revalidate=30, public
cf-ray: 887948c2bc939b6e-FRA

GET
H3 200 linkedin.js Show response
static.addtoany.com/menu/svg/icons/ 435 B
824 B 36ms
36ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/linkedin.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce5dbb2cdb85126fdc9d774971a56f8848dbee977a382bd512a5f8b49ea8c727

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11297
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"00b1b78053ab07c79bfea2e5a1db9d70"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DbwgrYh4ke%2F3M53JYkDlwHMGaqi%2Br3gocMGMv4FFrGJtrHmtLPB36HEjoWH5DtRtCxEw4hqNfBDhuRDhGgY2ILznV%2FG85lWa%2FKGfyihpXhJPXzWSBZ021oA7iUsFJg58Sk76pU7z"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 887948c2b99b1c3e-FRA

GET
H3 200 twitter.js Show response
static.addtoany.com/menu/svg/icons/ 645 B
920 B 37ms
37ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/twitter.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3003867b66a32c12fdafeefc27cf06d906e5a99ba275550ab757f4bb04834636

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11297
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"af2b829f9b79fabec7c0148a8b7e444b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iLJpL34lYaXxKGgxOBojpW82w8H40csny1IZ1zv%2FAj6Vj2F%2F90Zkz6Ya9jUzNxowhkZgibWUPYTAZvXesFE17R2UJSrR3bIs6ygd8Kii4G%2BcQLqJHHUokZJwrOc%2BQuxMFTbpIdCq"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 887948c2b99c1c3e-FRA

GET
H3 200 facebook.js Show response
static.addtoany.com/menu/svg/icons/ 429 B
825 B 38ms
38ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/facebook.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b475960843a5619b907af1f0a89e3136bd5e6a4a700ec78cb417f302647cf49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11297
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"68925fa8e347041c6006837e73c518bc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r02qRTnd8oo6FvUMo0FWaJ6Q3MdAQxBIMGVvkCLPDHWG%2BCWuZlpDef5oTKKe4qFWuGsXjsNFThmXAdKpRvA8fQlsb0dXQtR%2FIPNWOV5WMz3JvQaqmhDafmmKghDJUpqy3oacQE%2Ff"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 887948c2b99f1c3e-FRA

GET
H3 200 a2a.js Show response
static.addtoany.com/menu/svg/icons/ 182 B
689 B 37ms
37ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/a2a.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dab93242ee573bbcfc22c9d15acd47794e500ed44e6bd48a35400b39d65aa43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11297
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"0aca4ea1e5f8f250126a8e0c597dd969"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NMquDGUR1NcBChyhul5MyqNWOfYvhfMKmvplOkok2Ah4wzVgvLJQyCgG06%2BbxEduIQIUbx%2Byoe9sQBqMJ8lQFvZhEYu9qwAjtFU7y0kI05F18x3ZkfyPUPV6inYKMmrEBATVPlnppIt4ipnWuLbR60k4"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 887948c2b9a11c3e-FRA

GET
H3 200 email.js Show response
static.addtoany.com/menu/svg/icons/ 415 B
818 B 38ms
38ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons/email.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d432ad1988efa5b258294f52dae3d1b4c10660aec15e49017e21a1ee74bfd453

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://static.addtoany.com/menu/modules/core.BRQnzO8v.js
Origin: https://www.securonix.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11297
content-encoding: br
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"eb2119ad4221a9d01abc336e06962867"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=za4ZtNvE%2FV36lxXp7L1IFgCQ7ja8MmIvUoYHBiMY2mn3I1%2FYvuEU0P%2BhukiTi7YrO3P3ylT6hf1tnvaDsLFCHN7Y0V6%2FPPyM26Xcj9yr4%2FFW2iPrmCcyFGLv%2BP7lbo2WD2t9GngL"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7776000, stale-while-revalidate=30, public
cf-ray: 887948c2b9a21c3e-FRA

GET
H3 200 wp-emoji-release.min.js Show response
www.securonix.com/wp-includes/js/ 18 KB
5 KB 69ms
69ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-includes/js/wp-emoji-release.min.js?ver=6.5.3

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 501448
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 13 Feb 2024 14:36:07 GMT
server: cloudflare
etag: W/"65cb7e57-4926"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
cf-ray: 887948c2b9902bf3-FRA

GET
H2 204 0
bat.bing.com/action/ 0
287 B 47ms
46ms Image
text/plain 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=27010718&tm=gtm002&Ver=2&mid=ebe989db-ffe3-4f85-9a12-9ab6b9cd5b12&sid=ce63ce4017e011ef84ce7d9334453abe&vid=ce63d4c017e011ef9f8a77295413df4b&vids=1&msclkid=N&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=Analysis%20and%20Detection%20of%20CLOUD%23REVERSER%3A%20An%20Attack%20Involving%20Threat%20Actors%20Compromising%20Systems%20Using%20A%20Sophisticated%20Cloud-Based%20Malware%20-%20Securonix&p=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware%2F&r=&lt=1049&evt=pageLoad&sv=1&rn=26813

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 22 May 2024 02:12:56 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5FC7458435EA43C8BB516BE3556592B3 Ref B: DUS30EDGE0418 Ref C: 2024-05-22T02:12:57Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 VJKZ2AZ6BRDQFPNHOW6CAP Show response
d.adroll.com/consent/check/ 532 B
625 B 209ms
47ms Script
application/javascript 2a05:d018:cc3:fe04:b66c:5c27:5eeb:63c9
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/VJKZ2AZ6BRDQFPNHOW6CAP?pv=51995805212.96392&arrfrr=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware%2F&_s=1506a08da3c8294c51eda3448952c496&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:cc3:fe04:b66c:5c27:5eeb:63c9 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: 949a10582dea1073092dd7ee85f845045c8187177d8ef43f4598a5ba4068127b

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
server: nginx/1.22.1
content-length: 532
content-type: application/javascript

GET
H2 200 / Show response
c.6sc.co/ 7 B
195 B 50ms
40ms XHR
text/html 2.17.147.176
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-147-176.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.securonix.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 36 B
340 B 170ms
22ms XHR
text/html 2a02:26f0:ab00::214:8e41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ab00::214:8e41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: b4f7f29dea11a601a63e5709cc8f081aa4a481d75d8624b231db216473b144ab

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 22 May 2024 02:12:57 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.securonix.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2001:1b60:1010:3:1011:d31c:a706:7306
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1716343977518_34901565_330094951_33_1137_20_111_219";dur=1
content-length: 36
expires: Wed, 22 May 2024 02:12:57 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 150ms
142ms Image
image/gif 2.17.147.176
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=6f4a3ad5-ad34-40e9-829d-10b92524cc94&session=14062262-e643-45b6-875d-fe89da23fc2d&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2022%20May%202024%2002%3A12%3A57%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Securonix%20Threat%20Research%20team%20has%20discovered%20a%20new%20sophisticated%20infection%20chain%2C%20dubbed%20CLOUD%23REVERSER%2C%20which%20leverages%20popular%20cloud%20storage%20services%20like%20Google%20Drive%20and%20Dropbox%20to%20orchestrate%20the%20threat%20actor%E2%80%99s%20malicious%20operations.%20The%20usage%20of%20legitimate%20cloud-based%20storage%20was%20also%20a%20primary%20method%20of%20malware%20delivery%20during%20the%20DEEP%23GOSU%20campaign%20uncovered%20by%20the%20team%20earlier%20in%20the%20year.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20and%20Detection%20of%20CLOUD%23REVERSER%3A%20An%20Attack%20Involving%20Threat%20Actors%20Compromising%20Systems%20Using%20A%20Sophisticated%20Cloud-Based%20Malware%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware%2F&pageViewId=5b1e5fb7-fde0-4427-8174-f649792807c8&v=1.1.20

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-147-176.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 22 May 2024 02:12:57 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 22 May 2024 02:12:57 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 149ms
141ms Image
image/gif 2.17.147.176
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=6f4a3ad5-ad34-40e9-829d-10b92524cc94&session=14062262-e643-45b6-875d-fe89da23fc2d&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2022%20May%202024%2002%3A12%3A57%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%2205b12115ad17914938bf7667643ca0d3%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2022%20May%202024%2002%3A12%3A57%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2022%20May%202024%2002%3A12%3A57%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2022%20May%202024%2002%3A12%3A57%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%2245bc92abc111f3fccbf9c8779059ecfc1d69c9e6%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2022%20May%202024%2002%3A12%3A57%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Securonix%20Threat%20Research%20team%20has%20discovered%20a%20new%20sophisticated%20infection%20chain%2C%20dubbed%20CLOUD%23REVERSER%2C%20which%20leverages%20popular%20cloud%20storage%20services%20like%20Google%20Drive%20and%20Dropbox%20to%20orchestrate%20the%20threat%20actor%E2%80%99s%20malicious%20operations.%20The%20usage%20of%20legitimate%20cloud-based%20storage%20was%20also%20a%20primary%20method%20of%20malware%20delivery%20during%20the%20DEEP%23GOSU%20campaign%20uncovered%20by%20the%20team%20earlier%20in%20the%20year.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20and%20Detection%20of%20CLOUD%23REVERSER%3A%20An%20Attack%20Involving%20Threat%20Actors%20Compromising%20Systems%20Using%20A%20Sophisticated%20Cloud-Based%20Malware%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware%2F&pageViewId=5b1e5fb7-fde0-4427-8174-f649792807c8&v=1.1.20

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-147-176.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 22 May 2024 02:12:57 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 22 May 2024 02:12:57 GMT

GET
H2 200 bWFya2V0bw.js Show response
embed.formhq.net/v1/platforms/ 422 B
567 B 129ms
129ms Script
application/javascript 2606:4700:3108::ac42:283b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://embed.formhq.net/v1/platforms/bWFya2V0bw.js

Requested by

Host: embed.formhq.net
URL: https://embed.formhq.net/v1/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:283b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8737f50e2aa546ff4baeb4492fdd334a75dfc93e292aba2ab7a45a8c3a73e4c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=423
x-xss-protection: 1; mode=block
cf-bgj: minify
last-modified: Tue, 02 Aug 2022 14:00:38 GMT
server: cloudflare
etag: W/"62e92e06-1a7"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZnL3lAGCR2PSSkqPBODMClQA63%2FthPTAKUe3ovEsqjbgi%2BVmEQ0TLi97siSavLKx9ljIgm9YeugwdC3mGElotRRj3CawNm3cDjYkZr4NNNrIErABKwsKEweeF2beXWmmDedhy6fcE1BKkcqVjvgN"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=1800
cf-ray: 887948c43a052bc6-FRA

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 769 B
730 B 191ms
148ms XHR
application/json 76.223.9.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash: 810fa2a3b55e453ecd985550d03ec94f57c492a7052f8f271e58110e8dd720eb

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Token 45bc92abc111f3fccbf9c8779059ecfc1d69c9e6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
X-6s-CustomID: WebTag1.0 05b12115ad17914938bf7667643ca0d3
Referer: https://www.securonix.com/
sec-ch-ua-platform: "Win32"

Response headers

x-trace-id: 1066581953457117014
date: Wed, 22 May 2024 02:12:57 GMT
content-encoding: gzip
server: nginx
vary: Origin, Accept-Encoding
content-type: application/json
x-6si-region: eu-central-1a
access-control-allow-origin: https://www.securonix.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 408

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 74ms
24ms Preflight 76.223.9.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.securonix.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.securonix.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Wed, 22 May 2024 02:12:57 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: eu-central-1a
x-trace-id: 6703177755786794458

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 141ms
141ms Image
image/gif 2.17.147.176
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=6f4a3ad5-ad34-40e9-829d-10b92524cc94&session=14062262-e643-45b6-875d-fe89da23fc2d&event=ipv6&q=%7B%22address%22%3A%222001%3A1b60%3A1010%3A3%3A1011%3Ad31c%3Aa706%3A7306%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Securonix%20Threat%20Research%20team%20has%20discovered%20a%20new%20sophisticated%20infection%20chain%2C%20dubbed%20CLOUD%23REVERSER%2C%20which%20leverages%20popular%20cloud%20storage%20services%20like%20Google%20Drive%20and%20Dropbox%20to%20orchestrate%20the%20threat%20actor%E2%80%99s%20malicious%20operations.%20The%20usage%20of%20legitimate%20cloud-based%20storage%20was%20also%20a%20primary%20method%20of%20malware%20delivery%20during%20the%20DEEP%23GOSU%20campaign%20uncovered%20by%20the%20team%20earlier%20in%20the%20year.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20and%20Detection%20of%20CLOUD%23REVERSER%3A%20An%20Attack%20Involving%20Threat%20Actors%20Compromising%20Systems%20Using%20A%20Sophisticated%20Cloud-Based%20Malware%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware%2F&pageViewId=5b1e5fb7-fde0-4427-8174-f649792807c8&v=1.1.20

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-147-176.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 22 May 2024 02:12:57 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 22 May 2024 02:12:57 GMT

GET
H/1.1 200
OK consent_tcfv2.js Show response
s.adroll.com/j/ 413 KB
83 KB 29ms
29ms Script
text/javascript 2600:9000:2127:d600:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/consent_tcfv2.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:d600:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3ec093226dbb4c5f2767562378e80a955db377003a72f5ff70cd65040983090f

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

X-Amz-Version-Id: E8Xqd_XzP1xGQPgJ2rRArNdUFnSvN3pa
Content-Encoding: gzip
Via: 1.1 a1c66294cb416b399374a845b97656d2.cloudfront.net (CloudFront)
Date: Wed, 22 May 2024 02:08:43 GMT
Age: 255
X-Amz-Cf-Pop: PRG50-C1
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Thu, 08 Feb 2024 21:46:10 GMT
Server: AmazonS3
Etag: W/"e1dc09168683fa834f599c01bb66de29"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: fEQkH77c84L8dZhfhQKs_rZd3N6PPsnuy9fFDF5e0YCBTBBXB2VwEA==

GET
H/1.1 200
OK nextroll-32x32.png
s.adroll.com/i/favicon/ 2 KB
2 KB 28ms
28ms Image
image/png 2600:9000:2127:d600:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.adroll.com/i/favicon/nextroll-32x32.png
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:d600:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

X-Amz-Version-Id: eTpwxbAIDHDUN.4tfrROIgU_pzKN9Xh0
Date: Wed, 22 May 2024 01:37:30 GMT
Via: 1.1 a1c66294cb416b399374a845b97656d2.cloudfront.net (CloudFront)
Age: 2219
X-Amz-Cf-Pop: PRG50-C1
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 1615
Last-Modified: Mon, 28 Jun 2021 18:19:21 GMT
Server: AmazonS3
Etag: "403a0a7dcf2d617e7ea852bfb9d11945"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: b2dFM1OwI7FIoWcwNMCErMxph0ulGb1XFYY0adH_3_q6nWbuprkI0g==

GET
H2 200 core
js.driftt.com/ Frame CB8D 0
0 200ms
147ms Document
text/html 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?d=1&embedId=r32rm8p2zmht&eId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=686c804d-648d-4a1e-bfaf-c7a0c5b98090&sessionStarted=1716343978.447&campaignRefreshToken=ddf42309-212d-41d2-ba38-c151c40e8663&hideController=false&pageLoadStartTime=1716343976709&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware%2F

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1716344100000/r32rm8p2zmht.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.securonix.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 22 May 2024 02:12:58 GMT
etag: W/"bfed674d771366425d072381f4efc1f7"
last-modified: Fri, 03 May 2024 15:32:45 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 cb11ca2ff3db5adbe7df4bca70e51594.cloudfront.net (CloudFront)
x-amz-cf-id: yU6uIzaGaVRYsW7l3O-_rcQnH_Nyf1QFsVoPvOQxxY7jmg295lGtig==
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: S5LI.Dztu4EwHCgPf20gC00X3KqcCutb
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 19

GET
H2 200 chat
js.driftt.com/core/ Frame B03D 0
0 202ms
151ms Document
text/html 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1716343976709

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1716344100000/r32rm8p2zmht.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.securonix.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 22 May 2024 02:12:58 GMT
etag: W/"bfed674d771366425d072381f4efc1f7"
last-modified: Fri, 03 May 2024 15:32:45 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 cb11ca2ff3db5adbe7df4bca70e51594.cloudfront.net (CloudFront)
x-amz-cf-id: Qr_cgA5lori7nYXtXe8v32AC_7SWW7rQVX1ZuzJL2XGAy7cncn0TKg==
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: S5LI.Dztu4EwHCgPf20gC00X3KqcCutb
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 20

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ 9 KB
3 KB 88ms
51ms Script
application/javascript 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c3ea3a972768896d2a84d6eb36d3f5919478ad9c091477c22a5362eb6d53aee4

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:58 GMT
x-amz-version-id: 4TVPkf0eH3kVl0Vjj3KPZI_FUiecs6et
via: 1.1 a823be133adad65df6d3bf471a742792.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
content-encoding: gzip
x-amz-cf-pop: FRA56-P4
age: 83712
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 15 May 2024 06:37:27 GMT
server: cloudflare
etag: W/"5c7228fc2640a4dfce48217428980fe3"
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 887948c9b8ca380d-FRA
x-amz-cf-id: kKMAc8E2xc4bYM2Gr74a9w4MtrwPJSWqPHVqTkOsz98lCjcm2XaISg==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 143ms
142ms Image
image/gif 2.17.147.176
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=6f4a3ad5-ad34-40e9-829d-10b92524cc94&session=14062262-e643-45b6-875d-fe89da23fc2d&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2022%20May%202024%2002%3A12%3A58%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2022%20May%202024%2002%3A12%3A57%20GMT%22%2C%22timeSpent%22%3A%221014%22%2C%22totalTimeSpent%22%3A%221014%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Securonix%20Threat%20Research%20team%20has%20discovered%20a%20new%20sophisticated%20infection%20chain%2C%20dubbed%20CLOUD%23REVERSER%2C%20which%20leverages%20popular%20cloud%20storage%20services%20like%20Google%20Drive%20and%20Dropbox%20to%20orchestrate%20the%20threat%20actor%E2%80%99s%20malicious%20operations.%20The%20usage%20of%20legitimate%20cloud-based%20storage%20was%20also%20a%20primary%20method%20of%20malware%20delivery%20during%20the%20DEEP%23GOSU%20campaign%20uncovered%20by%20the%20team%20earlier%20in%20the%20year.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20and%20Detection%20of%20CLOUD%23REVERSER%3A%20An%20Attack%20Involving%20Threat%20Actors%20Compromising%20Systems%20Using%20A%20Sophisticated%20Cloud-Based%20Malware%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware%2F&pageViewId=5b1e5fb7-fde0-4427-8174-f649792807c8&v=1.1.20

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-147-176.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 22 May 2024 02:12:58 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 22 May 2024 02:12:58 GMT

GET
H3 200 Securonix-EON-Data-Sheet-Featured-Image.jpg
www.securonix.com/wp-content/uploads/2024/04/ 72 KB
72 KB 47ms
46ms Image
image/jpeg 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2024/04/Securonix-EON-Data-Sheet-Featured-Image.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

515af980f6f9699ff77fa791ebab1eb62c21a31e37ed0acb10fc5da61e131824

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 501442
cf-polished: origSize=73758
alt-svc: h3=":443"; ma=86400
content-length: 73750
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 02 May 2024 16:59:00 GMT
server: cloudflare
etag: "6633c654-1201e"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 887948c9bd192bf3-FRA

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 203 B
558 B 183ms
182ms Fetch
application/json 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: db9cabe6e8551c5651bf9b62603f3e6c536b95a2b86a99c2eac9ba1b3ab35215

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Bearer 3e8e82dad11669757953
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.securonix.com/
visited_url: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/

Response headers

date: Wed, 22 May 2024 02:12:59 GMT
via: 1.1 9987fa8ab620895e83d1d8f10c40f6d2.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
x-amz-cf-pop: FRA56-P4
x-powered-by: Express
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
apigw-requestid: YJoqygGIPHcEPiA=
server: cloudflare
etag: W/"cb-/nHC/m6T5WtV0yK6WqOrowOnedI"
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cf-ray: 887948cd3f749748-FRA
x-amz-cf-id: a8CDidwueIAOqaNPUc7mUthHMOCEC_lIrua09oI5lY0_dv1vxoeHpw==

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 502ms
475ms Preflight 104.18.37.212
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://www.securonix.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
access-control-max-age: 0
alt-svc: h3=":443"; ma=86400
apigw-requestid: YJoqwjBbPHcEMkQ=
cf-cache-status: DYNAMIC
cf-ray: 887948ca3d6f9748-FRA
date: Wed, 22 May 2024 02:12:59 GMT
server: cloudflare
vary: Access-Control-Request-Headers
via: 1.1 f9c16664a13e70e73a4e280c7a0f2266.cloudfront.net (CloudFront)
x-amz-cf-id: -DyAX3vLtfVGTIu3Vdmt1GpIbjcGiCYTJt1ciwAI6w7HvthaTDlqkw==
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H3 200 cropped-cropped-cropped-cropped-Securonix-Logo_ForWeb-RGB_Icon-3-32x32.png
www.securonix.com/wp-content/uploads/2021/12/ 676 B
1 KB 42ms
42ms Other
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/uploads/2021/12/cropped-cropped-cropped-cropped-Securonix-Logo_ForWeb-RGB_Icon-3-32x32.png

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d381f3799814c3df53d341b475363a0c9116fb644fdd96b953d93950a6c1155b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
age: 287386
cf-polished: origFmt=png, origSize=836
content-disposition: inline; filename="cropped-cropped-cropped-cropped-Securonix-Logo_ForWeb-RGB_Icon-3-32x32.webp"
alt-svc: h3=":443"; ma=86400
content-length: 676
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 02 May 2024 08:01:35 GMT
server: cloudflare
etag: "6633485f-344"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()
accept-ranges: bytes
cf-ray: 887948cc4e6b2bf3-FRA

GET
H3 200 formcomplete.js Show response
ws-assets.zoominfo.com/ 90 KB
27 KB 94ms
57ms Script
application/javascript 2606:4700::6810:762b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:762b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:59 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 679
x-guploader-uploadid: ABPtcPqDTuUwQYoGNggOYSgRUFy1JV4y3UrY8j-RSU9BWR2Jrqc1s9ezzUPGMAMD9dXV3gsO-pSqOhS7mQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 16 May 2024 10:14:37 GMT
server: cloudflare
etag: W/"006455bd44ed289ddcc403d0ecd96ab0"
x-goog-hash: crc32c=p5SAHw==, md5=AGRVvUTtKJ3cxAPQ7NlqsA==
x-goog-generation: 1715854477710382
content-type: application/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 91778
cf-ray: 887948ce8dbe9159-FRA
expires: Wed, 22 May 2024 03:01:40 GMT

GET
H3 200 / Show response
ws.zoominfo.com/pixel/62ffe38de2e537008ecb115f/ 3 KB
2 KB 369ms
341ms Fetch
text/javascript 2606:4700::6810:762b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/62ffe38de2e537008ecb115f/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:762b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

0314bb19ef663e3f568e11622f823e8969082550d1308e8e87728304eb8ab1f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/javascript
visited-url: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
Referer: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/
_vtok: MjE3LjExNC4yMTUuMTMx
_zitok: 0a9546a33b82187b26381716343979
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: https://www.securonix.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc: h3=":443"; ma=86400
cf-ray: 887948cfc9559f18-FRA

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/62ffe38de2e537008ecb115f/ Frame 0
0 205ms
169ms Preflight
text/html 2606:4700::6810:762b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/62ffe38de2e537008ecb115f/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:762b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://www.securonix.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://www.securonix.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 887948ce99673626-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 22 May 2024 02:12:59 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

OPTIONS
H3 200 forms
ws.zoominfo.com/formcomplete-v2/ Frame 0
0 168ms
168ms Preflight
text/html 2606:4700::6810:762b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:762b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://www.securonix.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin: https://www.securonix.com
allow: POST
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 887948cf19a93626-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 22 May 2024 02:12:59 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

POST
H3 200 forms Show response
ws.zoominfo.com/formcomplete-v2/ 319 B
650 B 170ms
170ms Fetch
application/json 2606:4700::6810:762b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:762b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

eddedbf5170a95203a77d7aef2efd409c274a7cfe553a63e615dbc0635483d1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: bearer f0ddbd6ba8265551bbe95c25bdf2a9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.securonix.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 02:12:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
x-powered-by: Express
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"13f-4tm/9Yuaax6k2Mh0WCn3oY2on08"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.securonix.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
cf-ray: 887948d029869f18-FRA

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 141ms
141ms Image
image/gif 2.17.147.176
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=6f4a3ad5-ad34-40e9-829d-10b92524cc94&session=14062262-e643-45b6-875d-fe89da23fc2d&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2022%20May%202024%2002%3A12%3A59%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2022%20May%202024%2002%3A12%3A58%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222015%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Securonix%20Threat%20Research%20team%20has%20discovered%20a%20new%20sophisticated%20infection%20chain%2C%20dubbed%20CLOUD%23REVERSER%2C%20which%20leverages%20popular%20cloud%20storage%20services%20like%20Google%20Drive%20and%20Dropbox%20to%20orchestrate%20the%20threat%20actor%E2%80%99s%20malicious%20operations.%20The%20usage%20of%20legitimate%20cloud-based%20storage%20was%20also%20a%20primary%20method%20of%20malware%20delivery%20during%20the%20DEEP%23GOSU%20campaign%20uncovered%20by%20the%20team%20earlier%20in%20the%20year.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20and%20Detection%20of%20CLOUD%23REVERSER%3A%20An%20Attack%20Involving%20Threat%20Actors%20Compromising%20Systems%20Using%20A%20Sophisticated%20Cloud-Based%20Malware%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware%2F&pageViewId=5b1e5fb7-fde0-4427-8174-f649792807c8&v=1.1.20

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-147-176.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 22 May 2024 02:12:59 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 22 May 2024 02:12:59 GMT

GET
BLOB 200
OK c762edfb-46fc-4ac6-ae45-ea1f0ca5ffed Show response
https://www.securonix.com/ 3 KB
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.securonix.com/c762edfb-46fc-4ac6-ae45-ea1f0ca5ffed
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0314bb19ef663e3f568e11622f823e8969082550d1308e8e87728304eb8ab1f4

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Length: 2932
Content-Type: text/javascript

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 141ms
141ms Image
image/gif 2.17.147.176
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=6f4a3ad5-ad34-40e9-829d-10b92524cc94&session=14062262-e643-45b6-875d-fe89da23fc2d&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2022%20May%202024%2002%3A13%3A00%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2022%20May%202024%2002%3A12%3A59%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%223015%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Securonix%20Threat%20Research%20team%20has%20discovered%20a%20new%20sophisticated%20infection%20chain%2C%20dubbed%20CLOUD%23REVERSER%2C%20which%20leverages%20popular%20cloud%20storage%20services%20like%20Google%20Drive%20and%20Dropbox%20to%20orchestrate%20the%20threat%20actor%E2%80%99s%20malicious%20operations.%20The%20usage%20of%20legitimate%20cloud-based%20storage%20was%20also%20a%20primary%20method%20of%20malware%20delivery%20during%20the%20DEEP%23GOSU%20campaign%20uncovered%20by%20the%20team%20earlier%20in%20the%20year.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20and%20Detection%20of%20CLOUD%23REVERSER%3A%20An%20Attack%20Involving%20Threat%20Actors%20Compromising%20Systems%20Using%20A%20Sophisticated%20Cloud-Based%20Malware%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware%2F&pageViewId=5b1e5fb7-fde0-4427-8174-f649792807c8&v=1.1.20

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-147-176.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 22 May 2024 02:13:00 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 22 May 2024 02:13:00 GMT

GET
H2 200 3.ee35dea2.chunk.js Show response
js.driftt.com/conductor/assets/ 158 B
852 B 28ms
28ms Script
application/javascript 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/conductor/assets/3.ee35dea2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1716344100000/r32rm8p2zmht.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

3005a54fc57fc2d8c70cc41e4ca7fcaaed7514b03f28581082c454e6a2d11f3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 23 Jul 2023 23:38:44 GMT
x-amz-version-id: pMohofQYEF1dohPHFcPmV3oeRzVr6CuK
via: 1.1 77d19519a1c9ed821ab469548b9d17f4.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: PRG50-C1
age: 26188456
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
content-length: 158
last-modified: Fri, 21 Jul 2023 20:53:14 GMT
server: istio-envoy
etag: "e6714addd36102488fb27a980401fd36"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: p62r4lc-EYBHclnlorSYGlowyo9Pmp0qn5CmJpCsTjbkHrgHeXr91g==

GET
H2 206 notification.5f7c6014.mp3
js.driftt.com/conductor/assets/media/ 8 KB
8 KB 31ms
31ms Media
audio/mpeg 65.9.95.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/conductor/assets/media/notification.5f7c6014.mp3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-107.prg50.r.cloudfront.net

Software

istio-envoy /

Resource Hash

bf06f41bb3a1429115fa2dcfbee9986234d6d319da3597648e4e980340d52027

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer: https://www.securonix.com/
Range: bytes=0-
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 29 Mar 2024 22:29:55 GMT
x-amz-version-id: XVyA998Fb6SmDI69fV3gXad20Jl2zLpD
via: 1.1 77d19519a1c9ed821ab469548b9d17f4.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: PRG50-C1
age: 4592585
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
Content-Range: bytes 0-7754/7755
x-envoy-upstream-service-time: 22
Content-Length: 7755
last-modified: Wed, 27 Mar 2024 18:18:18 GMT
server: istio-envoy
etag: "5f7c6014cf73831f91963a668b71fbb9"
access-control-allow-methods: GET, POST, OPTIONS
content-type: audio/mpeg
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: GeeTApk-y6Uh3sVbwOGbaHDMnqvlS9VI0rnM_xOKATTERBXxm3_FXg==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 142ms
142ms Image
image/gif 2.17.147.176
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=6f4a3ad5-ad34-40e9-829d-10b92524cc94&session=14062262-e643-45b6-875d-fe89da23fc2d&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2022%20May%202024%2002%3A13%3A01%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2022%20May%202024%2002%3A13%3A00%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224016%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Securonix%20Threat%20Research%20team%20has%20discovered%20a%20new%20sophisticated%20infection%20chain%2C%20dubbed%20CLOUD%23REVERSER%2C%20which%20leverages%20popular%20cloud%20storage%20services%20like%20Google%20Drive%20and%20Dropbox%20to%20orchestrate%20the%20threat%20actor%E2%80%99s%20malicious%20operations.%20The%20usage%20of%20legitimate%20cloud-based%20storage%20was%20also%20a%20primary%20method%20of%20malware%20delivery%20during%20the%20DEEP%23GOSU%20campaign%20uncovered%20by%20the%20team%20earlier%20in%20the%20year.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Analysis%20and%20Detection%20of%20CLOUD%23REVERSER%3A%20An%20Attack%20Involving%20Threat%20Actors%20Compromising%20Systems%20Using%20A%20Sophisticated%20Cloud-Based%20Malware%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fanalysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware%2F&pageViewId=5b1e5fb7-fde0-4427-8174-f649792807c8&v=1.1.20

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-147-176.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.securonix.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 22 May 2024 02:13:01 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 22 May 2024 02:13:01 GMT

Verdicts & Comments Add Verdict or Comment

113 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

24 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.securonix.com/	1970-01-20 20:45:45	Name: __cf_bm Value: t8BsdBpqgXIAB93CvvIZiZ.srwGpM3xIs0bIHecF1m8-1716343976-1.0.1.1-geBSo1OCNOirhpm_PtlpUOhg143DCQNi5P1MOcEs.vyHIVwWZhV07KgTIK6gMzYHe4V_VKH8JKKt57v2FIZuPw
.securonix.com/	1970-01-20 22:55:19	Name: _gcl_au Value: 1.1.626856821.1716343977
.securonix.com/	1970-01-21 06:21:43	Name: attr_first Value: %7B%22source%22%3A%22(direct)%22%2C%22medium%22%3A%22(none)%22%2C%22campaign%22%3A%22(not%20set)%22%2C%22term%22%3A%22(not%20set)%22%2C%22content%22%3A%22(not%20set)%22%2C%22source_platform%22%3A%22(not%20set)%22%2C%22marketing_tactic%22%3A%22(not%20set)%22%2C%22creative_format%22%3A%22(not%20set)%22%2C%22adgroup%22%3A%22(not%20set)%22%2C%22id%22%3A%22(not%20set)%22%7D
.securonix.com/	1970-01-20 20:45:45	Name: attr_last Value: %7B%22source%22%3A%22(direct)%22%2C%22medium%22%3A%22(none)%22%2C%22campaign%22%3A%22(not%20set)%22%2C%22term%22%3A%22(not%20set)%22%2C%22content%22%3A%22(not%20set)%22%2C%22source_platform%22%3A%22(not%20set)%22%2C%22marketing_tactic%22%3A%22(not%20set)%22%2C%22creative_format%22%3A%22(not%20set)%22%2C%22adgroup%22%3A%22(not%20set)%22%2C%22id%22%3A%22(not%20set)%22%7D
.securonix.com/	1970-01-21 06:21:43	Name: _ga Value: GA1.1.34590684.1716343977
.securonix.com/	1970-01-20 20:47:10	Name: _uetsid Value: ce63ce4017e011ef84ce7d9334453abe
.securonix.com/	1970-01-21 06:07:19	Name: _uetvid Value: ce63d4c017e011ef9f8a77295413df4b
www.securonix.com/	1970-01-21 06:21:43	Name: _gd_visitor Value: 6f4a3ad5-ad34-40e9-829d-10b92524cc94
www.securonix.com/	1970-01-20 20:45:58	Name: _gd_session Value: 14062262-e643-45b6-875d-fe89da23fc2d
.linkedin.com/	1970-01-20 22:55:19	Name: li_sugr Value: b80b6e45-5e12-46a5-a913-f3e66dacb93c
.bing.com/	1970-01-21 06:07:19	Name: MUID Value: 11B8DA7A385561C00591CEFD399560A5
.linkedin.com/	1970-01-20 20:47:10	Name: lidc Value: "b=OGST07:s=O:r=O:a=O:p=O:g=2861:u=1:x=1:i=1716343977:t=1716430377:v=2:sig=AQGscsOGt11d_uxbN9Eb0PqoZ8QZsta7"
.linkedin.com/	1970-01-20 21:28:55	Name: UserMatchHistory Value: AQIP-qjU6e6WRgAAAY-eErZYeOAV2Fv20psiy666D0A0Ka0ROvDTDbUfOudSFLswEje2_yMfR_UIJw
.linkedin.com/	1970-01-20 21:28:55	Name: AnalyticsSyncHistory Value: AQKIXhHsmG7WsgAAAY-eErZZb76cGzg1P2C5Sz2DOdoZLLGImjMmKqh_q401rMF8XPMJCbr6cmua1qndNbb8aw
.linkedin.com/	1970-01-21 05:31:19	Name: bcookie Value: "v=2&8d6cb986-c395-40d3-8ef0-59d9ab4110d8"
.www.linkedin.com/	1970-01-21 05:31:19	Name: bscookie Value: "v=1&2024052202125718896d0d-24da-4890-8e11-821ffe45a378AQEWDm-QZ43wYaaDwm1Pyz3JCKuZtKCD"
.linkedin.com/	1970-01-21 01:04:55	Name: li_gc Value: MTswOzE3MTYzNDM5Nzc7MjswMjEFYG9YkgFzy4x6SkmNz1gUbvm7KvmlDjy78I6ujmY3MQ==
www.securonix.com/	1970-01-20 20:45:45	Name: drift_campaign_refresh Value: ddf42309-212d-41d2-ba38-c151c40e8663
.www.securonix.com/	1970-01-21 05:31:19	Name: _zitok Value: 0a9546a33b82187b26381716343979
www.securonix.com/	1970-01-21 06:21:43	Name: drift_aid Value: d856b1f1-1b03-49fe-a95f-70cf96048025
www.securonix.com/	1970-01-21 06:21:43	Name: driftt_aid Value: d856b1f1-1b03-49fe-a95f-70cf96048025
.zoominfo.com/	1970-01-20 20:45:45	Name: __cf_bm Value: Vq26QU6bhjD3ye1Z5TZ8XKlxFKY8Mth3XIaOAxj0Ynw-1716343979-1.0.1.1-LtSd4joUNpExpuTu49tpdV8Ul55tKgHnqo_3P15nzgpegSJMWmJCSqItPoZvfsKn_eJ96uAcj5FVixGArXtcVQ
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: 1R0GflUzvo4wCdmjjp1Rahup5bneVDmcWZ.JltODXFE-1716343979324-0.0.1.1-604800000
.securonix.com/	1970-01-21 06:21:43	Name: _ga_JPYDLXGD3Q Value: GS1.1.1716343977.1.0.1716343980.57.0.0

46 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.securonix.com/wp-content/themes/punch/js/library.js?ver=6.5.3 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.securonix.com/wp-content/themes/punch/styles/css/style.css?ver=6.5.3 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.securonix.com/wp-content/themes/punch/js/bootstrap.min.js?ver=3.3.2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.securonix.com/wp-content/themes/punch/styles/css/bootstrap.min.css?ver=3.3.2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.securonix.com/wp-content/themes/punch/js/global.js?ver=6.5.3 Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://js.driftt.com/include/1716344100000/r32rm8p2zmht.js Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.securonix.com/blog/analysis-and-detection-of-cloudreverser-an-attack-involving-threat-actors-compromising-systems-using-a-sophisticated-cloud-based-malware/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
b.6sc.co
bat.bing.com
c.6sc.co
cdn.jsdelivr.net
cdnjs.cloudflare.com
d.adroll.com
embed.formhq.net
epsilon.6sense.com
fonts.googleapis.com
fonts.gstatic.com
ipv6.6sc.co
j.6sc.co
js.driftt.com
js.zi-scripts.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
s.adroll.com
snap.licdn.com
static.addtoany.com
stats.g.doubleclick.net
unpkg.com
ws-assets.zoominfo.com
ws.zoominfo.com
www.google.de
www.googletagmanager.com
www.linkedin.com
www.securonix.com
104.18.37.212
13.107.42.14
141.193.213.20
2.17.147.176
2001:4860:4802:34::36
2600:9000:2127:d600:6:9280:1080:93a1
2606:4700:10::6816:46c5
2606:4700:10::6816:47c5
2606:4700:3108::ac42:283b
2606:4700::6810:762b
2606:4700::6811:180e
2606:4700::6811:f7cb
2620:1ec:21::14
2620:1ec:c11::237
2a00:1450:4001:80e::200a
2a00:1450:4001:810::200a
2a00:1450:4001:81d::2003
2a00:1450:4001:827::2003
2a00:1450:4001:82f::2008
2a00:1450:400c:c0c::9b
2a02:26f0:3500:16::215:149b
2a02:26f0:ab00::214:8e41
2a04:4e42::485
2a05:d018:cc3:fe04:b66c:5c27:5eeb:63c9
65.9.95.107
76.223.9.105
0230904fa157dff50d8ecc1a80a203635fa812479f4432a69c3779986ab560e6
0314bb19ef663e3f568e11622f823e8969082550d1308e8e87728304eb8ab1f4
08414f9cb992a59955b46083d8f93797b1e729123fe737434d3fe1a53c6e6580
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
09ba5df6e121c4577cac7addaca7ab9f189e8c1afd745652396b05f8e45baf0a
09bfea7e712355726b2d97bf0a13a80f8f8e5e5834a13d666d1cea2bd3ab31a9
195ead3f2c695bbc2891e27e0f4fb3d31f08097370ed4fc66abfe75b07fc238b
27e54854af25b175f482f4acc3c32a5dfd363ae62292e66b9212764d323af2db
2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4
2bf92d09ea70e1745242a22e86adb8088bc17c61a744c2f3d984601f6bd4e423
2ca9f20823ffa1266144cc2c6af10f9fe097305ace8fb845dd48ee045e81b235
3003867b66a32c12fdafeefc27cf06d906e5a99ba275550ab757f4bb04834636
3005a54fc57fc2d8c70cc41e4ca7fcaaed7514b03f28581082c454e6a2d11f3b
3d086eb4e753d9937b5a54ec517bc5e2a13f320121a35834e8d00354a991bdc9
3dab93242ee573bbcfc22c9d15acd47794e500ed44e6bd48a35400b39d65aa43
3ec093226dbb4c5f2767562378e80a955db377003a72f5ff70cd65040983090f
3fcc408630bdf993595abbcc2a7ace8a55058dd7a3107236a68cd76a690e1ae9
435c1051149272e940e0bfbda1b4e09662f4408e658aa0ee899177819c9b8008
445e8d306421fb1863eb8507312d7a20787cc4d0020347ace7adc0abdb52d15c
4b475960843a5619b907af1f0a89e3136bd5e6a4a700ec78cb417f302647cf49
4ba0dc4a2c348e233bb9d06d948ac25172b3dafbe04aac1692e925742fcf095a
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
515af980f6f9699ff77fa791ebab1eb62c21a31e37ed0acb10fc5da61e131824
54034a97c2cd2fd617136446cef1993cfef5937fe2896ee7e4bd569cd18c94e5
548e07a84aaf92271f7632e58401a21ded0e9df8a25c07e50254d7e6c48da51e
55a87f3988c2d2dc254d7fcf23779d87635baace698dda2ff0c1472a37a04599
585855ece0f56ae59cf584f5068fc0b2f0742d9e55d6b1ef79b6e54916afbe5e
5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c
5bdcc9e3e427ad3a787ec7efe46d8c305e880eb44402c0000ff52f17ef6b0cdb
5ebb2ce2e9e5c77cc2c4081b2d88c1f10d471b0f9b440e672465d276f507273a
6912f7388531e949bd5406b5668cd6b55fea4cc7e2d123dbaed489054dd98438
698c32ec06fb424309d16f308661ac1fccad457ee9ae20657c32e1c164d4bea3
6dceecf8eaa03968e40b767206be8a36a13d7444557fced227454ae4f100e5c9
6e0cc78c402cbc02fdfd41cd77c5fd6ffbd8066cc07935ea8eb5f3fcc59744a3
6e67d703e0c13b20be535d048fac3610238856ddda14cfb9cb5aa8c4a77486b1
7005419bf0746448cdd34e001e2d0893da52625b926233ae7f085002c05f2bd0
72d9d32e497540a227247b9a64fd1a86c023db9eb731146ff5884aa83b2ce453
80b41604ed76eb37787a40ba315a3af3a5c83b3bce68e39037deb9202582abc8
810fa2a3b55e453ecd985550d03ec94f57c492a7052f8f271e58110e8dd720eb
814189be4de21d42597f62ffcc0ee1d28b6326d795bbad2e922952cad4dabab1
815efed52d302d63cc90dd4c2984f2bcddd384161193043c6baa1f35a4b82d39
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
8737f50e2aa546ff4baeb4492fdd334a75dfc93e292aba2ab7a45a8c3a73e4c4
8776d481e57e6ce40e31e96d1bcd9586147bfe699a554e9a679e62923fd47be6
87eee01d7725fdd4e4f8194269b3b91105aff6dff516e38aeb8f9c5aecd07a28
899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9
8c10bfd761676feda6e280e0d31794b1a8d21279f437ddb817a708d6fe0b72db
8d96ba030f3d3780ac143e918ba6ee787eaf4f796934f4d3343924583fbd92d7
907f4395f54e25a1da1181672f1a498e98b26f7bfc6dcb6c209a737472451e49
91b9b24f0aa59668e4d0a770ee7a294b9baa361a76a20ade8128cd0482a5d805
949a10582dea1073092dd7ee85f845045c8187177d8ef43f4598a5ba4068127b
9a7616157191cea33870e61c8f37b9842c4a63088c5821eeee34e570679e904f
9c7c9d975f6f8560b3bb76c3c4e9d840ac386875245819d85d4a45351a3aa203
a0fcd5fbef48c9194895bf43033a7710672ad97e5a605647e8563d0d9fa973c2
a55a1504046635db1567af44c96b2a820151041a3d384726e32dad566684d899
b4f7f29dea11a601a63e5709cc8f081aa4a481d75d8624b231db216473b144ab
b5ef7dd34cf17eb441a01a651d089e520dff86ae2337ff95ee079f46a394880a
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355
bf06f41bb3a1429115fa2dcfbee9986234d6d319da3597648e4e980340d52027
c19e3e4151ea4933fa9ba9703c51fe20ad469237771214b1c5001d1b107ddef5
c3ea3a972768896d2a84d6eb36d3f5919478ad9c091477c22a5362eb6d53aee4
ce5dbb2cdb85126fdc9d774971a56f8848dbee977a382bd512a5f8b49ea8c727
d381f3799814c3df53d341b475363a0c9116fb644fdd96b953d93950a6c1155b
d432ad1988efa5b258294f52dae3d1b4c10660aec15e49017e21a1ee74bfd453
d7495655518a178afcfca8f950660f990e6169eb01960dd2bc8c9a19fd533557
d8253130dac9e743c75b51d4886cd86c06a18b8f4b4a2801b9cf20a216fec931
db9cabe6e8551c5651bf9b62603f3e6c536b95a2b86a99c2eac9ba1b3ab35215
dc93c5b3243e66c7b2e27c51b76fa6a11bd7a6d7546c5fa26bbffa001f885305
dca84be2a8ca915e8c51d04e316d25f8a7d49374c6b22a688ceb7eb05e457920
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e26044e4f60fab991ddde9378091a990f77cad49dadf8d6b4bd96c632428546c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e85eb9077e02db39d520e42745a7bb4b20306402bc28f974656e5a37bfa08a5b
ed7d5f0f1cdd3cef6ce4dc63316939d611132b88170aecc005c9959b7aac3498
eddedbf5170a95203a77d7aef2efd409c274a7cfe553a63e615dbc0635483d1d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f22d7123257bc9de7677f0bf8a8f87809854b51b23385428d7be1679f2330cdc
f2b665f6f976d349e0cf57ccc337acb60f8070c6c752e60c26dc01d4993b4709
fd963f519fc61abe81b72d433e0fbba40d85650d2fe3f880096964bc3ff30b2d
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.securonix.com Open in urlscan Pro 141.193.213.20 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

106 Requests

95 %HTTPS

77 %IPv6

21 Domains

29 Subdomains

27 IPs

6 Countries

11601 kBTransfer

13337 kBSize

24 Cookies

11 Outgoing links

Redirected requests

106 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.securonix.com Open in urlscan Pro
141.193.213.20 Public Scan

Screenshot
Live screenshot

Full Image

106
Requests

95 %
HTTPS

77 %
IPv6

21
Domains

29
Subdomains

27
IPs

6
Countries

11601 kB
Transfer

13337 kB
Size

24
Cookies

106 HTTP transactions
1 data transactions