www.trellix.com Open in urlscan Pro
2a02:26f0:1700:5::5f65:1b4d Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
Submission: On February 02 via api (February 2nd 2022, 11:13:25 am UTC) from US — Scanned from DE

Summary HTTP 97 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 30 IPs in 6 countries across 21 domains to perform 97 HTTP transactions. The main IP is 2a02:26f0:1700:5::5f65:1b4d, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is www.trellix.com.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on January 10th 2022. Valid for: a year.

This is the only time www.trellix.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
55	2a02:26f0:170... 2a02:26f0:1700:5::5f65:1b4d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	99.86.3.13 99.86.3.13	16509 (AMAZON-02) (AMAZON-02)
5	2a02:26f0:6c0... 2a02:26f0:6c00:2a6::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2600:9000:206... 2600:9000:206f:6e00:c:abe:f440:93a1	16509 (AMAZON-02) (AMAZON-02)
1	18.198.109.212 18.198.109.212	16509 (AMAZON-02) (AMAZON-02)
2	52.17.105.123 52.17.105.123	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
1	54.216.106.103 54.216.106.103	16509 (AMAZON-02) (AMAZON-02)
2	15.188.95.229 15.188.95.229	16509 (AMAZON-02) (AMAZON-02)
1 1	54.75.68.230 54.75.68.230	16509 (AMAZON-02) (AMAZON-02)
1	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
1	54.155.191.195 54.155.191.195	16509 (AMAZON-02) (AMAZON-02)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
1	65.9.65.116 65.9.65.116	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
1	2606:4700::68... 2606:4700::6812:15c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	104.111.233.140 104.111.233.140	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	185.33.221.11 185.33.221.11	29990 (ASN-APPNEX) (ASN-APPNEX)
1	206.19.49.24 206.19.49.24	17225 (ATT-CERFN...) (ATT-CERFNET-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1	2a03:5f80:a::... 2a03:5f80:a::b212:e7c0	50952 (DATAIX-AS...) (DATAIX-AS Peering Ltd.)
1	65.9.63.33 65.9.63.33	16509 (AMAZON-02) (AMAZON-02)
1	99.86.3.36 99.86.3.36	16509 (AMAZON-02) (AMAZON-02)
1	108.157.4.7 108.157.4.7	16509 (AMAZON-02) (AMAZON-02)
1	18.203.176.110 18.203.176.110	16509 (AMAZON-02) (AMAZON-02)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
97	30

55 2a02:26f0:1700:5::5f65:1b4d (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

www.trellix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.3.13 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-3-13.fra6.r.cloudfront.net

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:6c00:2a6::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:6e00:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.198.109.212 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-109-212.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.17.105.123 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-105-123.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.216.106.103 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-216-106-103.eu-west-1.compute.amazonaws.com

musarubra.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.188.95.229 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

smetrics.trellix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.75.68.230 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-75-68-230.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.155.191.195 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-155-191-195.eu-west-1.compute.amazonaws.com

trellix.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.65.116 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-65-116.fra56.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:15c (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.111.233.140 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-233-140.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.221.11 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 206.19.49.24 (United States)

ASN17225 (ATT-CERFNET-BLOCK, US)

apt.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:5f80:a::b212:e7c0 (Russian Federation)

ASN50952 (DATAIX-AS Peering Ltd., RU)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.63.33 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-63-33.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.3.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-3-36.fra6.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.4.7 (United States)

ASN16509 (AMAZON-02, US)

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.203.176.110 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-203-176-110.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
57	trellix.com www.trellix.com smetrics.trellix.com	7 MB
8	6sc.co j.6sc.co — Cisco Umbrella Rank: 9102 c.6sc.co — Cisco Umbrella Rank: 13654 b.6sc.co — Cisco Umbrella Rank: 6546	14 KB
5	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 497	115 KB
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 546 www.linkedin.com — Cisco Umbrella Rank: 647 px4.ads.linkedin.com — Cisco Umbrella Rank: 5501	3 KB
4	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 644 script.hotjar.com — Cisco Umbrella Rank: 919 vars.hotjar.com — Cisco Umbrella Rank: 1012 in.hotjar.com — Cisco Umbrella Rank: 1810	65 KB
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 205 musarubra.demdex.net	5 KB
3	sharethis.com platform-api.sharethis.com — Cisco Umbrella Rank: 5341 buttons-config.sharethis.com — Cisco Umbrella Rank: 6303 l.sharethis.com — Cisco Umbrella Rank: 4910	43 KB
2	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 15094 apt.techtarget.com — Cisco Umbrella Rank: 23929	2 KB
2	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 1531 insight.adsrvr.org — Cisco Umbrella Rank: 624	5 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 78	74 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1098	2 KB
1	google.de www.google.de — Cisco Umbrella Rank: 5557	548 B
1	google.com www.google.com — Cisco Umbrella Rank: 13	548 B
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 404	693 B
1	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 46	2 KB
1	t.co t.co — Cisco Umbrella Rank: 487	336 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 537	459 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 630	6 KB
1	omtrdc.net trellix.tt.omtrdc.net	586 B
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 106	15 KB
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 992	517 B
97	21

	Domain	Requested by
55	www.trellix.com	www.trellix.com
6	b.6sc.co	www.trellix.com
5	assets.adobedtm.com	www.trellix.com
2	px.ads.linkedin.com	2 redirects
2	smetrics.trellix.com	www.trellix.com
2	www.googletagmanager.com	assets.adobedtm.com
2	dpm.demdex.net	www.trellix.com
1	px4.ads.linkedin.com
1	www.linkedin.com	1 redirects
1	in.hotjar.com	www.trellix.com
1	vars.hotjar.com	www.trellix.com
1	script.hotjar.com	www.trellix.com
1	static.hotjar.com	www.trellix.com
1	snap.licdn.com	www.trellix.com
1	insight.adsrvr.org	www.trellix.com
1	www.google.de	www.trellix.com
1	www.google.com	www.trellix.com
1	apt.techtarget.com	www.trellix.com
1	c.6sc.co	www.trellix.com
1	secure.adnxs.com	www.trellix.com
1	googleads.g.doubleclick.net	www.trellix.com
1	j.6sc.co	www.trellix.com
1	trk.techtarget.com	www.trellix.com
1	t.co	www.trellix.com
1	analytics.twitter.com	www.trellix.com
1	js.adsrvr.org	assets.adobedtm.com
1	static.ads-twitter.com	www.trellix.com
1	trellix.tt.omtrdc.net	www.trellix.com
1	www.googleadservices.com	www.googletagmanager.com
1	cm.everesttech.net	1 redirects
1	musarubra.demdex.net	www.trellix.com
1	l.sharethis.com	platform-api.sharethis.com
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	platform-api.sharethis.com	www.trellix.com
97	34

This site contains links to these domains. Also see Links.

Domain
careers.trellix.com
players.brightcove.net
www.cisa.gov
www.mcafee.com
www.helpnetsecurity.com
twitter.com
linkedin.com

Subject Issuer	Validity	Valid
www.trellix.com Sectigo RSA Organization Validation Secure Server CA	`2022-01-10` - `2023-01-10`	a year	crt.sh
sharethis.com Amazon	`2021-07-19` - `2022-08-17`	a year	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-10` - `2022-09-10`	a year	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
smetrics.trellix.com DigiCert TLS RSA SHA256 2020 CA1	`2021-12-28` - `2023-01-03`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-11` - `2022-10-12`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-06` - `2023-01-05`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2022-01-06` - `2023-01-05`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-08-25` - `2022-08-24`	a year	crt.sh
*.6sc.co DigiCert SHA2 Secure Server CA	`2021-03-09` - `2022-03-16`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-01-10` - `2022-04-04`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-13` - `2022-11-12`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-01-10` - `2022-04-04`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-07-15` - `2022-07-20`	a year	crt.sh
*.hotjar.com Amazon	`2021-11-25` - `2022-12-23`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
Frame ID: F1AF2CE12A895A28094B4ED045F9EE77
Requests: 95 HTTP requests in this frame

Frame: https://musarubra.demdex.net/dest5.html?d_nsid=0
Frame ID: 1520D24D7246CC36AAF44F5C661C044B
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=vac9s1e&ref=https%3A%2F%2Fwww.trellix.com%2Fen-us%2Fabout%2Fnewsroom%2Fstories%2Fthreat-labs%2Freturn-of-pseudo-ransomware.html&upid=54v6z2b&upv=1.1.0
Frame ID: 2AD57C0488EDE39F3C55E227D24682C4
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-a1ae2079824d1c48aa9ce06efb256f18.html
Frame ID: 54BD8749D2151BACB846D994FFB99626
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Return of Pseudo Ransomware

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc\.clientlibs/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Akamai Bot Manager (Security) Expand

Overall confidence: 100%
Detected patterns

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

97
Requests

98 %
HTTPS

32 %
IPv6

21
Domains

34
Subdomains

30
IPs

6
Countries

7191 kB
Transfer

8942 kB
Size

42
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://careers.trellix.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://players.brightcove.net/21712694001/default_default/index.html?videoId=6289338885001

Search URL Search Domain Scan URL

URL: https://www.cisa.gov/sites/default/files/publications/CISA_Insights-Implement_Cybersecurity_Measures_Now_to_Protect_Against_Critical_Threats_508C.pdf
Title: Additional details

Search URL Search Domain Scan URL

URL: https://www.mcafee.com/enterprise/en-us/lp/insights-preview.html
Title: Insights Preview

Search URL Search Domain Scan URL

URL: https://www.helpnetsecurity.com/2017/08/14/pseudo-ransomware/
Title: https://www.helpnetsecurity.com/2017/08/14/pseudo-ransomware/

Search URL Search Domain Scan URL

URL: https://twitter.com/trellix

Search URL Search Domain Scan URL

URL: https://linkedin.com/company/trellixsecurity

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 65

https://cm.everesttech.net/cm/dd?d_uuid=80847002194343550620605344957769845788 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YfpnTwAAAGXChQQf

Request Chain 91

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3647850&time=1643800400956&url=https%3A%2F%2Fwww.trellix.com%2Fen-us%2Fabout%2Fnewsroom%2Fstories%2Fthreat-labs%2Freturn-of-pseudo-ransomware.html HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3647850%26time%3D1643800400956%26url%3Dhttps%253A%252F%252Fwww.trellix.com%252Fen-us%252Fabout%252Fnewsroom%252Fstories%252Fthreat-labs%252Freturn-of-pseudo-ransomware.html%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3647850&time=1643800400956&url=https%3A%2F%2Fwww.trellix.com%2Fen-us%2Fabout%2Fnewsroom%2Fstories%2Fthreat-labs%2Freturn-of-pseudo-ransomware.html&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3647850&time=1643800400956&url=https%3A%2F%2Fwww.trellix.com%2Fen-us%2Fabout%2Fnewsroom%2Fstories%2Fthreat-labs%2Freturn-of-pseudo-ransomware.html&liSync=true&e_ipv6=AQIaKvBDCsEnPwAAAX66I5Xki8rb-xDZKU-8Ji1np-cJzR2wn0mgxee9Zl_DhPL7BLsEiOv3

97 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request return-of-pseudo-ransomware.html Show response
www.trellix.com/en-us/about/newsroom/stories/threat-labs/ 130 KB
26 KB 405ms
359ms Document
text/html 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f94bf2416f8c8573d0c71791b001c1900bb07f14f3a2e7f42df96e639379feed

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

x-frame-options: SAMEORIGIN
expires: Thu, 01 Jan 1970 00:00:00 GMT
x-content-type-options: nosniff
last-modified: Wed, 02 Feb 2022 11:02:50 GMT
etag: "209b3-5d706f566d237-gzip"
accept-ranges: bytes
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
cache-control: max-age=14400, s-maxage=14400
content-type: text/html;charset=utf-8
content-length: 25852
date: Wed, 02 Feb 2022 11:13:18 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15768000

GET
H2 200 AventaVF.woff2
www.trellix.com/www/fonts/ 163 KB
164 KB 70ms
69ms Font
application/octet-stream 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/fonts/AventaVF.woff2

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f8bef3d58d7368bbcd6b5534416a4e91a337ade8b321f4d4a2411b75f47dff5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
Origin: https://www.trellix.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 24 Jan 2022 18:31:52 GMT
etag: "28dc4-5d6582eab5600"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=14400
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 newco.css
www.trellix.com/www/css/ 757 KB
79 KB 51ms
51ms Stylesheet
text/css 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/css/newco.css

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f981b0639692ee0779fa238d5d17c54090de67c5e1d52b52580ee14596a4c9d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
vary: Accept-Encoding
content-length: 79936
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 27 Jan 2022 22:18:39 GMT
x-frame-options: SAMEORIGIN
etag: "bd210-5d697b33bcdc0-gzip"
strict-transport-security: max-age=15768000
content-type: text/css
cache-control: max-age=14400, s-maxage=14400
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 common.css
www.trellix.com/www/css/ 12 KB
3 KB 69ms
69ms Stylesheet
text/css 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/css/common.css

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

39e7c6d0418b67b9ec2db552b4188d9a9e3659f53f2a670d39499fdec420dcee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
vary: Accept-Encoding
content-length: 2386
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 28 Jan 2022 16:44:21 GMT
x-frame-options: SAMEORIGIN
etag: "2f25-5d6a725866340-gzip"
strict-transport-security: max-age=15768000
content-type: text/css
cache-control: max-age=14400, s-maxage=14400
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 184 KB
41 KB 38ms
9ms Script
text/javascript 99.86.3.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform-api.sharethis.com/js/sharethis.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.3.13 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-3-13.fra6.r.cloudfront.net

Software

Resource Hash

444ee2a405e57ede9ef10e17bb58c0351c39e9d21203f242b55a77fd07d30784

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:04:20 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 539
etag: W/"2df1b-sQ5Sn/JpfKxrQLYebTQ3d0yXV0s"
x-frame-options: SAMEORIGIN
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
edge-control: cache-maxage=60m,downstream-ttl=60m
cache-control: max-age=600, public
x-amz-cf-pop: FRA6-C1
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-id: XjG0l903GJLI2IJnr-UoZUNAk8Ps9ZxNniE6ZFPArFQFLRlbYae1pg==

GET
H2 200 Trellix-Logo-Black.svg
www.trellix.com/mainsite/en-us/assets/logos/ 2 KB
1 KB 75ms
74ms Image
image/svg+xml 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/mainsite/en-us/assets/logos/Trellix-Logo-Black.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2239edeeb8a94c8191338bf6f802631dec9bcd70e212378fc1854b24a849b364

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
vary: Accept-Encoding
content-length: 1010
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 25 Jan 2022 16:04:36 GMT
x-frame-options: SAMEORIGIN
etag: "900-5d66a3dd80d00"
strict-transport-security: max-age=15768000
content-type: image/svg+xml
cache-control: max-age=14400, s-maxage=14400
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 trellix-intro-video.png
www.trellix.com/mainsite/en-us/img/v1/ 75 KB
75 KB 85ms
84ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/mainsite/en-us/img/v1/trellix-intro-video.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

0fbb53e19fc6f64f284286f2000be80e1a9b52cd49c0e32de1f35e1cfdedf021

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 01 Jan 2022 23:14:41 GMT
etag: "12a93-5d48d73c01a40"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=14400
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 76435
x-content-type-options: nosniff

GET
H2 200 xdr-solution-brief-mm.jpg
www.trellix.com/mainsite/en-us/img/v1/ 7 KB
7 KB 95ms
94ms Image
image/jpeg 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/mainsite/en-us/img/v1/xdr-solution-brief-mm.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

90427f10877943d701281b52540cc2062f7fb976164767e7da870c7296907da9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 12 Jan 2022 19:38:45 GMT
etag: "1c60-5d567b7c45b40"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=300
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 7264
x-content-type-options: nosniff

GET
H2 200 gartner-endpoint-mm.png
www.trellix.com/mainsite/en-us/img/v1/ 11 KB
11 KB 105ms
104ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/mainsite/en-us/img/v1/gartner-endpoint-mm.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

05673856d8d42857c6bb39a224b421a5a87bf30f0847c61be98d7e6896596c47

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 10 Jan 2022 02:09:51 GMT
etag: "2a68-5d530d4ecf9c0"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=300
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 10856
x-content-type-options: nosniff

GET
H2 200 gartner-xdr-mm.png
www.trellix.com/mainsite/en-us/img/v1/ 27 KB
27 KB 111ms
110ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/mainsite/en-us/img/v1/gartner-xdr-mm.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

0de0a35169f0d49cb351ea957b067cce354ab02db8fbd0e5f5b346f0bdd77399

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 10 Jan 2022 02:09:52 GMT
etag: "6bff-5d530d4fc3c00"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=14400
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 27647
x-content-type-options: nosniff

GET
H2 200 pm-office-compromised-flags-mm.jpg
www.trellix.com/mainsite/en-us/img/v1/ 39 KB
40 KB 119ms
118ms Image
image/jpeg 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/mainsite/en-us/img/v1/pm-office-compromised-flags-mm.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

0c48b97ea7de6f05cb50a9e8a18bca81056fb33a1dba1df9b0c4ebec8e215f32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 29 Jan 2022 18:54:02 GMT
etag: "9cf6-5d6bd13266680"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=14400
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 40182
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 threat-report-mm.jpg
www.trellix.com/mainsite/en-us/img/v1/ 53 KB
53 KB 127ms
126ms Image
image/jpeg 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/mainsite/en-us/img/v1/threat-report-mm.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

28c0bfa29e97bf0a82df233f77390ae5f3dd316778fe8aa4efb2ea5c152b839e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 28 Jan 2022 17:28:54 GMT
etag: "d30f-5d6a7c4d92180"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=14400
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 54031
x-content-type-options: nosniff

GET
H2 200 cybersecurity-leaders-mm.jpg
www.trellix.com/mainsite/en-us/img/v1/ 8 KB
8 KB 132ms
131ms Image
image/jpeg 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/mainsite/en-us/img/v1/cybersecurity-leaders-mm.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

52cdb1da8ce1835c29bfa65c3685242e84b8d14aae302ef0eadc597fa001f969

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 19 Jan 2022 03:15:59 GMT
etag: "2035-5d5e6ce0239c0"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=14400
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 8245
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 trellix-ceo-threat-center.jpg
www.trellix.com/mainsite/en-us/img/v1/ 9 KB
10 KB 138ms
138ms Image
image/jpeg 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/mainsite/en-us/img/v1/trellix-ceo-threat-center.jpg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b157aae48cab2a8ed6132118ba991b3dc9d718817a8ee059ee52c64f7b3c0b77

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Jan 2022 17:30:21 GMT
etag: "25ac-5d606db4da540"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=300
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 9644
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 pseudo-ransomware1.png
www.trellix.com/en-us/img/newsroom/stories/ 300 KB
301 KB 213ms
212ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/pseudo-ransomware1.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

87a11e7ce7545ecc39952be578848a7bf04e06a2f0310e6e824f8bca093898b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Jan 2022 17:53:49 GMT
etag: "4b12c-5d6072f3a0540"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=300
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 307500
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 pseudo-ransomware2.png
www.trellix.com/en-us/img/newsroom/stories/ 117 KB
118 KB 279ms
278ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/pseudo-ransomware2.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

a95a5156d53768d7db661e92a3404922254f3f4e37cffed72d2292e42e5e81ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Jan 2022 17:53:50 GMT
etag: "1d3da-5d6072f494780"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=300
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 119770
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 pseudo-ransomware3.png
www.trellix.com/en-us/img/newsroom/stories/ 99 KB
100 KB 248ms
247ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/pseudo-ransomware3.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

dca70f0fb432517e9f73304a8078de2881b7f6d8226faf677a9d65fef67f0f9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Jan 2022 17:53:50 GMT
etag: "18d18-5d6072f494780"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=300
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 101656
x-content-type-options: nosniff

GET
H2 200 pseudo-ransomware4.png
www.trellix.com/en-us/img/newsroom/stories/ 78 KB
79 KB 257ms
256ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/pseudo-ransomware4.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

03e98e929775ca7f60f388e81c24b293e2b38d69987932855751ecdfcc10c593

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Jan 2022 17:53:51 GMT
etag: "13879-5d6072f5889c0"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=300
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 79993
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 pseudo-ransomware5.png
www.trellix.com/en-us/img/newsroom/stories/ 50 KB
50 KB 242ms
241ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/pseudo-ransomware5.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

cbc136cefe06e55ff289e26c4cd273541c412add9a3bcf0c878cf10cd44ac5c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Jan 2022 17:53:53 GMT
etag: "c726-5d6072f770e40"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=300
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 50982
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 pseudo-ransomware6.png
www.trellix.com/en-us/img/newsroom/stories/ 7 KB
7 KB 257ms
256ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/pseudo-ransomware6.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

a0a42a556ea45270f595027e20e349636a54f18d3d3fd5381fc7ab90234a94bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Jan 2022 17:53:54 GMT
etag: "1b3b-5d6072f865080"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=300
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 6971
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 pseudo-ransomware7.png
www.trellix.com/en-us/img/newsroom/stories/ 19 KB
19 KB 257ms
256ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/pseudo-ransomware7.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

0c220125717d4ef73c46cef1bff79bd791924941ac5d795bee6099c573959f3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Jan 2022 17:53:56 GMT
etag: "4bb4-5d6072fa4d500"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=300
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 19380
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 pseudo-ransomware8.png
www.trellix.com/en-us/img/newsroom/stories/ 24 KB
24 KB 257ms
256ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/pseudo-ransomware8.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

801a9452cf1e060a276493cc6c00fd46fce6590c14b67449e9e6b242ec113ae8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Jan 2022 17:53:56 GMT
etag: "5f8a-5d6072fa4d500"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=300
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 24458
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 pseudo-ransomware9.png
www.trellix.com/en-us/img/newsroom/stories/ 12 KB
13 KB 257ms
256ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/pseudo-ransomware9.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fe2c488c67c064e3682dd98ef947306f8ca7935a896bd9c8e517ca01ebe845bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Jan 2022 17:53:56 GMT
etag: "31c6-5d6072fa4d500"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=300
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 12742
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 pseudo-ransomware10.png
www.trellix.com/en-us/img/newsroom/stories/ 34 KB
34 KB 257ms
256ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/pseudo-ransomware10.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2138e90ee50ebc41b8b24e6b483b80b0582c1a4672d3ad77a3b0dbc81860a79f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Jan 2022 17:53:57 GMT
etag: "8832-5d6072fb41740"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=300
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 34866
x-content-type-options: nosniff

GET
H2 200 pseudo-ransomware11.png
www.trellix.com/en-us/img/newsroom/stories/ 121 KB
121 KB 286ms
284ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/pseudo-ransomware11.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

d7dc8919daec70c90e30aa7ed8f7d9fba7148afbe1535da59075b2e1386c0f36

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Jan 2022 17:53:57 GMT
etag: "1e383-5d6072fb41740"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=300
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 123779
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 pseudo-ransomware12.png
www.trellix.com/en-us/img/newsroom/stories/ 545 KB
547 KB 257ms
256ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/pseudo-ransomware12.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e2b946c5d7e3c22f2509a7a162c03ad808752494ba6780e5afe85f3c0007b27a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Jan 2022 17:53:58 GMT
etag: "88447-5d6072fc35980"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=300
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 558151
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 pseudo-ransomware13.png
www.trellix.com/en-us/img/newsroom/stories/ 89 KB
90 KB 296ms
295ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/pseudo-ransomware13.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

5c64d87bdfa4f312d2f38d764e2e36d4614b6d49a28d7249d2e4ce2f7b96e7fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Jan 2022 17:54:00 GMT
etag: "165cc-5d6072fe1de00"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=300
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 91596
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 pseudo-ransomware14.png
www.trellix.com/en-us/img/newsroom/stories/ 1 MB
1 MB 297ms
295ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/pseudo-ransomware14.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

867f4b35f1fce0321c9b038a4616c87bd379cb0837f05bad34b117d94719b175

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Jan 2022 17:54:01 GMT
etag: "1774a5-5d6072ff12040"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=300
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 1537189
x-content-type-options: nosniff

GET
H2 200 pseudo-ransomware15.png
www.trellix.com/en-us/img/newsroom/stories/ 91 KB
91 KB 277ms
275ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/pseudo-ransomware15.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e4ce5189c6822581cb8c58af81c6842be4ea266ce0d90780909a19dcaa4204ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Jan 2022 17:53:48 GMT
etag: "16ac5-5d6072f2ac300"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=300
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 92869
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 clientlibs.css
www.trellix.com/etc.clientlibs/corpcom/components/content/recentblogs/ 168 B
418 B 200ms
199ms Stylesheet
text/css 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/etc.clientlibs/corpcom/components/content/recentblogs/clientlibs.css

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b8f57d7e6153c9c997c8a53bea361ae6f452c07187bbd8813cf859dff4ce167a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 11 Jan 2022 10:19:34 GMT
etag: "a8-5d54bca215980-gzip"
x-frame-options: SAMEORIGIN
content-type: text/css;charset=utf-8
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=14400
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 113
x-content-type-options: nosniff

GET
H2 200 clientlib-jquery.js Show response
www.trellix.com/etc.clientlibs/corpcom/clientlibs/ 87 KB
31 KB 208ms
207ms Script
application/javascript 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/clientlib-jquery.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
vary: Accept-Encoding
content-length: 30902
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 13 Jan 2022 09:13:40 GMT
x-frame-options: SAMEORIGIN
etag: "15d9d-5d5731a22d900-gzip"
strict-transport-security: max-age=15768000
content-type: application/javascript;charset=utf-8
cache-control: max-age=14400, s-maxage=14400
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 clientlibs.js Show response
www.trellix.com/etc.clientlibs/corpcom/components/content/recentblogs/ 2 KB
1 KB 231ms
229ms Script
application/javascript 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/etc.clientlibs/corpcom/components/content/recentblogs/clientlibs.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f85737b21abb1f06b54686bd67cafb7d6659fa81d8a94244e046154e6c159a6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 11 Jan 2022 10:19:36 GMT
etag: "726-5d54bca3fde00-gzip"
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=14400
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 731
x-content-type-options: nosniff

GET
H2 200 trellix-rd-lines.png
www.trellix.com/mainsite/en-us/img/v1/ 154 KB
154 KB 240ms
238ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/mainsite/en-us/img/v1/trellix-rd-lines.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

0e282562879e319335ded7d3efe5a1b05222118d70da79f78e28cb810ce96ed1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 30 Dec 2021 17:38:18 GMT
etag: "26693-5d46085113680"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=300
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 157331
x-content-type-options: nosniff

GET
H2 200 trellix-logo-rd.png
www.trellix.com/mainsite/en-us/img/v1/ 5 KB
5 KB 256ms
255ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/mainsite/en-us/img/v1/trellix-logo-rd.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

3ab12cbc9bba7e1926d39e7268651126a03aaa02bb7564085dd6f9bb662d78fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 30 Dec 2021 18:11:09 GMT
etag: "1453-5d460fa8c4940"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=14400
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 5203
x-content-type-options: nosniff

GET
H2 200 mcafee-logo-rd.png
www.trellix.com/mainsite/en-us/img/v1/ 6 KB
7 KB 276ms
275ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/mainsite/en-us/img/v1/mcafee-logo-rd.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2cd3eb70cbbca7bc56dcd089bc465cc330c8353af3e298969a18847c5c0852e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 19 Jan 2022 03:15:59 GMT
etag: "19a8-5d5e6ce0239c0"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=14400
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 6568
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 fireeye-logo-rd.png
www.trellix.com/mainsite/en-us/img/v1/ 4 KB
4 KB 298ms
297ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/mainsite/en-us/img/v1/fireeye-logo-rd.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

852f5f6d23001b7ea65d27374f6caef575bd93a2856916f8269faca1c45ab7be

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 10 Jan 2022 23:25:54 GMT
etag: "fba-5d542a86fa480"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=300
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 4026
x-content-type-options: nosniff

GET
H2 200 clientlib-base.js Show response
www.trellix.com/etc.clientlibs/corpcom/clientlibs/ 84 KB
16 KB 308ms
307ms Script
application/javascript 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/clientlib-base.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

552499f65a28a384fc543ed870cc5f995e5fcd652ac1e9a5cc7ac5ea1c6a4c93

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 13 Jan 2022 09:13:40 GMT
etag: "14e41-5d5731a22d900-gzip"
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=14400
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 15751
x-content-type-options: nosniff

GET
H2 200 csrf.js Show response
www.trellix.com/etc.clientlibs/corpcom/clientlibs/ 9 KB
3 KB 336ms
335ms Script
application/javascript 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

ad5f74baa26b02bccc4c6a53b0318881ba0694a14c3a02ee814debd22648dbb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
vary: Accept-Encoding
content-length: 2680
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 13 Jan 2022 09:13:40 GMT
x-frame-options: SAMEORIGIN
etag: "2372-5d5731a22d900-gzip"
strict-transport-security: max-age=15768000
content-type: application/javascript;charset=utf-8
cache-control: max-age=14400, s-maxage=14400
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 newco.js Show response
www.trellix.com/www/js/ 111 KB
28 KB 340ms
339ms Script
application/javascript 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/js/newco.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

a8141b9c077f0a11ecec285153fd4d9b2ba6bda580e1b47b20e844acd8cf3427

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 19 Jan 2022 03:15:36 GMT
etag: "1bc63-5d5e6cca34600-gzip"
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=14400
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 28308
x-content-type-options: nosniff

GET
H2 200 launch-675ffef2af24.min.js Show response
assets.adobedtm.com/f0febc6281f5/daaefd9d8423/ 326 KB
100 KB 54ms
10ms Script
application/x-javascript 2a02:26f0:6c00:2a6::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/f0febc6281f5/daaefd9d8423/launch-675ffef2af24.min.js
Requested by: Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a6::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 02b61ce36000330cc4bdc136eff4a8a1f8a7b1e11f9b04eef1280d46d8721587

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
content-encoding: gzip
last-modified: Tue, 25 Jan 2022 21:36:13 GMT
server: AkamaiNetStorage
etag: "b58412d4b39db700a3e3e7d37c8d5a86:1643146573.944763"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.trellix.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 102133
expires: Wed, 02 Feb 2022 12:13:19 GMT

GET
H2 200 form-control.js Show response
www.trellix.com/www/js/ 2 KB
1 KB 342ms
342ms Script
application/javascript 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/js/form-control.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

91241c57dc3ec029b3ecff4fd1d659cd2083c43a2be68f568c5c637378b4331b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Jan 2022 20:28:16 GMT
etag: "8de-5d60957953800-gzip"
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-xss-protection: 1; mode=block
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 956
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 fancybox.js Show response
www.trellix.com/www/js/ 8 KB
3 KB 344ms
343ms Script
application/javascript 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/js/fancybox.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

67e70ec64752d1e3ab775d5a4b52279440ae7f25563ccda451ee8c5d320a38d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 19 Jan 2022 03:15:49 GMT
etag: "1e89-5d5e6cd69a340-gzip"
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=14400
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 2270
x-content-type-options: nosniff

GET
H2 200 dataPoolBundle.min.js Show response
www.trellix.com/www/js/ 13 B
294 B 347ms
346ms Script
application/javascript 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/js/dataPoolBundle.min.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

181a2db78688375c3bca3706913338ea412261bbb0aeddb110d0ec8be4ee4fb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 02 Feb 2022 00:21:10 GMT
etag: "d-5d6fdfe980980"
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=14400
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 13
x-content-type-options: nosniff

GET
H2 200 jquery.fancybox.min.js Show response
www.trellix.com/www/js/ 67 KB
22 KB 350ms
349ms Script
application/javascript 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/js/jquery.fancybox.min.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

cadda460ccb4c3c01bb45f3d5976f63f5adf8dc3ff1d31cb4fbd3ded4f18e5bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
vary: Accept-Encoding
content-length: 22013
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 19 Jan 2022 03:15:36 GMT
x-frame-options: SAMEORIGIN
etag: "10a9d-5d5e6cca34600-gzip"
strict-transport-security: max-age=15768000
content-type: application/javascript
cache-control: max-age=14400, s-maxage=14400
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 61e851d061edda00194ec00c.js Show response
buttons-config.sharethis.com/js/ 500 B
926 B 51ms
13ms Script
text/javascript 2600:9000:206f:6e00:c:abe:f440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://buttons-config.sharethis.com/js/61e851d061edda00194ec00c.js

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:6e00:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8ce7a1a1c6966eaab7550c99b0618f0bfa2924d5b246266576c6eab4d61e7428

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Wed, 02 Feb 2022 11:13:19 GMT
via: 1.1 6def1f0ddc805dce17407cce01d5b32c.cloudfront.net (CloudFront)
last-modified: Wed, 19 Jan 2022 18:08:43 GMT
server: AmazonS3
age: 41
etag: "87ae61e5738311c6602af5ed70076fea"
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=60
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-length: 500
x-amz-cf-id: J1Q7bEnQPh_uOVb-szfcW3NTsA6moBUAsNk8YBkyhlD3YuK4_-PZ7g==

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
402 B 60ms
10ms XHR
text/plain 18.198.109.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://l.sharethis.com/pview?event=pview&hostname=www.trellix.com&location=%2Fen-us%2Fabout%2Fnewsroom%2Fstories%2Fthreat-labs%2Freturn-of-pseudo-ransomware.html&product=sop&url=https%3A%2F%2Fwww.trellix.com%2Fen-us%2Fabout%2Fnewsroom%2Fstories%2Fthreat-labs%2Freturn-of-pseudo-ransomware.html&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=Return%20of%20Pseudo%20Ransomware&cms=unknown&publisher=61e851d061edda00194ec00c&sop=true&version=st_sop.js&lang=en&description=Insights%20into%20the%20recent%20ransomware%20campaign%20targeting%20Ukraine.

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.198.109.212 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-198-109-212.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 02 Feb 2022 11:13:19 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Access-Control-Allow-Origin: https://www.trellix.com
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2 200 icons.css
www.trellix.com/www/css/ 2 KB
740 B 287ms
286ms Stylesheet
text/css 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/css/icons.css

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/www/css/newco.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

bf9d18f486bd10b8f09c2b238e492817b376ace4c7a08a4a87736b13d4f11a3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/www/css/newco.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 19 Jan 2022 03:15:34 GMT
etag: "69b-5d5e6cc84c180-gzip"
x-frame-options: SAMEORIGIN
content-type: text/css
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=14400
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 443
x-content-type-options: nosniff

GET
H2 200 contact.88f5332fadcfe64f662fd27a70d1229e.svg
www.trellix.com/en-us/img/v1/ 2 KB
1 KB 55ms
54ms Image
image/svg+xml 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/v1/contact.88f5332fadcfe64f662fd27a70d1229e.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/www/css/newco.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6b058550069ac37d356e8f6ff74ef4925c89bee3b34de1764c2c688fe2091c3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/www/css/newco.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 24 Dec 2021 10:32:57 GMT
etag: "700-5d3e1e0d96840"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=14400
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 812
x-content-type-options: nosniff

GET
H2 200 search.c7d1752f9278d77ae72db56c5c9a1c6b.svg
www.trellix.com/en-us/img/v1/ 684 B
703 B 55ms
55ms Image
image/svg+xml 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/v1/search.c7d1752f9278d77ae72db56c5c9a1c6b.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/www/css/newco.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

032c9e92ef4a36932b0fa4ae12754b78642a2c6076c87611e4a0d5c902fef89f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/www/css/newco.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 24 Dec 2021 10:32:57 GMT
etag: "2ac-5d3e1e0d96840"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=14400
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 405
x-content-type-options: nosniff

GET
H2 200 megamenu_card.69e1cc917d34abf6b51b3988bfd1bbb6.png
www.trellix.com/en-us/img/v1/ 83 KB
83 KB 56ms
56ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/v1/megamenu_card.69e1cc917d34abf6b51b3988bfd1bbb6.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/www/css/newco.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

eee67d1182a59854bd333df044bf4a08e71c7bf9543d4b6209a7c69e617d1fa8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/www/css/newco.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 24 Dec 2021 10:33:05 GMT
etag: "14b69-5d3e1e1537a40"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=300
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 84841
x-content-type-options: nosniff

GET
DATA 200
OK truncated
/ 273 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 953c39b93c46656e2d25a28dd13379498f98e991a78f682c4a42c951bc87a0f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 nr_newsroom_2.png
www.trellix.com/en-us/img/newsroom/ 1 MB
1 MB 80ms
80ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/nr_newsroom_2.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

80fb7d95a623a73dc7ef0a8aaaef39973bdbc7465a2457671c5144fa8f74238c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 19 Jan 2022 03:16:08 GMT
etag: "16b501-5d5e6ce8b8e00"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=14400
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 1488129
x-content-type-options: nosniff

GET
H2 200 arrow-right.b66e9741c7b691ba607d3943c547b468.svg
www.trellix.com/en-us/img/v1/ 225 B
499 B 86ms
86ms Image
image/svg+xml 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/v1/arrow-right.b66e9741c7b691ba607d3943c547b468.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/www/css/newco.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2f2e3fbca639ff26c4a87bfa14ec5997a87fb8a3e64951c3c7d521f86fdf04a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/www/css/newco.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-disposition: inline
vary: Accept-Encoding
content-length: 177
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 19 Jan 2022 03:15:48 GMT
x-frame-options: SAMEORIGIN
etag: "e1-5d5e6cd5a6100"
strict-transport-security: max-age=15768000
content-type: image/svg+xml
cache-control: max-age=14400, s-maxage=14400
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 getRecentBlogsFromWarpper Show response
www.trellix.com/corpcomsvc/ 2 KB
2 KB 1504ms
1504ms Fetch
application/json 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/corpcomsvc/getRecentBlogsFromWarpper?blogsCount=5

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/components/content/recentblogs/clientlibs.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

86c30aa003a44dc0e06d13c7b696e4f3708a54a00bc0b08151a33329546916cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Feb 2022 11:13:20 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
x-frame-options: SAMEORIGIN
content-type: application/json
cache-control: max-age=0, no-cache, no-store
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
vary: Accept-Encoding
content-length: 951
x-xss-protection: 1; mode=block
expires: Wed, 02 Feb 2022 11:13:20 GMT

GET
H2 200 bryan-palma-lg.png
www.trellix.com/en-us/img/newsroom/stories/ 502 KB
504 KB 89ms
89ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/bryan-palma-lg.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

ddadbe2fdcd8a9057f61090e5c34bcd173d4cce903ee55680f92ba9013041308

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 19 Jan 2022 03:16:13 GMT
etag: "7d965-5d5e6ced7d940"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=14400
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 514405
x-content-type-options: nosniff

GET
H2 200 arrow-right-blue.svg
www.trellix.com/en-us/img/icons/ 292 B
520 B 47ms
47ms Image
image/svg+xml 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/icons/arrow-right-blue.svg

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/www/css/newco.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

792f681fc4e37d56aa5fc9785650a1c4c87e36f90f214074e1ccb2d6d74fc1c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/www/css/newco.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 27 Jan 2022 17:18:03 GMT
etag: "124-5d693803448c0"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=14400
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
vary: Accept-Encoding
content-length: 223
x-content-type-options: nosniff

GET
H2 200 network-cloud-security-ops.png
www.trellix.com/content/dam/mainsite/en-us/img/newsroom/stories/ 528 KB
530 KB 90ms
90ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/content/dam/mainsite/en-us/img/newsroom/stories/network-cloud-security-ops.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c16429cea91a9fe8f30bbb677529b76d8ca91b3c4a744c4d929ba3726d66836f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 19 Jan 2022 03:16:08 GMT
etag: "841ac-5d5e6ce8b8e00"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=14400
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 541100
x-content-type-options: nosniff

GET
H2 200 threat-predictions.png
www.trellix.com/en-us/img/newsroom/stories/ 287 KB
288 KB 92ms
92ms Image
image/png 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.trellix.com/en-us/img/newsroom/stories/threat-predictions.png

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9fd695396cc266020d30345e15c5475d9ebc122b1a3dfa4b9a1efefe41fca288

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 19 Jan 2022 03:15:56 GMT
etag: "47d92-5d5e6cdd47300"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=14400
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
content-length: 294290
x-content-type-options: nosniff

GET
H2 200 bootstrap-icons.66e4109ec6241c76fdcfff101b46ce0b.woff2
www.trellix.com/www/fonts/ 90 KB
90 KB 71ms
71ms Font
application/octet-stream 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/www/fonts/bootstrap-icons.66e4109ec6241c76fdcfff101b46ce0b.woff2

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/www/css/newco.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6e30be95c88e3acf121f68a271f54b13af21cd26e311fe37df694874edfd48c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trellix.com/www/css/newco.css
Origin: https://www.trellix.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 19 Jan 2022 03:15:35 GMT
etag: "16764-5d5e6cc9403c0"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=14400
content-disposition: inline
strict-transport-security: max-age=15768000
accept-ranges: bytes
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 token.json Show response
www.trellix.com/libs/granite/csrf/ 2 B
460 B 49ms
48ms XHR
application/json 2a02:26f0:1700:5::5f65:1b4d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trellix.com/libs/granite/csrf/token.json

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:5::5f65:1b4d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
referrer-policy: no-referrer-when-downgrade
x-frame-options: SAMEORIGIN
content-type: application/json;charset=iso-8859-1
x-xss-protection: 1; mode=block
cache-control: max-age=14400, s-maxage=14400
content-disposition: inline
strict-transport-security: max-age=15768000
content-length: 2
x-content-type-options: nosniff
expires: -1

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 368 B
1 KB 222ms
53ms XHR
application/json 52.17.105.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=0FD024EB6135CAAB0A495CAF%40AdobeOrg&d_nsid=0&ts=1643800399529

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.17.105.123 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-17-105-123.eu-west-1.compute.amazonaws.com

Software

Resource Hash

90eb26da9bbfda067e96be5eff327402490535010e9f50a38e6b2bdfff1e7a33

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v027-0a1cb48e8.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: +oMLN9ecSQk=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.trellix.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 311
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EPb56e12d7054b4acea984e91c910051cc/ 33 KB
12 KB 35ms
34ms Script
application/x-javascript 2a02:26f0:6c00:2a6::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPb56e12d7054b4acea984e91c910051cc/AppMeasurement.min.js
Requested by: Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a6::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 04d439e000eb278a036c741b3a0b3ddb4b22087ff0bbb9342a6be5dc7d1ab60a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
content-encoding: gzip
last-modified: Mon, 18 Oct 2021 21:37:16 GMT
server: AkamaiNetStorage
etag: "820eb42f3120ddf65e303b24a8285815:1634593036.305122"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.trellix.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12200
expires: Wed, 02 Feb 2022 12:13:19 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EPb56e12d7054b4acea984e91c910051cc/ 3 KB
2 KB 52ms
52ms Script
application/x-javascript 2a02:26f0:6c00:2a6::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPb56e12d7054b4acea984e91c910051cc/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a6::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 99affd7a1c868ecf15a0789fc85e87ca23ae783e7916aee316e6282d9777369c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
content-encoding: gzip
last-modified: Mon, 18 Oct 2021 21:37:16 GMT
server: AkamaiNetStorage
etag: "abbe69e5c8f385f00652c3d0c2bba347:1634593036.557115"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.trellix.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1594
expires: Wed, 02 Feb 2022 12:13:19 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 98 KB
39 KB 193ms
73ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-976855902

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/f0febc6281f5/daaefd9d8423/launch-675ffef2af24.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a31456084097dbb972e581a6e299cd591ba8c6b022c7c7aee3c58501d03fb90d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39630
x-xss-protection: 0
last-modified: Wed, 02 Feb 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 02 Feb 2022 11:13:19 GMT

GET
H/1.1 200
OK dest5.html Show response
musarubra.demdex.net/ Frame 1520 7 KB
3 KB 278ms
35ms Document
text/html 54.216.106.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://musarubra.demdex.net/dest5.html?d_nsid=0

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.216.106.103 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-216-106-103.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Wed, 2 Feb 2022 11:13:20 GMT
DCS: dcs-prod-irl1-1-v027-04f3a669a.edge-irl1.demdex.com UNKNOWN
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Wed, 19 Jan 2022 13:28:58 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: JCdckQmIQDI=
Content-Length: 2791
Connection: keep-alive

GET
H2 200 id Show response
smetrics.trellix.com/ 48 B
507 B 221ms
21ms XHR
application/x-javascript 15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.trellix.com/id?d_visid_ver=5.3.0&d_fieldgroup=A&mcorgid=0FD024EB6135CAAB0A495CAF%40AdobeOrg&mid=89090602837705743290285812738124796051&ts=1643800399783

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

415c3d10c63d0bdae53cb63f2dbc391b5249df8750576bd4e55fdf74108269fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-cdfbd77b-zrgb4
vary: Origin
x-c: main-1585.I7afc85.M0-540
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.trellix.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript;charset=utf-8
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=YfpnTwAAAGXChQQf
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=80847002194343550620605344957769845788
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YfpnTwAAAGXChQQf

42 B
943 B

34ms
34ms

Image
image/gif

52.17.105.123
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=YfpnTwAAAGXChQQf

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

HTTP/1.1

Server

52.17.105.123 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-17-105-123.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v027-04f3a669a.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: Ivkw9yIlRFU=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=YfpnTwAAAGXChQQf
Date: Wed, 02 Feb 2022 11:13:19 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 203ms
50ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-976855902

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

63158f73aa9f4d442cf349762c6beac9fcf35c14c3376888e728164acfde3b86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14855
x-xss-protection: 0
server: cafe
etag: 17539559064140624452
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 02 Feb 2022 11:13:20 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 87 KB
35 KB 93ms
92ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-11581985

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/f0febc6281f5/daaefd9d8423/launch-675ffef2af24.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9976df8cc5344cf65fa01f2cacbf6a37cea60fdc9686335342d9549de69b792b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:19 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35988
x-xss-protection: 0
last-modified: Wed, 02 Feb 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 02 Feb 2022 11:13:19 GMT

POST
H2 200 delivery Show response
trellix.tt.omtrdc.net/rest/v1/ 352 B
586 B 204ms
37ms XHR
application/json 54.155.191.195
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://trellix.tt.omtrdc.net/rest/v1/delivery?client=musarubra&sessionId=80fb8dc337014b0ebee1e582505238e9&version=2.8.0
Requested by: Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.155.191.195 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-155-191-195.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 3175d064faa954809d380fe7cbc5fe253804b84a0c8fc55e136947159289d34c

Request headers

Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 02 Feb 2022 11:13:20 GMT
content-encoding: gzip
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.trellix.com
access-control-allow-credentials: true
timing-allow-origin: *
x-request-id: b3c5f31c22fd434922bde11e9a20a91f

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 14 KB
6 KB 49ms
10ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:20 GMT
content-encoding: gzip
last-modified: Mon, 20 Sep 2021 23:58:10 GMT
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kcgs7200164-IAD, cache-fra19158-FRA

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
5 KB 51ms
12ms Script
application/x-javascript 65.9.65.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/f0febc6281f5/daaefd9d8423/launch-675ffef2af24.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.65.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-65-116.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 02 Feb 2022 07:36:27 GMT
Via: 1.1 547a50460a0cda7ae3dafb1c0b6d0e1a.cloudfront.net (CloudFront)
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
Age: 13014
ETag: "98d98b3499058b76d58073cf8ede2f10"
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Connection: keep-alive
X-Amz-Cf-Pop: FRA56-C1
Accept-Ranges: bytes
Content-Length: 4593
X-Amz-Cf-Id: L30TRBtqzF8ujcmtBacgW30WFGlq6TD0fm0hhUVfmQgnk-9mgGfP2g==

GET
H2 200 s38822687696504
smetrics.trellix.com/b/ss/musarubratrellixcom/1/JS-2.22.3-LBWB/ 43 B
350 B 18ms
17ms Image
image/gif 15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://smetrics.trellix.com/b/ss/musarubratrellixcom/1/JS-2.22.3-LBWB/s38822687696504?AQB=1&ndh=1&pf=1&t=2%2F1%2F2022%2011%3A13%3A20%203%200&sdid=568998EAC515CD28-204C418BAFD5E1AC&mid=89090602837705743290285812738124796051&aamlh=6&ce=UTF-8&pageName=en-us%3Aabout%3Anewsroom%3Astories%3Athreat-labs%3Areturn-of-pseudo-ransomware&g=https%3A%2F%2Fwww.trellix.com%2Fen-us%2Fabout%2Fnewsroom%2Fstories%2Fthreat-labs%2Freturn-of-pseudo-ransomware.html&cc=USD&ch=about%3Anewsroom%3Astories%3Athreat-labs%3Areturn-of-pseudo-ransomware&server=www.trellix.com&events=event1&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=D%3DpageName&v1=D%3DpageName&c5=D%3Dv5&v5=about&c6=D%3Dv6&v6=newsroom&c8=D%3Dv153&c26=D%3Dg&v26=D%3Dg&c56=D%3Dv159&c57=D%3Dv160&c58=D%3Dv161&c59=D%3Dv180&c60=New&c62=D%3Dr&c75=D%3Dv190&v98=mozilla%2F5.0%20%28windows%20nt%2010.0%3B%20win64%3B%20x64%29%20applewebkit%2F537.36%20%28khtml%2C%20like%20gecko%29%20chrome%2F97.0.4692.71%20safari%2F537.36&v100=2.22.3&v153=www.trellix.com&v154=us&v155=english&v180=year%3D2022%20%7C%20month%3DFebruary%20%7C%20date%3D02%20%7C%20day%3DWednesday%20%7C%20time%3D3%3A13%20AM&v181=New&v184=D%3Dmid&v185=Direct%2FBookmarked&v187=na&v188=Return%20of%20Pseudo%20Ransomware&v190=about%3Anewsroom%3Astories%3Athreat-labs%3Areturn-of-pseudo-ransomware&v191=%7Cn%2Fa%7Cn%2Fa%7Cn%2Fa%7Cn%2Fa%7Cn%2Fa%7Cn%2Fa%7Cn%2Fa%7Cn%2Fa%7Cn%2Fa%7Cn%2Fa%7Cn%2Fa%7Cn%2Fa%7Cn%2Fa%7C&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=0FD024EB6135CAAB0A495CAF%40AdobeOrg&AQE=1

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:20 GMT
x-content-type-options: nosniff
x-c: main-1585.I7afc85.M0-540
p3p: CP="This is not a P3P policy"
vary: *
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Thu, 03 Feb 2022 11:13:20 GMT
server: jag
xserver: anedge-cdfbd77b-6qzrv
etag: 3530034480787292160-4619820339178468006
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Tue, 01 Feb 2022 11:13:20 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
459 B 134ms
117ms Script
application/javascript 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o7hln&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=2b80690a-1c98-4c70-9cc4-e0c800e60a49&tw_document_href=https%3A%2F%2Fwww.trellix.com%2Fen-us%2Fabout%2Fnewsroom%2Fstories%2Fthreat-labs%2Freturn-of-pseudo-ransomware.html&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-response-time: 110
date: Wed, 02 Feb 2022 11:13:19 GMT
content-encoding: gzip
server: tsa_o
strict-transport-security: max-age=631138519
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0
x-connection-hash: baebcca721305b38a9e53c333dc0aeb12a7042930c4892a208e88aebbb56397f
content-type: application/javascript;charset=utf-8
content-length: 57

GET
H2 200 adsct
t.co/i/ 43 B
336 B 137ms
120ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o7hln&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=2b80690a-1c98-4c70-9cc4-e0c800e60a49&tw_document_href=https%3A%2F%2Fwww.trellix.com%2Fen-us%2Fabout%2Fnewsroom%2Fstories%2Fthreat-labs%2Freturn-of-pseudo-ransomware.html

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-response-time: 113
date: Wed, 02 Feb 2022 11:13:19 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: ae0cc047f00307b59624edbb0193b00cc521e341c546b8d95aab3d20f7e8d9f0
content-length: 43

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 2 KB
1 KB 113ms
58ms Script
text/javascript 2606:4700::6812:15c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:15c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 15 Oct 2021 14:31:37 GMT
server: cloudflare
age: 527
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
expires: Wed, 02 Feb 2022 11:14:33 GMT
cache-control: max-age=1200
cf-ray: 6d72fd54a8bc9076-FRA
cf-bgj: minify

GET
H/1.1 200
OK 6si.min.js Show response
j.6sc.co/ 27 KB
9 KB 41ms
9ms Script
application/javascript 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

2707e48726a3f7ec48a1d1aec9738f20b36bac1535cfa9de2e4d92310c4e7e7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 02 Feb 2022 11:13:20 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 8575
Pragma: no-cache
Last-Modified: Thu, 07 Oct 2021 17:17:43 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615f2bb7-6a5f"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: application/javascript
Access-Control-Allow-Origin
Cache-Control: private, no-cache, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 02 Feb 2022 11:13:20 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/ 2 KB
2 KB 142ms
51ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976855902/?random=1643800400075&cv=9&fst=1643800400075&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1v0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.trellix.com%2Fen-us%2Fabout%2Fnewsroom%2Fstories%2Fthreat-labs%2Freturn-of-pseudo-ransomware.html&tiba=Return%20of%20Pseudo%20Ransomware&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea1ca10475d45f09370d0871903571131af6ccafc7ebfe9daf96950467a0adb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Feb 2022 11:13:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1078
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
693 B 127ms
91ms XHR
application/json 185.33.221.11
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.11 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

733.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 02 Feb 2022 11:13:20 GMT
X-Proxy-Origin: 185.213.155.163; 185.213.155.163; 733.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: e0b11734-1a8e-4e20-896f-2e6c4367f37a
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.trellix.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK / Show response
c.6sc.co/ 47 B
371 B 105ms
16ms XHR
text/plain 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-233-140.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 71ce835f77b650f48c1855a8b792bb3aa7bea1268a94692523ce0b0f15dd8dd3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 02 Feb 2022 11:13:20 GMT
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.trellix.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 47

GET
H/1.1 200
OK activity.gif
apt.techtarget.com/activity/ 43 B
464 B 492ms
118ms Image
image/gif 206.19.49.24
ATT-CERFNET-BLOCK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=1259816&version=2.1.1&ref=https%3A%2F%2Fwww.trellix.com%2Fen-us%2Fabout%2Fnewsroom%2Fstories%2Fthreat-labs%2Freturn-of-pseudo-ransomware.html&r=1643800400149
Requested by: Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 206.19.49.24 , United States, ASN17225 (ATT-CERFNET-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 02 Feb 2022 11:13:20 GMT
Last-Modified: Tue, 26 Mar 2019 18:30:29 GMT
ETag: "2b-5850384023492"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=71
Content-Length: 43

GET
H2 200 /
www.google.com/pagead/1p-user-list/976855902/ 42 B
548 B 140ms
53ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/976855902/?random=1643800400075&cv=9&fst=1643799600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1v0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.trellix.com%2Fen-us%2Fabout%2Fnewsroom%2Fstories%2Fthreat-labs%2Freturn-of-pseudo-ransomware.html&tiba=Return%20of%20Pseudo%20Ransomware&async=1&fmt=3&is_vtc=1&random=351567169&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Feb 2022 11:13:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/976855902/ 42 B
548 B 138ms
51ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/976855902/?random=1643800400075&cv=9&fst=1643799600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1v0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.trellix.com%2Fen-us%2Fabout%2Fnewsroom%2Fstories%2Fthreat-labs%2Freturn-of-pseudo-ransomware.html&tiba=Return%20of%20Pseudo%20Ransomware&async=1&fmt=3&is_vtc=1&random=351567169&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Feb 2022 11:13:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 250ms
184ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=1322340356018696d853e0ac6f7ce3a2&svisitor=64bb1002410100005067fa6146000000efb30700&session=f317907f-96f0-4592-8956-abb8161b1120&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2002%20Feb%202022%2011%3A13%3A20%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Insights%20into%20the%20recent%20ransomware%20campaign%20targeting%20Ukraine.%22%2C%22keywords%22%3Anull%2C%22title%22%3A%22Return%20of%20Pseudo%20Ransomware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.trellix.com%2Fen-us%2Fabout%2Fnewsroom%2Fstories%2Fthreat-labs%2Freturn-of-pseudo-ransomware.html&pageViewId=7305fdb7-be64-4e27-8d60-ed7306d1e1f3&an_uid=0

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 02 Feb 2022 11:13:20 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Sat, 05 Jun 2021 07:56:05 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60bb2e15-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 RC590db6ad873b44cb91d978147140970b-source.min.js Show response
assets.adobedtm.com/f0febc6281f5/daaefd9d8423/505d4b3889fa/ 572 B
624 B 7ms
7ms Script
application/x-javascript 2a02:26f0:6c00:2a6::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/f0febc6281f5/daaefd9d8423/505d4b3889fa/RC590db6ad873b44cb91d978147140970b-source.min.js
Requested by: Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a6::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 41588bc87a01fd72cb51c781b09885d429b9ab5c903f26e655d6c76aafd0d37b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:20 GMT
content-encoding: gzip
last-modified: Tue, 25 Jan 2022 21:36:14 GMT
server: AkamaiNetStorage
etag: "0eec6f1a2e251702e7c0d828f8b86efe:1643146574.790225"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.trellix.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 359
expires: Wed, 02 Feb 2022 12:13:20 GMT

GET
H2 200 up Show response
insight.adsrvr.org/track/ Frame 2AD5 0
182 B 108ms
35ms Document
text/html 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=vac9s1e&ref=https%3A%2F%2Fwww.trellix.com%2Fen-us%2Fabout%2Fnewsroom%2Fstories%2Fthreat-labs%2Freturn-of-pseudo-ransomware.html&upid=54v6z2b&upv=1.1.0
Requested by: Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Response headers

date: Wed, 02 Feb 2022 11:13:20 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 263ms
73ms Script
application/x-javascript 2a03:5f80:a::b212:e7c0
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.trellix.com
URL: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:5f80:a::b212:e7c0 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: /
Resource Hash: fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 02 Feb 2022 11:13:20 GMT
Content-Encoding: gzip
Last-Modified: Wed, 29 Sep 2021 19:17:49 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=66772
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2036

GET
H2 200 RC33832b0bc7b2491485a97501b9527b24-source.min.js Show response
assets.adobedtm.com/f0febc6281f5/daaefd9d8423/505d4b3889fa/ 629 B
664 B 8ms
7ms Script
application/x-javascript 2a02:26f0:6c00:2a6::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/f0febc6281f5/daaefd9d8423/505d4b3889fa/RC33832b0bc7b2491485a97501b9527b24-source.min.js
Requested by: Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a6::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 2e11856b25c47c578a28e0d5206864996e9c25f6261d83f989ae17623df88bf0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:20 GMT
content-encoding: gzip
last-modified: Tue, 25 Jan 2022 21:36:14 GMT
server: AkamaiNetStorage
etag: "0eec6f1a2e251702e7c0d828f8b86efe:1643146574.790225"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.trellix.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 400
expires: Wed, 02 Feb 2022 12:13:20 GMT

GET
H2 200 hotjar-2366695.js Show response
static.hotjar.com/c/ 5 KB
2 KB 59ms
14ms Script
application/javascript 65.9.63.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2366695.js?sv=6

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.63.33 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-63-33.fra56.r.cloudfront.net

Software

Resource Hash

e8af1279bae582db74544fd93a5c850baa1c46d7a164b4a0f149c3ad4128ce77

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:12:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 1987
access-control-allow-origin: *
x-cache-hit: 1
etag: W/2e9d83f37732c8a1bd8aa8afcfe719ef
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
via: 1.1 e39402e2cf62b31f7774452c905f38f2.cloudfront.net (CloudFront)
cache-control: max-age=60
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: F2lrYYz5sPi-V2l2srJTCZIGHKwNz3qOV3D9wVhD0RTkc4C5WnJmWQ==

GET
H2 200 modules.b840cee57f816b17fc8e.js Show response
script.hotjar.com/ 231 KB
61 KB 39ms
9ms Script
application/javascript 99.86.3.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.b840cee57f816b17fc8e.js

Requested by

Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.3.36 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-3-36.fra6.r.cloudfront.net

Software

Resource Hash

d4afa12eb2b6e7c4e2619c0a8c337546fc1e63f201c3a2e2d82763eb2bbed706

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 15:30:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 70994
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 61854
access-control-allow-origin: *
last-modified: Tue, 01 Feb 2022 15:29:32 GMT
etag: "1fc08e27451edc4497a1e5b8ef01a0ca"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: ST2-qNnzz08At8zo-WLEyb6zG4hiCpyvvOiomWYkNvpwMuIF9_9d2g==

GET
H2 200 box-a1ae2079824d1c48aa9ce06efb256f18.html Show response
vars.hotjar.com/ Frame 54BD 2 KB
1 KB 51ms
9ms Document
text/html 108.157.4.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-a1ae2079824d1c48aa9ce06efb256f18.html
Requested by: Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: d39c7ff4103007338040282460b2eb0e5adadd9fb80f986fb4c8a3d41785a6ca

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html

Response headers

content-type: text/html
content-length: 1044
date: Thu, 02 Dec 2021 15:53:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "6215abf691a11c2f451680e635d30daa"
last-modified: Thu, 02 Dec 2021 15:52:57 GMT
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 268679e7d17267a1a7a03722822fb800.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: 5c5Ed3-wwoT9ItlWxgJXO2yWFIqEnBzHxr1KNDwGG8NRlZPaDLXpXA==
age: 5340014

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/2366695/ 146 B
321 B 99ms
32ms XHR
application/json 18.203.176.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/2366695/visit-data?sv=6
Requested by: Host: www.trellix.com
URL: https://www.trellix.com/etc.clientlibs/corpcom/clientlibs/csrf.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.203.176.110 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-176-110.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 30886bcaa4bc9292431c9ae196c0b6bbcc4e4311b4839780c91a09c771c76c6e

Request headers

Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Wed, 02 Feb 2022 11:13:20 GMT
content-encoding: br
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store
access-control-allow-credentials: true

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3647850&time=1643800400956&url=https%3A%2F%2Fwww.trellix.com%2Fen-us%2Fabout%2Fnewsroom%2Fstories%2Fthreat-labs%2Freturn-of-pseudo-ransomware.html
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3647850%26time%3D1643800400956%26url%3Dhttps%253A%252F%252Fwww.trellix.com%252Fen...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3647850&time=1643800400956&url=https%3A%2F%2Fwww.trellix.com%2Fen-us%2Fabout%2Fnewsroom%2Fstories%2Fthreat-labs%2Freturn-of-pseudo-ransomware.html...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3647850&time=1643800400956&url=https%3A%2F%2Fwww.trellix.com%2Fen-us%2Fabout%2Fnewsroom%2Fstories%2Fthreat-labs%2Freturn-of-pseudo-ransomware.htm...

0
155 B

347ms
143ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3647850&time=1643800400956&url=https%3A%2F%2Fwww.trellix.com%2Fen-us%2Fabout%2Fnewsroom%2Fstories%2Fthreat-labs%2Freturn-of-pseudo-ransomware.html&liSync=true&e_ipv6=AQIaKvBDCsEnPwAAAX66I5Xki8rb-xDZKU-8Ji1np-cJzR2wn0mgxee9Zl_DhPL7BLsEiOv3
Protocol: H2
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 11:13:21 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-proto: http/2
x-li-pop: prod-lva1
content-type: application/javascript
content-length: 0
x-li-uuid: YMdckcHzzxaw2QUC0CoAAA==

Redirect headers

date: Wed, 02 Feb 2022 11:13:21 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: D8EEB373601E4C439C508919BD07AEF4 Ref B: FRAEDGE1221 Ref C: 2022-02-02T11:13:21Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3647850&time=1643800400956&url=https%3A%2F%2Fwww.trellix.com%2Fen-us%2Fabout%2Fnewsroom%2Fstories%2Fthreat-labs%2Freturn-of-pseudo-ransomware.html&liSync=true&e_ipv6=AQIaKvBDCsEnPwAAAX66I5Xki8rb-xDZKU-8Ji1np-cJzR2wn0mgxee9Zl_DhPL7BLsEiOv3
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXXBxsBUkYj7fkax27P7A==

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 183ms
183ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=1322340356018696d853e0ac6f7ce3a2&svisitor=64bb1002410100005067fa6146000000efb30700&session=f317907f-96f0-4592-8956-abb8161b1120&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2002%20Feb%202022%2011%3A13%3A21%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2002%20Feb%202022%2011%3A13%3A20%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Insights%20into%20the%20recent%20ransomware%20campaign%20targeting%20Ukraine.%22%2C%22keywords%22%3Anull%2C%22title%22%3A%22Return%20of%20Pseudo%20Ransomware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.trellix.com%2Fen-us%2Fabout%2Fnewsroom%2Fstories%2Fthreat-labs%2Freturn-of-pseudo-ransomware.html&pageViewId=7305fdb7-be64-4e27-8d60-ed7306d1e1f3&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 02 Feb 2022 11:13:21 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Sat, 05 Jun 2021 07:56:05 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60bb2e15-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 187ms
186ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=1322340356018696d853e0ac6f7ce3a2&svisitor=64bb1002410100005067fa6146000000efb30700&session=f317907f-96f0-4592-8956-abb8161b1120&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2002%20Feb%202022%2011%3A13%3A22%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2002%20Feb%202022%2011%3A13%3A21%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Insights%20into%20the%20recent%20ransomware%20campaign%20targeting%20Ukraine.%22%2C%22keywords%22%3Anull%2C%22title%22%3A%22Return%20of%20Pseudo%20Ransomware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.trellix.com%2Fen-us%2Fabout%2Fnewsroom%2Fstories%2Fthreat-labs%2Freturn-of-pseudo-ransomware.html&pageViewId=7305fdb7-be64-4e27-8d60-ed7306d1e1f3&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 02 Feb 2022 11:13:22 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 187ms
186ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=1322340356018696d853e0ac6f7ce3a2&svisitor=64bb1002410100005067fa6146000000efb30700&session=f317907f-96f0-4592-8956-abb8161b1120&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2002%20Feb%202022%2011%3A13%3A23%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2002%20Feb%202022%2011%3A13%3A22%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Insights%20into%20the%20recent%20ransomware%20campaign%20targeting%20Ukraine.%22%2C%22keywords%22%3Anull%2C%22title%22%3A%22Return%20of%20Pseudo%20Ransomware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.trellix.com%2Fen-us%2Fabout%2Fnewsroom%2Fstories%2Fthreat-labs%2Freturn-of-pseudo-ransomware.html&pageViewId=7305fdb7-be64-4e27-8d60-ed7306d1e1f3&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 02 Feb 2022 11:13:23 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Tue, 05 Oct 2021 22:17:52 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615ccf10-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 209ms
209ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=1322340356018696d853e0ac6f7ce3a2&svisitor=64bb1002410100005067fa6146000000efb30700&session=f317907f-96f0-4592-8956-abb8161b1120&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2002%20Feb%202022%2011%3A13%3A24%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2002%20Feb%202022%2011%3A13%3A23%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%224006%22%7D&isIframe=false&m=%7B%22description%22%3A%22Insights%20into%20the%20recent%20ransomware%20campaign%20targeting%20Ukraine.%22%2C%22keywords%22%3Anull%2C%22title%22%3A%22Return%20of%20Pseudo%20Ransomware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.trellix.com%2Fen-us%2Fabout%2Fnewsroom%2Fstories%2Fthreat-labs%2Freturn-of-pseudo-ransomware.html&pageViewId=7305fdb7-be64-4e27-8d60-ed7306d1e1f3&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 02 Feb 2022 11:13:24 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Tue, 05 Oct 2021 22:17:52 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615ccf10-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 196ms
195ms Image
image/gif 104.111.233.140
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=1322340356018696d853e0ac6f7ce3a2&svisitor=64bb1002410100005067fa6146000000efb30700&session=f317907f-96f0-4592-8956-abb8161b1120&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2002%20Feb%202022%2011%3A13%3A25%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2002%20Feb%202022%2011%3A13%3A24%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225007%22%7D&isIframe=false&m=%7B%22description%22%3A%22Insights%20into%20the%20recent%20ransomware%20campaign%20targeting%20Ukraine.%22%2C%22keywords%22%3Anull%2C%22title%22%3A%22Return%20of%20Pseudo%20Ransomware%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.trellix.com%2Fen-us%2Fabout%2Fnewsroom%2Fstories%2Fthreat-labs%2Freturn-of-pseudo-ransomware.html&pageViewId=7305fdb7-be64-4e27-8d60-ed7306d1e1f3&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.233.140 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-233-140.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/return-of-pseudo-ransomware.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 02 Feb 2022 11:13:25 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Tue, 05 Oct 2021 22:17:52 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615ccf10-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

94 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

42 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.trellix.com/	1970-01-20 00:36:47	Name: ak_bmsc Value: 6736A591F39FD997091F8C1B8829A120~000000000000000000000000000000~YAAQTWt7XPHv0bd+AQAAfIwjug74oCdUtHZB4/ojBZ09G7qyDFPm5W3vxd1qortnY5wGDYBQckyf524GvtfGl4bc1zwr0T3hv3GW0TanjNohIzyEfy8QsX23zsQzft28ZdOjGEIfMqKaB/nVk0Dkjj4i5heqVybfljD9wmME1g1Brvp4dX06iXtskKENAjfxs3zCPw01eBmwtD1MPgCSqAuSaqV+jgxyJM4PY09iTzMs4LigDXwG9Lxl7KB6Jn0gu8Ze9pvLmgbiAL+xKGNFj0Jcoouf9xC9DTTyG2Q0V0PKDnSmu5o+2a86hzfzjJC2Xe+qEbsmwQFuzqXauDCEKO8Ly7SLH3NV1h6wO5B4DQeF3FxMGEt84DY3llYyC1qra9GNh0NtJ8r3D7AO4PetNg7h
.demdex.net/	1970-01-20 04:55:52	Name: demdex Value: 80847002194343550620605344957769845788
.trellix.com/	1969-12-31 23:59:59	Name: AMCVS_0FD024EB6135CAAB0A495CAF%40AdobeOrg Value: 1
.trellix.com/	1970-01-20 02:46:16	Name: _gcl_au Value: 1.1.1915232383.1643800400
.trellix.com/	1969-12-31 23:59:59	Name: at_check Value: true
.trellix.com/	1970-01-20 18:07:52	Name: s_ecid Value: MCMID%7C89090602837705743290285812738124796051
.everesttech.net/	1970-01-20 09:22:16	Name: everest_g_v2 Value: g_surferid~YfpnTwAAAGXChQQf
.trellix.com/	1970-01-20 09:22:16	Name: s_nr Value: 1643800400019-New
.trellix.com/	1970-01-20 00:36:42	Name: gpv Value: en-us%3Aabout%3Anewsroom%3Astories%3Athreat-labs%3Areturn-of-pseudo-ransomware
.trellix.com/	1969-12-31 23:59:59	Name: tp Value: 14819
.trellix.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.dpm.demdex.net/	1970-01-20 04:55:52	Name: dpm Value: 80847002194343550620605344957769845788
.6sc.co/	1970-01-20 18:07:52	Name: 6suuid Value: 64bb1002410100005067fa6146000000efb30700
.trellix.com/	1970-01-20 18:07:52	Name: AMCV_0FD024EB6135CAAB0A495CAF%40AdobeOrg Value: -2121179033%7CMCIDTS%7C19026%7CMCMID%7C89090602837705743290285812738124796051%7CMCAAMLH-1644405199%7C6%7CMCAAMB-1644405199%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1643807600s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19033%7CvVersion%7C5.3.0
.trellix.com/	1970-01-20 18:10:45	Name: mbox Value: session#80fb8dc337014b0ebee1e582505238e9#1643802261\|PC#80fb8dc337014b0ebee1e582505238e9.37_0#1707045201
.techtarget.com/	1970-01-20 00:36:42	Name: __cf_bm Value: fO.JiR167ceg0tKeIghRdVC0ngjE0UDL1AULuzr5s8U-1643800400-0-AeAPe9iLj9bn60E33r0z/aiQX+ZJVwjYkvm00IgGz6sfiBLHw+G+zodcl0luQDWFXgot+Ff/rL4H3JRI/+L0vUc=
.twitter.com/	1970-01-20 18:07:52	Name: personalization_id Value: "v1_zkNnFpUVkvBjDtHZdDZyyw=="
.t.co/	1970-01-20 18:07:52	Name: muc_ads Value: 90fb48e4-fe9f-4022-939c-1c28c3a3fbc9
www.trellix.com/	1970-01-20 18:07:52	Name: _gd_svisitor Value: 64bb1002410100005067fa6146000000efb30700
.doubleclick.net/	1970-01-20 00:36:41	Name: test_cookie Value: CheckForPermission
www.trellix.com/	1970-01-20 00:46:45	Name: _an_uid Value: 0
www.trellix.com/	1970-01-20 18:07:52	Name: _gd_visitor Value: 71bd4bfc-c63d-4e74-85b4-4ad1c58d4750
www.trellix.com/	1970-01-20 00:36:54	Name: _gd_session Value: f317907f-96f0-4592-8956-abb8161b1120
.trellix.com/	1969-12-31 23:59:59	Name: s_ppv Value: en-us%253Aabout%253Anewsroom%253Astories%253Athreat-labs%253Areturn-of-pseudo-ransomware%2C12%2C8%2C1813
apt.techtarget.com/	1969-12-31 23:59:59	Name: TS01fac3f6 Value: 012c664659e428b117ee4a610d4246bf5bd9eca746bd261e48f1b4b3d4409bf4a3bd7df0d443b14e1237e5ed789fec98f154e69fe4
.trellix.com/	1970-01-20 09:22:16	Name: _hjSessionUser_2366695 Value: eyJpZCI6IjdkNmMwMWI3LTgzMDYtNTAzZS1iZGExLTgyMzVkZTE3Y2M5ZiIsImNyZWF0ZWQiOjE2NDM4MDA0MDA4MjMsImV4aXN0aW5nIjpmYWxzZX0=
.trellix.com/	1970-01-20 00:36:42	Name: _hjFirstSeen Value: 1
www.trellix.com/	1970-01-20 00:36:40	Name: _hjIncludedInSessionSample Value: 0
.trellix.com/	1970-01-20 00:36:42	Name: _hjSession_2366695 Value: eyJpZCI6IjA0MDkyNWFiLTAzZjItNGU4NS05ZmE1LWU2NTQ1MDQ5M2I1NiIsImNyZWF0ZWQiOjE2NDM4MDA0MDA4OTgsImluU2FtcGxlIjpmYWxzZX0=
www.trellix.com/	1970-01-20 00:36:40	Name: _hjIncludedInPageviewSample Value: 1
.trellix.com/	1970-01-20 00:36:42	Name: _hjAbsoluteSessionInProgress Value: 0
www.trellix.com/	1969-12-31 23:59:59	Name: renderid Value: rend-dnvappaempub11
www.trellix.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: node0xdrcp7g3rzu7t559laovjvh8126447.node0
.trellix.com/	1970-01-20 00:36:47	Name: bm_sv Value: 5540E764C909E35E10D798701344338E~TFgEmaL4lQK8EPcONj83o+z2QS7ZS5T9jU/Q0OdPlI02bjbCb1y7amY8MgwXk7uhvCIrX3pYTXboIETw1sJ+jju6OyNg2V5D7LXPLBMo4+Tbq/wr3QYwxpfFGTPqEUbYPeyc1pz9kBKv24MyWIWYzVznsOJTNRrP+PZdar2W0gc=
.linkedin.com/	1970-01-20 01:19:52	Name: UserMatchHistory Value: AQI41fYXh7AACgAAAX66I5Si9pJZ1ODOi65d5yfwqVpIfCqGvJlsoiyJopecp9ijlGu58A3lFZaw7A
.linkedin.com/	1970-01-20 01:19:52	Name: AnalyticsSyncHistory Value: AQJkLouOyF_kdQAAAX66I5SijpY0fOSw--02LG5bo78RBag-GNgzJ6jSpNVHoxvTQoA0v-zoqXuV56l9icok3A
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 18:08:34	Name: bcookie Value: "v=2&f9dd11f0-cbb8-415b-8b3f-db34bffd597d"
.linkedin.com/	1970-01-20 00:38:06	Name: lidc Value: "b=TGST04:s=T:r=T:a=T:p=T:g=2636:u=1:x=1:i=1643800401:t=1643886801:v=2:sig=AQEK5h_027kktlBu8xdLKnkjLQEnvC8O"
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 18:08:34	Name: bscookie Value: "v=1&20220202111321bb217722-4b06-4b26-8c82-db5fc9769aafAQG4jthUINj0azY-65YMDRpZj4gBt-s7"
.linkedin.com/	1970-01-20 17:58:19	Name: li_gc Value: MTswOzE2NDM4MDA0MDE7MjswMjGxPq5Ovxtmif4nq3x0PV/mPLlBz9WP6K76tLHm1VLcPQ==

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
apt.techtarget.com
assets.adobedtm.com
b.6sc.co
buttons-config.sharethis.com
c.6sc.co
cm.everesttech.net
dpm.demdex.net
googleads.g.doubleclick.net
in.hotjar.com
insight.adsrvr.org
j.6sc.co
js.adsrvr.org
l.sharethis.com
musarubra.demdex.net
platform-api.sharethis.com
px.ads.linkedin.com
px4.ads.linkedin.com
script.hotjar.com
secure.adnxs.com
smetrics.trellix.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
t.co
trellix.tt.omtrdc.net
trk.techtarget.com
vars.hotjar.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.trellix.com
104.111.233.140
104.244.42.195
104.244.42.197
108.157.4.7
108.174.10.14
142.250.186.66
15.188.95.229
151.101.12.157
18.198.109.212
18.203.176.110
185.33.221.11
206.19.49.24
2600:9000:206f:6e00:c:abe:f440:93a1
2606:4700::6812:15c
2620:1ec:21::14
2a00:1450:4001:813::2008
2a00:1450:4001:828::2003
2a00:1450:4001:831::2002
2a00:1450:4001:831::2004
2a02:26f0:1700:5::5f65:1b4d
2a02:26f0:6c00:2a6::1e80
2a03:5f80:a::b212:e7c0
35.71.131.137
52.17.105.123
54.155.191.195
54.216.106.103
54.75.68.230
65.9.63.33
65.9.65.116
99.86.3.13
99.86.3.36
02b61ce36000330cc4bdc136eff4a8a1f8a7b1e11f9b04eef1280d46d8721587
032c9e92ef4a36932b0fa4ae12754b78642a2c6076c87611e4a0d5c902fef89f
03e98e929775ca7f60f388e81c24b293e2b38d69987932855751ecdfcc10c593
04d439e000eb278a036c741b3a0b3ddb4b22087ff0bbb9342a6be5dc7d1ab60a
05673856d8d42857c6bb39a224b421a5a87bf30f0847c61be98d7e6896596c47
0c220125717d4ef73c46cef1bff79bd791924941ac5d795bee6099c573959f3b
0c48b97ea7de6f05cb50a9e8a18bca81056fb33a1dba1df9b0c4ebec8e215f32
0de0a35169f0d49cb351ea957b067cce354ab02db8fbd0e5f5b346f0bdd77399
0e282562879e319335ded7d3efe5a1b05222118d70da79f78e28cb810ce96ed1
0fbb53e19fc6f64f284286f2000be80e1a9b52cd49c0e32de1f35e1cfdedf021
181a2db78688375c3bca3706913338ea412261bbb0aeddb110d0ec8be4ee4fb0
2138e90ee50ebc41b8b24e6b483b80b0582c1a4672d3ad77a3b0dbc81860a79f
2239edeeb8a94c8191338bf6f802631dec9bcd70e212378fc1854b24a849b364
2707e48726a3f7ec48a1d1aec9738f20b36bac1535cfa9de2e4d92310c4e7e7a
28c0bfa29e97bf0a82df233f77390ae5f3dd316778fe8aa4efb2ea5c152b839e
2cd3eb70cbbca7bc56dcd089bc465cc330c8353af3e298969a18847c5c0852e7
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e11856b25c47c578a28e0d5206864996e9c25f6261d83f989ae17623df88bf0
2f2e3fbca639ff26c4a87bfa14ec5997a87fb8a3e64951c3c7d521f86fdf04a4
30886bcaa4bc9292431c9ae196c0b6bbcc4e4311b4839780c91a09c771c76c6e
3175d064faa954809d380fe7cbc5fe253804b84a0c8fc55e136947159289d34c
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
39e7c6d0418b67b9ec2db552b4188d9a9e3659f53f2a670d39499fdec420dcee
3ab12cbc9bba7e1926d39e7268651126a03aaa02bb7564085dd6f9bb662d78fa
41588bc87a01fd72cb51c781b09885d429b9ab5c903f26e655d6c76aafd0d37b
415c3d10c63d0bdae53cb63f2dbc391b5249df8750576bd4e55fdf74108269fc
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
444ee2a405e57ede9ef10e17bb58c0351c39e9d21203f242b55a77fd07d30784
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
52cdb1da8ce1835c29bfa65c3685242e84b8d14aae302ef0eadc597fa001f969
552499f65a28a384fc543ed870cc5f995e5fcd652ac1e9a5cc7ac5ea1c6a4c93
5c64d87bdfa4f312d2f38d764e2e36d4614b6d49a28d7249d2e4ce2f7b96e7fb
63158f73aa9f4d442cf349762c6beac9fcf35c14c3376888e728164acfde3b86
67e70ec64752d1e3ab775d5a4b52279440ae7f25563ccda451ee8c5d320a38d6
6b058550069ac37d356e8f6ff74ef4925c89bee3b34de1764c2c688fe2091c3c
6e30be95c88e3acf121f68a271f54b13af21cd26e311fe37df694874edfd48c7
71ce835f77b650f48c1855a8b792bb3aa7bea1268a94692523ce0b0f15dd8dd3
792f681fc4e37d56aa5fc9785650a1c4c87e36f90f214074e1ccb2d6d74fc1c0
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
801a9452cf1e060a276493cc6c00fd46fce6590c14b67449e9e6b242ec113ae8
80fb7d95a623a73dc7ef0a8aaaef39973bdbc7465a2457671c5144fa8f74238c
852f5f6d23001b7ea65d27374f6caef575bd93a2856916f8269faca1c45ab7be
867f4b35f1fce0321c9b038a4616c87bd379cb0837f05bad34b117d94719b175
86c30aa003a44dc0e06d13c7b696e4f3708a54a00bc0b08151a33329546916cc
87a11e7ce7545ecc39952be578848a7bf04e06a2f0310e6e824f8bca093898b2
8ce7a1a1c6966eaab7550c99b0618f0bfa2924d5b246266576c6eab4d61e7428
90427f10877943d701281b52540cc2062f7fb976164767e7da870c7296907da9
90eb26da9bbfda067e96be5eff327402490535010e9f50a38e6b2bdfff1e7a33
91241c57dc3ec029b3ecff4fd1d659cd2083c43a2be68f568c5c637378b4331b
953c39b93c46656e2d25a28dd13379498f98e991a78f682c4a42c951bc87a0f2
9976df8cc5344cf65fa01f2cacbf6a37cea60fdc9686335342d9549de69b792b
99affd7a1c868ecf15a0789fc85e87ca23ae783e7916aee316e6282d9777369c
9fd695396cc266020d30345e15c5475d9ebc122b1a3dfa4b9a1efefe41fca288
a0a42a556ea45270f595027e20e349636a54f18d3d3fd5381fc7ab90234a94bd
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a31456084097dbb972e581a6e299cd591ba8c6b022c7c7aee3c58501d03fb90d
a8141b9c077f0a11ecec285153fd4d9b2ba6bda580e1b47b20e844acd8cf3427
a95a5156d53768d7db661e92a3404922254f3f4e37cffed72d2292e42e5e81ea
ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad5f74baa26b02bccc4c6a53b0318881ba0694a14c3a02ee814debd22648dbb2
b157aae48cab2a8ed6132118ba991b3dc9d718817a8ee059ee52c64f7b3c0b77
b8f57d7e6153c9c997c8a53bea361ae6f452c07187bbd8813cf859dff4ce167a
bf9d18f486bd10b8f09c2b238e492817b376ace4c7a08a4a87736b13d4f11a3e
c16429cea91a9fe8f30bbb677529b76d8ca91b3c4a744c4d929ba3726d66836f
cadda460ccb4c3c01bb45f3d5976f63f5adf8dc3ff1d31cb4fbd3ded4f18e5bf
cbc136cefe06e55ff289e26c4cd273541c412add9a3bcf0c878cf10cd44ac5c4
d39c7ff4103007338040282460b2eb0e5adadd9fb80f986fb4c8a3d41785a6ca
d4afa12eb2b6e7c4e2619c0a8c337546fc1e63f201c3a2e2d82763eb2bbed706
d7dc8919daec70c90e30aa7ed8f7d9fba7148afbe1535da59075b2e1386c0f36
dca70f0fb432517e9f73304a8078de2881b7f6d8226faf677a9d65fef67f0f9a
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
ddadbe2fdcd8a9057f61090e5c34bcd173d4cce903ee55680f92ba9013041308
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e2b946c5d7e3c22f2509a7a162c03ad808752494ba6780e5afe85f3c0007b27a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4ce5189c6822581cb8c58af81c6842be4ea266ce0d90780909a19dcaa4204ff
e8af1279bae582db74544fd93a5c850baa1c46d7a164b4a0f149c3ad4128ce77
ea1ca10475d45f09370d0871903571131af6ccafc7ebfe9daf96950467a0adb6
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
eee67d1182a59854bd333df044bf4a08e71c7bf9543d4b6209a7c69e617d1fa8
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f85737b21abb1f06b54686bd67cafb7d6659fa81d8a94244e046154e6c159a6d
f8bef3d58d7368bbcd6b5534416a4e91a337ade8b321f4d4a2411b75f47dff5d
f94bf2416f8c8573d0c71791b001c1900bb07f14f3a2e7f42df96e639379feed
f981b0639692ee0779fa238d5d17c54090de67c5e1d52b52580ee14596a4c9d5
fe2c488c67c064e3682dd98ef947306f8ca7935a896bd9c8e517ca01ebe845bb
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

www.trellix.com Open in urlscan Pro 2a02:26f0:1700:5::5f65:1b4d Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

97 Requests

98 %HTTPS

32 %IPv6

21 Domains

34 Subdomains

30 IPs

6 Countries

7191 kBTransfer

8942 kBSize

42 Cookies

7 Outgoing links

Redirected requests

97 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.trellix.com Open in urlscan Pro
2a02:26f0:1700:5::5f65:1b4d Public Scan

Screenshot
Live screenshot

Full Image

97
Requests

98 %
HTTPS

32 %
IPv6

21
Domains

34
Subdomains

30
IPs

6
Countries

7191 kB
Transfer

8942 kB
Size

42
Cookies

97 HTTP transactions
1 data transactions