www.cybereason.com Open in urlscan Pro
45.60.64.106 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Submission: On October 07 via api (October 7th 2022, 2:14:32 am UTC) from MY — Scanned from DE

Summary HTTP 245 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 64 IPs in 5 countries across 50 domains to perform 245 HTTP transactions. The main IP is 45.60.64.106, located in United States and belongs to INCAPSULA, US. The main domain is www.cybereason.com.
TLS certificate: Issued by GeoTrust RSA CA 2018 on April 6th 2022. Valid for: a year.

This is the only time www.cybereason.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
36	45.60.64.106 45.60.64.106	19551 (INCAPSULA) (INCAPSULA)
19	2606:4700::68... 2606:4700::6811:f1cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
9	2a02:26f0:11a... 2a02:26f0:11a::6867:4851	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
10	2606:4700::68... 2606:4700::6810:9440	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:2800:233... 2606:2800:233:66b5:799a:7cd3:f74d:7071	15133 (EDGECAST) (EDGECAST)
2	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:400d:80a::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:4400::6812:2128	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:929e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:2800:234... 2606:2800:234:46c:e8b:1e2f:2bd:694	15133 (EDGECAST) (EDGECAST)
3	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:ea:... 2a02:26f0:ea::1706:70c9	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1 6	2a00:1450:400... 2a00:1450:400d:805::2002	15169 (GOOGLE) (GOOGLE)
2	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
1	199.232.16.157 199.232.16.157	54113 (FASTLY) (FASTLY)
1 3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.138.17.83 108.138.17.83	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:200... 2a04:4e42:200::396	54113 (FASTLY) (FASTLY)
1	2a02:26f0:11a... 2a02:26f0:11a::6867:4843	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6810:a852	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:d6cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:91d9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.244.142.80 35.244.142.80	15169 (GOOGLE) (GOOGLE)
4	92.123.37.164 92.123.37.164	16625 (AKAMAI-AS) (AKAMAI-AS)
62	13.227.219.48 13.227.219.48	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42::622 2a04:4e42::622	54113 (FASTLY) (FASTLY)
1	23.21.250.193 23.21.250.193	14618 (AMAZON-AES) (AMAZON-AES)
1	108.138.17.46 108.138.17.46	16509 (AMAZON-02) (AMAZON-02)
1	108.138.7.8 108.138.7.8	16509 (AMAZON-02) (AMAZON-02)
3 5	142.250.201.194 142.250.201.194	15169 (GOOGLE) (GOOGLE)
1	151.101.1.140 151.101.1.140	54113 (FASTLY) (FASTLY)
1	52.222.236.122 52.222.236.122	16509 (AMAZON-02) (AMAZON-02)
6 6	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	108.156.60.78 108.156.60.78	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:440... 2606:4700:4400::ac40:9a55	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:45b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:eacc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	206.19.49.24 206.19.49.24	17225 (ATT-CERFN...) (ATT-CERFNET-BLOCK)
2	2620:1ec:bdf::44 2620:1ec:bdf::44	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:4700:440... 2606:4700:4400::ac40:9973	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	18.66.97.20 18.66.97.20	16509 (AMAZON-02) (AMAZON-02)
1	52.30.44.244 52.30.44.244	16509 (AMAZON-02) (AMAZON-02)
1	13.32.110.17 13.32.110.17	16509 (AMAZON-02) (AMAZON-02)
2	2001:4860:480... 2001:4860:4802:36::36	15169 (GOOGLE) (GOOGLE)
3 4	3.214.87.107 3.214.87.107	14618 (AMAZON-AES) (AMAZON-AES)
1	34.200.202.85 34.200.202.85	14618 (AMAZON-AES) (AMAZON-AES)
1	2.18.168.242 2.18.168.242	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
2 5	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
2	20.62.48.180 20.62.48.180	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	35.156.209.154 35.156.209.154	16509 (AMAZON-02) (AMAZON-02)
2 2	185.89.210.244 185.89.210.244	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	20.234.93.27 20.234.93.27	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	3.94.218.138 3.94.218.138	14618 (AMAZON-AES) (AMAZON-AES)
2	50.16.7.188 50.16.7.188	14618 (AMAZON-AES) (AMAZON-AES)
245	64

36 45.60.64.106 (United States)

ASN19551 (INCAPSULA, US)

www.cybereason.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2606:4700::6811:f1cc (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a02:26f0:11a::6867:4851 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700::6810:9440 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400d:80a::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2128 (United States)

ASN13335 (CLOUDFLARENET, US)

3354902.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:929e (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:234:46c:e8b:1e2f:2bd:694 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:ea::1706:70c9 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:400d:805::2002 (Ireland) 1 redirects

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.16.157 (Vienna, Austria)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.17.83 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-17-83.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:11a::6867:4843 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a852 (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d6cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:91d9 (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.142.80 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 80.142.244.35.bc.googleusercontent.com

cdn.pdst.fm	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 92.123.37.164 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-37-164.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

62 13.227.219.48 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-219-48.ams54.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::622 (United States)

ASN54113 (FASTLY, US)

fast.wistia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.21.250.193 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-21-250-193.compute-1.amazonaws.com

lltrck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.17.46 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-17-46.fra56.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.7.8 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-8.fra56.r.cloudfront.net

px.airpr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.201.194 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: bud02s35-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.236.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-122.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:1ec:21::14 (United States) 6 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.156.60.78 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-156-60-78.ams1.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9a55 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:45b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:eacc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 206.19.49.24 (United States)

ASN17225 (ATT-CERFNET-BLOCK, US)

apt.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::44 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9973 (United States)

ASN13335 (CLOUDFLARENET, US)

tags.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.20 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-20.fra56.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.30.44.244 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-44-244.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.110.17 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-110-17.vie50.r.cloudfront.net

vc.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:36::36 (United States)

ASN15169 (GOOGLE, US)

us-central1-adaptive-growth.cloudfunctions.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.214.87.107 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-214-87-107.compute-1.amazonaws.com

aorta.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.200.202.85 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-202-85.compute-1.amazonaws.com

hemsync.clickagy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.168.242 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-168-242.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.62.48.180 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

e.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.156.209.154 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-209-154.eu-central-1.compute.amazonaws.com

dpx.airpr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.210.244 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.234.93.27 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.94.218.138 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-94-218-138.compute-1.amazonaws.com

metrics.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 50.16.7.188 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-7-188.compute-1.amazonaws.com

bootstrap.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
62	driftt.com js.driftt.com — Cisco Umbrella Rank: 12144	875 KB
36	cybereason.com www.cybereason.com	3 MB
19	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 15986	54 KB
10	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 668	152 KB
10	typekit.net use.typekit.net — Cisco Umbrella Rank: 1023 p.typekit.net — Cisco Umbrella Rank: 1263	143 KB
9	linkedin.com 6 redirects platform.linkedin.com — Cisco Umbrella Rank: 6445 px.ads.linkedin.com — Cisco Umbrella Rank: 850 www.linkedin.com — Cisco Umbrella Rank: 840 px4.ads.linkedin.com — Cisco Umbrella Rank: 6680	166 KB
7	doubleclick.net 2 redirects cm.g.doubleclick.net — Cisco Umbrella Rank: 304 googleads.g.doubleclick.net — Cisco Umbrella Rank: 68 10272547.fls.doubleclick.net Failed 10428681.fls.doubleclick.net Failed stats.g.doubleclick.net — Cisco Umbrella Rank: 171	4 KB
6	drift.com metrics.api.drift.com — Cisco Umbrella Rank: 13455 bootstrap.api.drift.com — Cisco Umbrella Rank: 14358	456 B
6	google.com 2 redirects www.google.com — Cisco Umbrella Rank: 19 region1.analytics.google.com — Cisco Umbrella Rank: 3900	991 B
6	clickagy.com 3 redirects tags.clickagy.com — Cisco Umbrella Rank: 14469 aorta.clickagy.com — Cisco Umbrella Rank: 2758 hemsync.clickagy.com — Cisco Umbrella Rank: 13096	16 KB
6	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 804 e.clarity.ms — Cisco Umbrella Rank: 10679 c.clarity.ms — Cisco Umbrella Rank: 1219	26 KB
6	googlesyndication.com 2 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 131 ade.googlesyndication.com — Cisco Umbrella Rank: 328	2 KB
6	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2144 www.google-analytics.com — Cisco Umbrella Rank: 94	20 KB
5	google.de www.google.de — Cisco Umbrella Rank: 3460	890 B
5	gstatic.com fonts.gstatic.com	128 KB
5	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 485 fonts.googleapis.com — Cisco Umbrella Rank: 118	36 KB
4	mathtag.com pixel.mathtag.com — Cisco Umbrella Rank: 1507	4 KB
4	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 874 script.hotjar.com — Cisco Umbrella Rank: 1166 vars.hotjar.com — Cisco Umbrella Rank: 1268 in.hotjar.com — Cisco Umbrella Rank: 2355	70 KB
3	airpr.com 1 redirects px.airpr.com — Cisco Umbrella Rank: 27472 dpx.airpr.com — Cisco Umbrella Rank: 19864	3 KB
3	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 665 c.bing.com — Cisco Umbrella Rank: 426	13 KB
3	hubspot.com app.hubspot.com — Cisco Umbrella Rank: 9256 track.hubspot.com — Cisco Umbrella Rank: 4437 forms.hubspot.com — Cisco Umbrella Rank: 5643	2 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 129	244 KB
2	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 707	2 KB
2	cloudfunctions.net us-central1-adaptive-growth.cloudfunctions.net — Cisco Umbrella Rank: 3904
2	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 900	107 B
2	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 36316 apt.techtarget.com — Cisco Umbrella Rank: 47899	2 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 154	17 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 203	87 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 358	11 KB
1	bluekai.com stags.bluekai.com — Cisco Umbrella Rank: 798	227 B
1	hotjar.io vc.hotjar.io — Cisco Umbrella Rank: 3058	258 B
1	company-target.com api.company-target.com — Cisco Umbrella Rank: 8247	957 B
1	t.co t.co — Cisco Umbrella Rank: 550 Failed	377 B
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 7526	88 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 4230	20 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 4220	16 KB
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 2044	157 B
1	demandbase.com tag.demandbase.com — Cisco Umbrella Rank: 11282	19 KB
1	lltrck.com lltrck.com — Cisco Umbrella Rank: 86516
1	wistia.com fast.wistia.com — Cisco Umbrella Rank: 8462	114 KB
1	pdst.fm cdn.pdst.fm — Cisco Umbrella Rank: 3846	6 KB
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 4567	902 B
1	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 11496	2 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1571	3 KB
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1954	8 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 967	15 KB
1	twitter.com platform.twitter.com — Cisco Umbrella Rank: 991 analytics.twitter.com Failed	29 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 913	393 B
1	hubspotusercontent-na1.net 3354902.fs1.hubspotusercontent-na1.net	95 KB
0	bidr.io Failed match.prod.bidr.io Failed
245	50

	Domain	Requested by
62	js.driftt.com	www.cybereason.com js.driftt.com
36	www.cybereason.com	www.cybereason.com cdn2.hubspot.net
19	cdn2.hubspot.net	www.cybereason.com
10	cdn.cookielaw.org	www.cybereason.com cdn.cookielaw.org
9	use.typekit.net	www.cybereason.com
5	www.google.de	www.cybereason.com
5	www.google.com	2 redirects www.cybereason.com
5	fonts.gstatic.com	fonts.googleapis.com
4	metrics.api.drift.com	js.driftt.com
4	googleads.g.doubleclick.net	1 redirects www.cybereason.com www.googleadservices.com
4	aorta.clickagy.com	3 redirects tags.clickagy.com
4	px.ads.linkedin.com	4 redirects
4	ade.googlesyndication.com	2 redirects www.cybereason.com
4	pixel.mathtag.com	www.googletagmanager.com pixel.mathtag.com www.cybereason.com
4	fonts.googleapis.com	www.cybereason.com cdn2.hubspot.net
3	www.google-analytics.com	www.cybereason.com www.google-analytics.com
3	region1.google-analytics.com	www.googletagmanager.com
3	www.googletagmanager.com	www.cybereason.com www.googletagmanager.com
2	bootstrap.api.drift.com	js.driftt.com
2	c.clarity.ms	1 redirects
2	secure.adnxs.com	2 redirects
2	dpx.airpr.com	1 redirects
2	e.clarity.ms	www.clarity.ms
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	us-central1-adaptive-growth.cloudfunctions.net	cdn.pdst.fm
2	id.rlcdn.com	www.cybereason.com
2	www.clarity.ms	bat.bing.com www.clarity.ms
2	px4.ads.linkedin.com	www.cybereason.com
2	www.linkedin.com	2 redirects
2	bat.bing.com	www.googletagmanager.com bat.bing.com
2	www.googleadservices.com	www.googletagmanager.com www.googleadservices.com
2	pagead2.googlesyndication.com	www.googletagmanager.com www.googleadservices.com
2	connect.facebook.net	www.cybereason.com connect.facebook.net
2	cdnjs.cloudflare.com	www.cybereason.com cdn2.hubspot.net
1	forms.hubspot.com	js.hsleadflows.net
1	c.bing.com	1 redirects
1	track.hubspot.com
1	region1.analytics.google.com	www.googletagmanager.com
1	stags.bluekai.com	www.cybereason.com
1	cm.g.doubleclick.net	1 redirects
1	hemsync.clickagy.com	tags.clickagy.com
1	vc.hotjar.io	script.hotjar.com
1	in.hotjar.com	script.hotjar.com
1	api.company-target.com	tag.demandbase.com
1	t.co	www.cybereason.com
1	tags.clickagy.com	ws.zoominfo.com
1	apt.techtarget.com	www.cybereason.com
1	js.hsleadflows.net	www.cybereason.com
1	js.hs-analytics.net	www.cybereason.com
1	js.hs-banner.com	www.cybereason.com
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	alb.reddit.com	www.cybereason.com
1	px.airpr.com	www.cybereason.com
1	tag.demandbase.com	www.cybereason.com
1	lltrck.com	www.cybereason.com
1	fast.wistia.com	www.googletagmanager.com
1	cdn.pdst.fm	www.cybereason.com
1	trk.techtarget.com	www.cybereason.com
1	js.hs-scripts.com	www.googletagmanager.com
1	ws.zoominfo.com	www.cybereason.com
1	snap.licdn.com	www.googletagmanager.com
1	www.redditstatic.com	www.googletagmanager.com
1	static.hotjar.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	p.typekit.net	www.cybereason.com
1	app.hubspot.com	www.cybereason.com
1	platform.twitter.com	www.cybereason.com platform.twitter.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	3354902.fs1.hubspotusercontent-na1.net	www.cybereason.com
1	platform.linkedin.com	www.cybereason.com
1	ajax.googleapis.com	www.cybereason.com
0	10428681.fls.doubleclick.net Failed	www.googletagmanager.com
0	10272547.fls.doubleclick.net Failed	www.googletagmanager.com
0	match.prod.bidr.io Failed	www.cybereason.com
0	analytics.twitter.com Failed	www.cybereason.com
245	76

This site contains links to these domains. Also see Links.

Domain
attack.mitre.org
keepass.info
www.virustotal.com
github.com
twitter.com
www.facebook.com
www.linkedin.com
www.youtube.com
www.instagram.com
cookiepedia.co.uk
www.onetrust.com

Subject Issuer	Validity	Valid
*.cybereason.com GeoTrust RSA CA 2018	`2022-04-06` - `2023-05-07`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2022-05-06` - `2023-05-06`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
use.typekit.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-14` - `2023-10-15`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2022-05-01` - `2023-05-01`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2022-08-11` - `2023-08-11`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2022-02-24` - `2023-02-23`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-01-12` - `2023-01-12`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-07-16` - `2022-10-14`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-20` - `2022-10-19`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2022-03-08` - `2023-03-07`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2022-09-03` - `2023-03-03`	6 months	crt.sh
*.hotjar.com Amazon	`2021-11-25` - `2022-12-23`	a year	crt.sh
www.redditstatic.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-03` - `2022-12-30`	6 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2022-05-04` - `2023-05-04`	a year	crt.sh
cdn.pdst.fm GTS CA 1D4	`2022-10-05` - `2023-01-03`	3 months	crt.sh
pixel.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-05` - `2023-07-05`	a year	crt.sh
drift.com Amazon	`2022-08-24` - `2023-09-21`	a year	crt.sh
fast.wistia.com GlobalSign Atlas R3 DV TLS CA 2022 Q3	`2022-09-28` - `2023-10-30`	a year	crt.sh
lltrck.com Go Daddy Secure Certificate Authority - G2	`2022-07-25` - `2023-08-26`	a year	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2022-08-17` - `2023-09-18`	a year	crt.sh
*.airpr.com Amazon	`2021-12-10` - `2023-01-07`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-03` - `2022-12-30`	6 months	crt.sh
*.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-13` - `2022-11-12`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-02-27` - `2023-02-27`	a year	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2022-09-16` - `2023-10-18`	a year	crt.sh
*.hotjar.io Amazon	`2022-07-18` - `2023-08-16`	a year	crt.sh
misc.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.clickagy.com Amazon	`2021-12-15` - `2023-01-12`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 02	`2022-06-07` - `2023-06-02`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh

This page contains 8 frames:

Primary Page: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Frame ID: DAB36E72F0B71FAB10CA8589C14F8029
Requests: 172 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.7dae38096d06923d683a2a807172322a.html?origin=https%3A%2F%2Fwww.cybereason.com
Frame ID: 2B431935060A78AAE565CB07D3E48BB7
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-69edcc3187336f9b0a3fbb4c73be9fe6.html
Frame ID: 9B0D58AE15FF30C2AC5C0FD08CCC0743
Requests: 1 HTTP requests in this frame

Frame: https://pixel.mathtag.com/sync/iframe?mt_uuid=790a633f-8b82-4a00-8130-fd34a75ada7b&no_iframe=1&mt_adid=241675&source=mathtag
Frame ID: 99DA739B2A65BDF983D6670869BAA73B
Requests: 2 HTTP requests in this frame

Frame: https://10272547.fls.doubleclick.net/activityi;src=10272547;type=landing;cat=allsite;ord=5414039073414;gtm=2wga50;gcs=G111;gcu=1;auiddc=441055802.1665108867;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update
Frame ID: 9AF93E6074BBFCD5F8FD1A5F78B222F1
Requests: 1 HTTP requests in this frame

Frame: https://10428681.fls.doubleclick.net/activityi;src=10428681;type=cyber0;cat=cyber0;ord=9037368693503;gtm=2wga50;gcs=G111;gcu=1;auiddc=441055802.1665108867;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update
Frame ID: 34232448BAF2E67462147078A08702F5
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
Frame ID: 6C6B59943C3D2048DEEAB0F012AC380E
Requests: 32 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
Frame ID: B2BB331F4289A2FD376CC4C8B4A7C774
Requests: 32 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

THREAT ALERT: HavanaCrypt Ransomware Masquerading as Google UpdateBack ButtonSearch IconFilter Icon

Detected technologies

Bulma (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+?href="[^"]+bulma(?:\.min)?\.css

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Imperva (Security) Expand

Overall confidence: 100%
Detected patterns

/_Incapsula_Resource

Ionicons (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+ionicons(?:\.min)?\.css

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

245
Requests

93 %
HTTPS

54 %
IPv6

50
Domains

76
Subdomains

64
IPs

5
Countries

5146 kB
Transfer

10746 kB
Size

53
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://attack.mitre.org/techniques/T1486/
Title: encrypt files for impact

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/tactics/TA0010/
Title: data exfiltration

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/tactics/TA0004/
Title: privilege escalation

Search URL Search Domain Scan URL

URL: https://keepass.info/
Title: KeePass for file encryption

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1027/
Title: code obfuscation

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1497/
Title: virtual machine reconnaissance

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1562/001/
Title: process killing

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/aa75211344aa7f86d7d0fad87868e36b33db1c46958b5aa8f26abefbad30ba17
Title: 220c8e5c43ae9c9fecbb1b1af9e5abbd

Search URL Search Domain Scan URL

URL: https://github.com/obfuscar/obfuscar
Title: Obfuscar

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?original_referer=https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update&utm_medium=social&utm_source=twitter&url=https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update&utm_medium=social&utm_source=twitter&source=tweetbutton&text=

Search URL Search Domain Scan URL

URL: http://www.facebook.com/share.php?u=https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update&utm_medium=social&utm_source=facebook

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update&utm_medium=social&utm_source=linkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Cybereason/

Search URL Search Domain Scan URL

URL: https://twitter.com/cybereason

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCOm7AaB0HiNH4Phe66sK0Ew

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cybereason

Search URL Search Domain Scan URL

URL: https://www.instagram.com/cybereason

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 114

https://ade.googlesyndication.com/ddm/activity/src=10272547;type=landing;cat=allsite;ord=9516010579012;gtm=2wga50;gcs=G100;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update HTTP 302
https://ade.googlesyndication.com/ddm/activity/src=10272547;dc_pre=CMjXg_SFzfoCFYnSmgodWB4Daw;type=landing;cat=allsite;ord=9516010579012;gtm=2wga50;gcs=G100;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update

Request Chain 115

https://ade.googlesyndication.com/ddm/activity/src=10428681;type=cyber0;cat=cyber0;ord=2904094809293;gtm=2wga50;gcs=G100;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update HTTP 302
https://ade.googlesyndication.com/ddm/activity/src=10428681;dc_pre=CIvbg_SFzfoCFQnjmgodKbUAiw;type=cyber0;cat=cyber0;ord=2904094809293;gtm=2wga50;gcs=G100;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update

Request Chain 120

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1665108866292&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tm=gtmv2 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3885972%252C72596%252C4030924%26time%3D1665108866292%26url%3Dhttps%253A%252F%252Fwww.cybereason.com%252Fblog%252Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update%26tm%3Dgtmv2%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1665108866292&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tm=gtmv2&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1665108866292&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tm=gtmv2&liSync=true&e_ipv6=AQLoVOPRst1aVwAAAYOwOPe4seQv3IM7peynyyS7kuisCHSpbl4Lk4u7uoXJ2aamQdPJ09VK

Request Chain 121

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1665108866293&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tm=gtmv2 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3885972%252C72596%252C4030924%26time%3D1665108866293%26url%3Dhttps%253A%252F%252Fwww.cybereason.com%252Fblog%252Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update%26tm%3Dgtmv2%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1665108866293&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tm=gtmv2&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1665108866293&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tm=gtmv2&liSync=true&e_ipv6=AQKFupRaVUIt5QAAAYOwOPe53wN5OxBFCc3NZXT1UiCgF5qF7HwApRuTQ3I1KuKUnL78yCPT

Request Chain 144

https://aorta.clickagy.com/pixel.gif?clkgypv=jstag HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=clickagy&google_sc&google_cm&google_hm=Yzo3MDQ0ZmU3NzczOWE1YzUxMWVmODcwNTJjZjcwMmM0Ng HTTP 302
https://aorta.clickagy.com/pixel.gif?ch=8&cm=CAESEOQ9taMmG6TzCeZUOSKvMxk&google_cver=1 HTTP 302
https://stags.bluekai.com/site/51557?id=c:7044fe77739a5c511ef87052cf702c46&redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D122%26cm%3D$_BK_UUID&BKUUID=$_BK_UUID&limit=1

Request Chain 145

https://aorta.clickagy.com/liveramp_redir HTTP 302
https://id.rlcdn.com/711861.gif

Request Chain 151

https://www.google.com/pagead/landing?gcs=G111&gcu=1&gcd=G100&rnd=962622632.1665108866&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&gtm=2wga50TJVVB7C&auid=441055802.1665108867 HTTP 302
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcu=1&gcd=G100&rnd=962622632.1665108866&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&gtm=2wga50TJVVB7C&auid=441055802.1665108867

Request Chain 163

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/401574070/?random=1168578397&cv=9&fst=1665108867064&num=1&value=0&label=6wPaCOv09oACELaRvr8B&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wga50&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tiba=THREAT%20ALERT%3A%20HavanaCrypt%20Ransomware%20Masquerading%20as%20Google%20Update&auid=441055802.1665108867&gcs=G111&gcd=G100&gcu=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=g4s_Y_27CNiH9fgPkPiuqAE&sscte=1&crd=CJqqsQI&eitems=ChEI8Pn5mQYQqq24rZr9oIrHARIdAGVc4pi405w1jcsR2uYLH5ouzlEUDC30UZYRaG4&pscrd=Ek5DaEVJOFBuNW1RWVFzX0dEZ3EtRm44dlJBUklsQUt6SEZLa0NEZ19rWEk0c2tTTVlBTFVTN2JGcTlPekluQy1WX3NyYUtET01JNmNpOUEaWENoRUk4UG41bVFZUW5MN0NzTzJseHI3T0FSSXRBTlZUQmxwczVGc3JGdlBZakZhVWxjNFdicTFCZlkxWFItWFg0VTJ0OW1ZUzJhajJmV1RkcHNTbG9DeVg HTTP 302
https://www.google.com/pagead/1p-conversion/401574070/?random=1168578397&cv=9&fst=1665108867064&num=1&value=0&label=6wPaCOv09oACELaRvr8B&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wga50&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tiba=THREAT%20ALERT%3A%20HavanaCrypt%20Ransomware%20Masquerading%20as%20Google%20Update&auid=441055802.1665108867&gcs=G111&gcd=G100&gcu=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CJqqsQI&pscrd=Ek5DaEVJOFBuNW1RWVFzX0dEZ3EtRm44dlJBUklsQUt6SEZLa0NEZ19rWEk0c2tTTVlBTFVTN2JGcTlPekluQy1WX3NyYUtET01JNmNpOUEaWENoRUk4UG41bVFZUW5MN0NzTzJseHI3T0FSSXRBTlZUQmxwczVGc3JGdlBZakZhVWxjNFdicTFCZlkxWFItWFg0VTJ0OW1ZUzJhajJmV1RkcHNTbG9DeVg&is_vtc=1&ocp_id=g4s_Y_27CNiH9fgPkPiuqAE&cid=CAQSKQCsnQUxMGboxkoWFq92PazwaZ8WA6vdhmbD3xuHg5QTicQSbcs3pdhjIBM&eitems=ChEI8Pn5mQYQqq24rZr9oIrHARIdAGVc4pjvKxOc96AImevjriIytZT9RsbkdKGl_nw&random=3926097331&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/401574070/?random=1168578397&cv=9&fst=1665108867064&num=1&value=0&label=6wPaCOv09oACELaRvr8B&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wga50&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tiba=THREAT%20ALERT%3A%20HavanaCrypt%20Ransomware%20Masquerading%20as%20Google%20Update&auid=441055802.1665108867&gcs=G111&gcd=G100&gcu=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CJqqsQI&pscrd=Ek5DaEVJOFBuNW1RWVFzX0dEZ3EtRm44dlJBUklsQUt6SEZLa0NEZ19rWEk0c2tTTVlBTFVTN2JGcTlPekluQy1WX3NyYUtET01JNmNpOUEaWENoRUk4UG41bVFZUW5MN0NzTzJseHI3T0FSSXRBTlZUQmxwczVGc3JGdlBZakZhVWxjNFdicTFCZlkxWFItWFg0VTJ0OW1ZUzJhajJmV1RkcHNTbG9DeVg&is_vtc=1&ocp_id=g4s_Y_27CNiH9fgPkPiuqAE&cid=CAQSKQCsnQUxMGboxkoWFq92PazwaZ8WA6vdhmbD3xuHg5QTicQSbcs3pdhjIBM&eitems=ChEI8Pn5mQYQqq24rZr9oIrHARIdAGVc4pjvKxOc96AImevjriIytZT9RsbkdKGl_nw&random=3926097331&resp=GooglemKTybQhCsO&ipr=y&prhg=0

Request Chain 173

https://dpx.airpr.com/px?hostname=www.cybereason.com&profile=660386&ga_account_id=UA-56367941-1&ga_account_type=UA&ga_c=1593496973.1665108866&an=true HTTP 302
https://secure.adnxs.com/getuid?https://dpx.airpr.com/anpx?adnxs_uid=$UID&airpr_id=5045847875 HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdpx.airpr.com%2Fanpx%3Fadnxs_uid%3D%24UID%26airpr_id%3D5045847875 HTTP 302
https://dpx.airpr.com/anpx?adnxs_uid=1531626826869209980&airpr_id=5045847875

Request Chain 175

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=04BB232828B846BE8042BBD1A0E2B4A4&RedC=c.clarity.ms&MXFR=32B041FEB31D658F207C53C8B71D6B92 HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=04BB232828B846BE8042BBD1A0E2B4A4&MUID=1DC4595F6E9B6BF9088E4B696F496A78

245 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request threat-alert-havanacrypt-ransomware-masquerading-as-google-update Show response
www.cybereason.com/blog/ 75 KB
20 KB 782ms
766ms Document
text/html 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.64.106 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare / HubSpot

Resource Hash

f474db06cd263abe2d03b1aefe3c226629a480481d3f556f636e5ef16fdf1d2a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	deny

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: s-maxage=10800, max-age=0
cf-ray: 75631f849e4890e3-FRA
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Fri, 07 Oct 2022 02:14:25 GMT
edge-cache-tag: CT-64092072775,CT-65264194600,CT-77150928692,CT-82674355331,CG-3354902,CG-5272851739,P-3354902,L-42870461961,CW-34473990280,CW-41681847227,CW-41682410610,CW-42867014566,CW-43300360745,CW-44252461159,CW-86933076631,E-34470223313,E-34470224480,E-34470477360,E-35275979682,E-35291999472,E-42363645447,E-42507089303,E-42507091846,E-42760289143,PGS-ALL,SW-0,B-5272851739,GC-36042052587
etag: W/"2fa35851bdf370f5a2ff43a9dae17837"
last-modified: Fri, 07 Oct 2022 00:24:03 GMT
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/HubspotToolsMenu/static-1.138/js/index.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ku6rolgxToF5Wd962IzYcxnoiuVCye7ecut7ndiqCJAsGIse860yYhZsp8%2BupTkbP%2BpFgHPNQkDc2oFm4NqcsWD0UjsaxvnIi31hVNBwwU5j5ucqRBRTTWJzfKs7wB9dFzN2GQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-cdn: Imperva
x-frame-options: deny
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: EXPIRED
x-hs-combine-css: Disabled
x-hs-content-campaign-id: 9d0f7a4c-be0b-46ea-b708-005916cbdaae
x-hs-content-id: 82674355331
x-hs-hub-id: 3354902
x-hs-prerendered: Fri, 07 Oct 2022 00:24:03 GMT
x-iinfo: 2-31817444-31817446 NNNN CT(1 4 0) RT(1665108864103 9) q(0 0 0 0) r(7 7) U12
x-powered-by: HubSpot

GET
H2 200 project.js Show response
www.cybereason.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
776 B 11ms
1ms Script
application/javascript 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:24 GMT
content-encoding: gzip
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
x-cdn: Imperva
etag: W/"61ca66de658cab9587e4636894680d5d"
content-type: application/javascript
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 782) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=18626971, public
content-length: 556
expires: Wed, 10 May 2023 16:23:55 GMT

GET
H2 200 index.js Show response
www.cybereason.com/hs/hsstatic/HubspotToolsMenu/static-1.138/js/ 10 KB
4 KB 18ms
7ms Script
application/javascript 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs/hsstatic/HubspotToolsMenu/static-1.138/js/index.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 9a50df52651133ee2b309daf0c3b921e9f5109067d5e11f2b8dd055f9ca3e66f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:24 GMT
content-encoding: gzip
last-modified: Wed, 27 Jul 2022 14:35:54 GMT
x-cdn: Imperva
etag: W/"0d86ec7be24f2dff2308b8edf54c2f32"
content-type: application/javascript
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 791) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=25448653, public
content-length: 3502
expires: Fri, 28 Jul 2023 15:18:37 GMT

GET
H2 200 module_41681847227_CR_-_Malicious_Life_Network_--_Tier_One_Header.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41681847227/1644941386203/ 3 KB
1 KB 98ms
56ms Stylesheet
text/css 2606:4700::6811:f1cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41681847227/1644941386203/module_41681847227_CR_-_Malicious_Life_Network_--_Tier_One_Header.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9cec59b071d9d61e74c42ac4db8d2815aaace7e51983afe2481c14b97f332258

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 99797
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Tue, 15 Feb 2022 16:09:47 GMT
server: cloudflare
etag: W/"38a0b2ad68cbd188720dcc11cc435ad6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1644941386203
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sYQHqs4D4aMmLxarPwPIVuN8RtPVTbMl88Zf1uHtonbzEEBAuxkSuFzTuKi8TChMgtnzQwhiZKvrs4pml1D6J42GE7mDdhu4XOuQooJhq7YHZHtKSdpFNasiFGXp4xEj%2FJb3olWcquhGDI8oJ3E%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 75631f899c989262-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_41682410610_CR_-_Malicious_Life_Network_--_Main_Hero.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41682410610/1644941443237/ 6 KB
2 KB 97ms
55ms Stylesheet
text/css 2606:4700::6811:f1cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41682410610/1644941443237/module_41682410610_CR_-_Malicious_Life_Network_--_Main_Hero.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b6c9f9a48bd0a163671773a199c876dc64d66947d47ac509c95e29177046c9a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 99797
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Tue, 15 Feb 2022 16:10:44 GMT
server: cloudflare
etag: W/"af924b62631098b8dc817f28551a6908"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1644941443237
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MVhDdK7PfgN4X1Tm0auTpYGUzYSeHtjKG7w7Hfy%2Be9AakdBDq%2BwXAKlSZZHShv1BExT%2F5QLVnpxRe5JEq2f3e5pY7tP4FtgXwFy4FizCLb9%2FWLsPX6t1psphGzDQre8pBeltkafZ2HV%2FdyhStsQ%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 75631f899c999262-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_43300360745_CR_-_Malicious_Life_Network_--_Related_Posts.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/43300360745/1649424828375/ 1 KB
1 KB 97ms
56ms Stylesheet
text/css 2606:4700::6811:f1cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/43300360745/1649424828375/module_43300360745_CR_-_Malicious_Life_Network_--_Related_Posts.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f533e083f3d896349ecf4b75a3b17a2e5155b309318af9dc44965ce50c66a1dd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 320911
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Fri, 08 Apr 2022 13:33:49 GMT
server: cloudflare
etag: W/"65a7b4b8acda13ea823f6b3cd6887d8d"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1649424828375
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T6Ohs96ixrx2XsLUf7AttL0N%2Bietvum%2FLS%2FrAV5%2BXCRjmpYJrsVXSXGs6QvO%2FLuBafymcnrO9LsYNLAQvObuHLOt%2F2N9VN8CuJpm6jn82peTsLz4i0WUtqFLxCIzlBxpHhUtqljK1aJPay2fMH8%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 75631f899c9a9262-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_86933076631_CR_-_Sticky_CTA_Bar.css
cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/1665082348696/ 2 KB
2 KB 74ms
33ms Stylesheet
text/css 2606:4700::6811:f1cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/1665082348696/module_86933076631_CR_-_Sticky_CTA_Bar.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f76be64297164a902f6270c19689abbd772a121a822eedd4648d0606a4f1174

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1382
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Thu, 06 Oct 2022 18:52:29 GMT
server: cloudflare
etag: W/"9ced4341b7ea7329807cdbcd21153749"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1665082348696
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=16EB7P8Cez95q6zKujjA7WtvIzay8hUQ2%2BIUpCnPUrk%2FvtldWsSEz0KuhzXSWTQRNZqjQR5hF5ccyXl9j27VvXVwKVEyMFkVH%2BUQnE5qPQldDyu8ttXnN100ymZiAgOBxjwpu%2FpLfmBD78bGads%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 75631f899c9b9262-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_34473990280_CR_-_Footer_Full__en_US.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/34473990280/1645325324081/ 3 KB
1 KB 94ms
54ms Stylesheet
text/css 2606:4700::6811:f1cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/34473990280/1645325324081/module_34473990280_CR_-_Footer_Full__en_US.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 97163b731eeaba18956ab2503090d85d58ef9cf7ec7d95dab7d872f188257963

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1003831
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Sun, 20 Feb 2022 02:48:45 GMT
server: cloudflare
etag: W/"5e970d579e1eb0f2b04f3bb72f88b645"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1645325324081
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eCSxfDWKgXv3%2BGThBdk3OaVbXtfMffanpZXB588lEpuUcClzxRAp9%2BGqpmMdpAiyINLZd6sLimhDMRLunb2pQQmd4hp8tRtpG2QhDoHKRkGV%2B6p%2F9CoxkWNCpTUbhsheDv4oc%2B%2B2%2FzInldXN8Dw%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 75631f899c9c9262-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 211 KB
74 KB 155ms
56ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-PZ3FE06790

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

629c7fcd42b37fc72bd2c461f358c895273859bbf34fe445066cdca11bfa465e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 75499
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 07 Oct 2022 02:14:25 GMT

GET
H2 200 vyv2ljd.js Show response
use.typekit.net/ 19 KB
7 KB 122ms
36ms Script
text/javascript 2a02:26f0:11a::6867:4851
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/vyv2ljd.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:11a::6867:4851 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

efaf50dd0be48360746de27c8624174b9689a29834970fe93656ec22cc9b770c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Fri, 07 Oct 2022 02:14:25 GMT
server: nginx
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 6894

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
31 KB 140ms
38ms Script
text/javascript 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 20:12:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21694
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Oct 2023 20:12:51 GMT

GET
H2 200 ionicons.eot
www.cybereason.com/hubfs/__dam/fonts/ 118 KB
68 KB 17ms
8ms Font
application/vnd.ms-fontobject 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hubfs/__dam/fonts/ionicons.eot
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: a4803d7bdeb478a5b9238fe74d8aaa98dafe2e8e68fccbd0e3f4dced823f27f0

Request headers

Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:24 GMT
content-encoding: gzip
last-modified: Fri, 25 Sep 2020 09:38:01 GMT
x-cdn: Imperva
etag: W/"2c2ae068be3b089e0a5b59abb1831550"
content-type: application/vnd.ms-fontobject
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 794) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=253166, public
content-length: 68926
expires: Mon, 10 Oct 2022 00:33:50 GMT

GET
H2 200 Criteria-CF-Regular.woff2
www.cybereason.com/hubfs/dam/fonts/criteria/ 14 KB
14 KB 24ms
16ms Font
application/font-woff2 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hubfs/dam/fonts/criteria/Criteria-CF-Regular.woff2
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: fcba0ef5c17fd435aaa6cfac66375e7bfae52f5116b7a6e126c8b0f38b841613

Request headers

Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:24 GMT
last-modified: Thu, 13 Jan 2022 17:33:57 GMT
x-cdn: Imperva
etag: "8c4e317165d35f99602a1c625d63a040"
content-type: application/font-woff2
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 796) q(0 -1 -1 -1) r(1 -1)
cache-control: max-age=253166, public
content-length: 14572
expires: Mon, 10 Oct 2022 00:33:50 GMT

GET
H2 200 Criteria-CF-Medium.woff2
www.cybereason.com/hubfs/dam/fonts/criteria/ 14 KB
15 KB 25ms
17ms Font
application/font-woff2 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hubfs/dam/fonts/criteria/Criteria-CF-Medium.woff2
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: f24560f5b81158a42b8d38ffe5795d9959eb2308ee6780ea912a6594bb999d1e

Request headers

Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:24 GMT
last-modified: Thu, 13 Jan 2022 17:33:57 GMT
x-cdn: Imperva
etag: "32457643e2ecf8bcf7fdba1110db901c"
content-type: application/font-woff2
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 798) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=253165, public
content-length: 14772
expires: Mon, 10 Oct 2022 00:33:49 GMT

GET
H2 200 Peristyle-Black.woff2
www.cybereason.com/hubfs/dam/fonts/peristyle/ 14 KB
14 KB 29ms
21ms Font
application/font-woff2 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hubfs/dam/fonts/peristyle/Peristyle-Black.woff2
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 9d943fe5fde08d5b742d383b625031f75e3e89035369f2cde2778f4c6cf5c119

Request headers

Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:24 GMT
last-modified: Fri, 15 Oct 2021 16:32:36 GMT
x-cdn: Imperva
etag: "a17b2e1c032fa4a5eea1eeb1416eb385"
content-type: application/font-woff2
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 800) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=253165, public
content-length: 14136
expires: Mon, 10 Oct 2022 00:33:49 GMT

GET
H2 200 OtAutoBlock.js Show response
cdn.cookielaw.org/consent/26b02624-42c7-456d-82c2-9669db762671/ 57 KB
9 KB 49ms
14ms Script
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/26b02624-42c7-456d-82c2-9669db762671/OtAutoBlock.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f30ab4d4ac012a26a0539a4579a3d9f190fb8c5b699aa8aca6df0a0ccc6f0bea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: fNcAhcX07xfWzPU6qADeSw==
age: 8852
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 8687
x-ms-lease-status: unlocked
last-modified: Wed, 03 Aug 2022 14:59:26 GMT
server: cloudflare
etag: 0x8DA7560C2533650
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 70f2ef45-901e-0131-3149-a7c564000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 75631f899ea9917d-FRA
expires: Fri, 07 Oct 2022 06:14:25 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
8 KB 47ms
13ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bbc4456bca95006683a8f081d0d2ed645eef5b14c62eca12c70f7e1cec26c1a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: zvDmpz9S9y5z1XhncmOZ/w==
age: 3011
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 7151
x-ms-lease-status: unlocked
last-modified: Thu, 06 Oct 2022 21:18:13 GMT
server: cloudflare
etag: 0x8DAA7E0473C6A75
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: ce063e19-401e-00f0-7edd-d90888000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 75631f899eaa917d-FRA

GET
H2 200 in.js Show response
platform.linkedin.com/ 509 KB
160 KB 48ms
9ms Script
text/javascript 2606:2800:233:66b5:799a:7cd3:f74d:7071
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.linkedin.com/in.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CE6) /
Resource Hash: 95b12c6ee478557a50799d6b2084a65b22c4add84bbfa48136c1f00c0aaf74c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: gzip
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 2955
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 163350
x-li-uuid: AAXqZ65UOepqhexdliwzGg==
last-modified: Fri, 07 Oct 2022 01:25:10 GMT
server: ECAcc (frc/4CE6)
x-li-pop: prod-ltx1-x
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
x-li-fabric: prod-ltx1
cache-control: public, max-age=3600
x-li-proto: http/1.1
accept-ranges: bytes
expires: Fri, 7 Oct 2022 02:25:10 GMT

GET
H2 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1665069856748/hubspot/hubspot_default/shared/responsive/ 4 KB
1 KB 94ms
57ms Stylesheet
text/css 2606:4700::6811:f1cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1665069856748/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 38981
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Thu, 06 Oct 2022 15:24:18 GMT
server: cloudflare
etag: W/"94daf62e7e6df83595c6251fb0c7c055"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1665069857777
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jmeRHBJkj1mTE0jtHFKxfxFtoIzk33XDiHI04HClpU8MmQ3302gjGoUUv6iap1Pq8m0MSmqLVahFHng1IlsIJIEzJI6pBAWFdBR8UqFheeqLm0%2BVvF6JrIOaX1u9OnLSnqYOpjd%2Bu24fqjjPY6g%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 75631f899c9e9262-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 cr-master__cta.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470223313/1655232518190/__CR_Web_Platform/CSS/ 3 KB
1 KB 91ms
55ms Stylesheet
text/css 2606:4700::6811:f1cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470223313/1655232518190/__CR_Web_Platform/CSS/cr-master__cta.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c31a94a2a97f5b5fe19d6d4081c9c66400d9483fc65d62d4ef8ca83b5c2fb57a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 238216
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Tue, 14 Jun 2022 18:48:39 GMT
server: cloudflare
etag: W/"29d616ce2740000b02cc9cacae33a2db"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1655232518974
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l%2FEFX3TsCgzxcQMkgSILkgbuGnS1aLZ%2BvnlVcx9rVV%2FeuYcvvGuA10VAGVQbylSVZX%2FIkQRayD4QBpn5Q4Z2PM%2FlFlU8Cg2wCbSSJNJEsTnJ%2BHnpMmwy2gjWGyOz5q%2FV%2BiaagUahWrt7X%2FXx024%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 75631f899c9d9262-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 cr-master__main.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1664468898614/__CR_Web_Platform/CSS/ 49 KB
10 KB 95ms
59ms Stylesheet
text/css 2606:4700::6811:f1cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1664468898614/__CR_Web_Platform/CSS/cr-master__main.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba1c3f03384ea9d37020836541cb09196600c1de0855b590ee7278d99909d079

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 639537
x-amz-cf-pop: IAD55-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Thu, 29 Sep 2022 16:28:21 GMT
server: cloudflare
etag: W/"febf04d47cccdf9f50d258f846e3018b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1664468900291
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bWnGE7cMwLnAoRSFxuxFsAKBhpoRcDXJcgQiiGO0i2sKOL0OYXJZV9o5x5vyFgCbPyepGPIH2dnyee68Bzrl2A1PYAhFjl6F8ihZ1U3riFma1m53424fIfBnzrQhWmU7Hba8c3929hUmDTl89tM%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 75631f89acaa9262-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 ionicons.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/35275979682/1642096258129/__CR_Web_Platform/CSS/ 50 KB
8 KB 94ms
58ms Stylesheet
text/css 2606:4700::6811:f1cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/35275979682/1642096258129/__CR_Web_Platform/CSS/ionicons.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 72fe18777ebf37b44d58c82be9b67edceefb88c2c6984c614c72991d6e3b8853

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 222459
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
last-modified: Thu, 13 Jan 2022 17:50:59 GMT
server: cloudflare
etag: W/"71c8c946791f3411c42a4cb1e9cdb5ed"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1642096258332
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o0gb7pnvEr954wfN%2FL7mMOPzJGS2VV543wYMdVB3J%2BK604V1xxB%2BuVx87L5wMUTAb5TmUX0QcOOOMT%2Fzy9IwXdvV8HEbb3DbcR5OjI4on6oQEVURkn84JAqwLlSfO63bZCmcHnkVwY12dzXHLsE%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 75631f89aca99262-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12

GET
H2 200 cr-mln__build.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42760289143/1663004429410/__CR_Web_Platform/CSS/ 22 KB
4 KB 93ms
57ms Stylesheet
text/css 2606:4700::6811:f1cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42760289143/1663004429410/__CR_Web_Platform/CSS/cr-mln__build.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e18234d885ed9a551c15b4a6db8a66f519058a512c928a61e22c9d479203feb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1381
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Mon, 12 Sep 2022 17:40:31 GMT
server: cloudflare
etag: W/"9e4d00bd62ca17db2fb876fa39ba3022"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1663004430214
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tEQYYrqTedqHAoaFKiM%2BtpL9MfOzKaRHTnfCdzvioSqLcmFqZPF11VmMVASJxnIAAAEQKWGmadVUpm%2B%2Fvko9VP1srN2yC9uz4ihZf5vcVCkpoxMRNbw6%2F9u5k%2Ff0nAe%2BrHJ2kdClmeHSvfvl5vM%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 75631f89aca89262-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 cr-framework__bulma-columns.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470224480/1635957556830/__CR_Web_Platform/CSS/bulma/ 19 KB
3 KB 90ms
54ms Stylesheet
text/css 2606:4700::6811:f1cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470224480/1635957556830/__CR_Web_Platform/CSS/bulma/cr-framework__bulma-columns.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 81c836c05ab1f2d37b7aa60d509a656c7a441e2a4fabf035c1b0666a4daa50fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 217076
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
last-modified: Wed, 03 Nov 2021 16:39:17 GMT
server: cloudflare
etag: W/"636c18615b58fca9536b2e1c578c6db7"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1635957556893
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CsmmgZoU%2BRgFCUcNBJwEeCns%2B95xT7G9FsPsx7D0FmwHwWbe%2F06imnTAUFfzcoCQPeTvMA9kyan3S4F2nZR6nsnmSda1ooGubH8pfxdSnXNq9kuCDjMXBVJpMLUKo%2Fk2hAjW817anR%2BWm7uUxT0%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 75631f899c9f9262-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12

GET
H2 200 cr-framework__bulma.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/35291999472/1654531651565/__CR_Web_Platform/CSS/bulma/ 63 KB
9 KB 95ms
60ms Stylesheet
text/css 2606:4700::6811:f1cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/35291999472/1654531651565/__CR_Web_Platform/CSS/bulma/cr-framework__bulma.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 18c545256f2217ee841db63336dddc318198118b706001a05985fc1f9efc6551

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1202060
x-amz-cf-pop: IAD55-P3
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Mon, 06 Jun 2022 16:07:33 GMT
server: cloudflare
etag: W/"84c377016cc8d5f4c82d61754c144d63"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1654531652721
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QGhceK8HFriTEUc0aGe6gB%2FyXkj7wVCmV1sMzEzZztNdh3tBtGbAlE72m2iM94tg%2F2zSbnSjjfXpxSzJvbFqCojcv8%2BnO0oOxBTgXuG6kxbLwOye1DL1FHFRG2uETQxyqD9uMPOG%2Fz8GQ1v4fdo%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 75631f89acae9262-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 hamburger-animation.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42363645447/1635957556555/__CR_Web_Platform/CSS/ 22 KB
3 KB 94ms
59ms Stylesheet
text/css 2606:4700::6811:f1cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42363645447/1635957556555/__CR_Web_Platform/CSS/hamburger-animation.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c9130ee8c979a74ab038cf5e8a06db5cb94253eab35ea5242f515d605f4781ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 325306
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Wed, 03 Nov 2021 16:39:17 GMT
server: cloudflare
etag: W/"a0b451fd96744fa455495e022542ab86"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1635957556622
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XUWOBR9KpBSiLjFVplNFAA%2F8jU23QcW%2BnZG4avKuk073wIckMbmJ0hwcchcmmehfDOAT6KJ%2FjmhNovgZ9xIidE2PET55TCpNpqgtwKcznKPrXRUZAPEM0o6De8d0C5M7ZG5HFKTPZLjJtEVnrKo%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 75631f89acad9262-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 animate.min.css
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42507091846/1635957557027/__CR_Web_Platform/CSS/ 52 KB
4 KB 95ms
60ms Stylesheet
text/css 2606:4700::6811:f1cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42507091846/1635957557027/__CR_Web_Platform/CSS/animate.min.css
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b48f9a7031474a0f73f92f2e6cbbfad730b5466cda96d86a4459c06efc986173

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 154141
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
last-modified: Wed, 03 Nov 2021 16:39:18 GMT
server: cloudflare
etag: W/"55009d64191e6f9e712a841773ee6611"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1635957557027
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J%2FEwxyIp1dZhfWS%2BJAHUQtNfiQPg8vI6Hn6RByna9EEmnQOhl5rNVZaBtAJLJ8Qk5dOSR%2Fiv3onm9OnzdqGzdCo2bG1cWu9G%2FZ3u7DaEr0V%2F6aM0M95y4QJSen44Tvz1SUhnlR3L4v1Cxuz0mFE%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 75631f89acab9262-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
6 KB 55ms
20ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 108047
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5631
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7918"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n4nYgl%2BcVEvENB5W77P4zRduAkzYdAcBoa7u24LKiesKRudw9lwy8SJNSGGbcHsgqq%2BIwz%2FCj7uO0Y7FsHbQGBbBVkNZDgYYrSzuq5lp7I3FAnmZwnst4X0jgvPLFMhyKv5ddyefI%2F0YETI38HZK1eJ%2F"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 75631f89af0191de-FRA
expires: Wed, 27 Sep 2023 02:14:25 GMT

GET
H2 200 css2
fonts.googleapis.com/ 20 KB
1 KB 191ms
71ms Stylesheet
text/css 2a00:1450:400d:80a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b2dc460864a60ac3ce89c4c6fab1c62ef9171ac1365cc47aa8aca95ecb06f0cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 00:46:16 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 07 Oct 2022 02:14:25 GMT

GET
H2 200 marker-animation.js Show response
www.cybereason.com/hubfs/dam/plugins/ 6 KB
2 KB 25ms
22ms Script
application/javascript 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hubfs/dam/plugins/marker-animation.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 99985c50b5c9c935c272df6687cc04da7fa72a790343424fce7c361a4b26c8f9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:24 GMT
content-encoding: gzip
last-modified: Tue, 27 Oct 2020 17:09:14 GMT
x-cdn: Imperva
etag: W/"c789451d244987df6815383a74c748e9"
content-type: application/javascript
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 802) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=480495, public
content-length: 2303
expires: Wed, 12 Oct 2022 15:42:39 GMT

GET
H2 200 cr-logo-inline--primary-black.png
www.cybereason.com/hubfs/dam/images/images-web/logos/cr-brand/ 5 KB
5 KB 26ms
11ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/logos/cr-brand/cr-logo-inline--primary-black.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: fd6c0f5026c29648ab8887658f23e6c57faedfe7f9d85e702823ae5dfcbdc8f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
last-modified: Fri, 03 Dec 2021 18:08:59 GMT
x-cdn: Imperva
etag: "0200a44af913040fda048d2ccd029463"
content-type: image/png
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 1090) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1420671, public
content-length: 5084
expires: Sun, 23 Oct 2022 12:52:16 GMT

GET
H2 200 cr-malicious-life-logo-v2.png
www.cybereason.com/hubfs/dam/images/images-web/logos/cr-brand/ 35 KB
35 KB 27ms
12ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/logos/cr-brand/cr-malicious-life-logo-v2.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 1ef8b59b832109ecbec2f9ed52e8073e2ab73862fa5e6697e1fe05d1c8358a02

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
last-modified: Wed, 15 Dec 2021 18:41:35 GMT
x-cdn: Imperva
etag: "4f8f695cfdda0e2a9e41271fd3ef4840"
content-type: image/png
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 1094) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=395259, public
content-length: 35653
expires: Tue, 11 Oct 2022 16:02:04 GMT

GET
H2 200 cr-blog-icon--search-dark-gray.png
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/ 440 B
597 B 29ms
15ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/cr-blog-icon--search-dark-gray.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: e90344957225c9e0caa52e2591fd6066740e0650bc100c422435762160fb2e33

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
last-modified: Wed, 03 Mar 2021 03:19:57 GMT
x-cdn: Imperva
etag: "5285e68f20ece59da650da19c81751e2"
content-type: image/png
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 1096) q(0 -1 -1 -1) r(1 -1)
cache-control: max-age=395259, public
content-length: 440
expires: Tue, 11 Oct 2022 16:02:04 GMT

GET
H2 200 blog-post-text%20%28125%29.png
www.cybereason.com/hubfs/ 440 KB
440 KB 30ms
16ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/blog-post-text%20%28125%29.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 8ab3db762e6e4cea7193505f037182af1e0509b4ef8cc793b120d1d8ada54694

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
last-modified: Mon, 22 Aug 2022 19:05:36 GMT
x-cdn: Imperva
etag: "0deaec622e496b9258eeb7db19377d62"
content-type: image/png
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 1098) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1529580, public
content-length: 450201
expires: Mon, 24 Oct 2022 19:07:25 GMT

GET
H2 200 twitter-gray.svg
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/ 749 B
645 B 40ms
26ms Image
image/svg+xml 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/twitter-gray.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: f9db6465a204cc4186368b72a0ba4f063e64569aa4fc96e0f40c7ac69423121b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: gzip
last-modified: Thu, 01 Apr 2021 02:23:43 GMT
x-cdn: Imperva
etag: W/"5c103d0cd978b3a8d7ccab6bff714599"
content-type: image/svg+xml
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 1100) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=305173, public
content-length: 433
expires: Mon, 10 Oct 2022 15:00:38 GMT

GET
H2 200 facebook-gray.svg
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/ 372 B
453 B 41ms
28ms Image
image/svg+xml 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/facebook-gray.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: d82231820461c83d1b0966caae71bd2732bd89e9a910fdb90d193c3dca16dbc7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: gzip
last-modified: Thu, 01 Apr 2021 02:23:43 GMT
x-cdn: Imperva
etag: W/"8c22d0d78005c386bf29edacfdd2360d"
content-type: image/svg+xml
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 1101) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=305172, public
content-length: 299
expires: Mon, 10 Oct 2022 15:00:37 GMT

GET
H2 200 linkedin-gray.svg
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/ 742 B
790 B 41ms
29ms Image
image/svg+xml 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/linkedin-gray.svg
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 12127e3110351f54262db955bafe353593dd58c89c7f6b6fc159c10515e93c61

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: gzip
last-modified: Wed, 07 Apr 2021 01:13:30 GMT
x-cdn: Imperva
etag: W/"446340b1a8e73ee28b1a47837a13fdf3"
content-type: image/svg+xml
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 1102) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=305172, public
content-length: 630
expires: Mon, 10 Oct 2022 15:00:37 GMT

GET
H2 200 Capture-4.png
www.cybereason.com/hubfs/ 24 KB
25 KB 46ms
34ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/Capture-4.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: f6992602860083443a6e36d8a4189d2ab5275d43eb4f8a8728589b9bfd992da7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
last-modified: Thu, 09 Sep 2021 17:50:40 GMT
x-cdn: Imperva
etag: "5b545f45436a98fee1835196019248fa"
content-type: image/png
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 1103) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=399449, public
content-length: 24923
expires: Tue, 11 Oct 2022 17:11:54 GMT

GET
H2 200 Vs.png
www.cybereason.com/hubfs/ 110 KB
110 KB 50ms
38ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/Vs.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 0e38365e416ab6d7967b10fd966b661477d270f50041f0a2552263aa3fb71d3b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
last-modified: Tue, 08 Feb 2022 14:34:15 GMT
x-cdn: Imperva
etag: "f58780f0e659c4d6d4898f791b372e4a"
content-type: image/png
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 1105) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=400550, public
content-length: 112645
expires: Tue, 11 Oct 2022 17:30:15 GMT

GET
H2 200 vs-ransomware.png
3354902.fs1.hubspotusercontent-na1.net/hubfs/3354902/ 94 KB
95 KB 140ms
77ms Image
image/png 2606:4700:4400::6812:2128
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://3354902.fs1.hubspotusercontent-na1.net/hubfs/3354902/vs-ransomware.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2128 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e8ed65e44181591a95a96268b3264ff9bf1be930ed106ccf0c603f5d08045f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-77150778901,P-3354902,FLS-ALL
age: 56406
x-amz-request-id: RMGVZSCKX9TXF8V4
x-amz-server-side-encryption: AES256
edge-cache-tag: F-77150778901,P-3354902,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: "75ff7b8255b40929ef633651adaf6504"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1655917626823
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
date: Fri, 07 Oct 2022 02:14:25 GMT
via: 1.1 57d93b321db68494cc6755a0d3fb29cc.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: jh2J2yrGBjlHpgBCy0pbi0OGw.mXw0ab
x-amz-cf-pop: FRA2-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-77150778901,P-3354902,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 96072
x-amz-id-2: Ia+D5VvcyCKVAOyEVUGNDL0z+ykcL/Tv5Iov7SiM09959nTHJ0/zp/sqkqOSaP60toDabcUHIX4=
last-modified: Wed, 22 Jun 2022 17:07:07 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 75631f8b9f2590e2-FRA
x-amz-cf-id: 0XeppOSwwTrZfzCEFjT-PfSUrRB1EnGhwnEtWvjOypmlyj38JT1Wiw==

GET
H2 200 lior-blog-post-May-23-2022-12-08-48-13-PM.png
www.cybereason.com/hubfs/ 247 KB
248 KB 56ms
45ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/lior-blog-post-May-23-2022-12-08-48-13-PM.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 89f2c0c3f337120cffabbad513474acd34ce323fce4613619a9677a09730784b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
last-modified: Mon, 23 May 2022 12:08:49 GMT
x-cdn: Imperva
etag: "d8a386be5b89dc2806781a994ab04371"
content-type: image/png
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 1106) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=480152, public
content-length: 253183
expires: Wed, 12 Oct 2022 15:36:57 GMT

GET
H2 200 powerless.png
www.cybereason.com/hubfs/ 746 KB
746 KB 61ms
51ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/powerless.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 9ac091308b4e55259cb79f11c76cd1787372e462b36275f33621c8bf01c5c0ce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
last-modified: Tue, 18 Jan 2022 16:11:10 GMT
x-cdn: Imperva
etag: "43a1c464bf51781cba74a4339b6b6896"
content-type: image/png
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 1107) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=396799, public
content-length: 763758
expires: Tue, 11 Oct 2022 16:27:44 GMT

GET
H2 200 cr-logo-inline--primary-white.png
www.cybereason.com/hubfs/dam/images/images-web/logos/cr-brand/ 5 KB
5 KB 65ms
54ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/logos/cr-brand/cr-logo-inline--primary-white.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 8f657cd3617d00d51bbc4dee693b71bde939c80310034a8d82641804d4eb7e16

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
last-modified: Fri, 03 Dec 2021 18:09:12 GMT
x-cdn: Imperva
etag: "9fa007f86be3dd9a921a2d00bf86f36e"
content-type: image/png
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 1108) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=400050, public
content-length: 4953
expires: Tue, 11 Oct 2022 17:21:55 GMT

GET
H2 200 animatedModal.min.js Show response
cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42507089303/1644440411417/__CR_Web_Platform/JS/animatedModal/ 2 KB
1 KB 35ms
35ms Script
application/javascript 2606:4700::6811:f1cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42507089303/1644440411417/__CR_Web_Platform/JS/animatedModal/animatedModal.min.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f94c946a13b9ebe43281550b7d0c00edf4694ad06bcb4c8679bee6d48df5115

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 99797
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Wed, 09 Feb 2022 21:00:12 GMT
server: cloudflare
etag: W/"690ad93d1d2a9fc11f9df295692413fe"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1644440411792
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PYBTrO9B9u7xwMbMdKQMYjrf7YoD3NB29XwsVt5LrRi2i4jsEz%2B588TEaOCxurj0Q%2BlmFOl9Na0DemofM4Qi2IpwIqzyslRIN8X360SJXWVlmKJ82C%2Fr27C9Oo3sPXB9zU2JDiYPLNGHe5Ih6Yk%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 75631f8a8d379262-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_41681847227_CR_-_Malicious_Life_Network_--_Tier_One_Header.min.js Show response
cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41681847227/1644941386128/ 374 B
618 B 40ms
40ms Script
application/javascript 2606:4700::6811:f1cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41681847227/1644941386128/module_41681847227_CR_-_Malicious_Life_Network_--_Tier_One_Header.min.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 119bf322a2ce6d2a82422b51404bc54b375c881f12a120205598d1691fa48820

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 325305
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Tue, 15 Feb 2022 16:09:47 GMT
server: cloudflare
etag: W/"1d7f81aaf24568ea5d90a82b829960fd"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1644941386128
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DrjuBpL1hWg3BJgsU0b0Y2M44B71JsWbp3%2FIJR9ZmwL5mQtqjwEIZl4IdZasrGfUnQsXheAHCfJau5VpyoKffoDkcTOs5UREv4vTM7tx5dR7i9%2FCIiNvVKocDlFV1980NGWC%2Bdl9XyAFgJjgXdo%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 75631f8b2daf9262-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_41682410610_CR_-_Malicious_Life_Network_--_Main_Hero.min.js Show response
cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41682410610/1644941443113/ 305 B
863 B 38ms
38ms Script
application/javascript 2606:4700::6811:f1cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41682410610/1644941443113/module_41682410610_CR_-_Malicious_Life_Network_--_Main_Hero.min.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 66ba9d76c09ad6dd52135d52c368f6d87ac40b5b4ce418e41a105fb221c7e470

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 99797
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Tue, 15 Feb 2022 16:10:44 GMT
server: cloudflare
etag: W/"86f1ecf1077302d6bd359676a0142438"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1644941443113
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wnmK0AvP98l%2BWqPR%2B7pXD5MiYtCnLMJmCVff5ub5XOOOZ9VRCQyr9BOGSHetLrVT7L1nAnMe4ykuXVTpk%2Ba2NGY9tBRSYjm2pWnmtn21EESsEoiowzvABcwG5Lc1Kj4%2Ff3pWkCVbaTRFtL%2BxLIo%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 75631f8b2db09262-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_43300360745_CR_-_Malicious_Life_Network_--_Related_Posts.min.js Show response
cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/43300360745/1649424828285/ 401 B
576 B 44ms
29ms Script
application/javascript 2606:4700::6811:f1cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/43300360745/1649424828285/module_43300360745_CR_-_Malicious_Life_Network_--_Related_Posts.min.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe9ce59aa6f3f2c6d0be658bec3e8515959f544fed27adc4506480cb9ead5157

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 320911
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Fri, 08 Apr 2022 13:33:49 GMT
server: cloudflare
etag: W/"c559951fe9a2b257ae98f9aeb1c4d6a2"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1649424828285
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z229E%2FDkefa9BFEIcCoft88D7jUmYes%2FyYL%2BVw7KSv3SNs%2BTEN0053GyZG%2Fv%2FVLcdSLNJWh7eM%2BfIqGUnbl238YKl4CgJ09fDRK%2FqiJTGNz3PaTfRs9DYnVUV%2Bxhe3Kp9V6mKA0kL8H8uk64%2BBo%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 75631f8b4dbf9262-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_86933076631_CR_-_Sticky_CTA_Bar.min.js Show response
cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/86933076631/1665082348643/ 474 B
615 B 47ms
32ms Script
application/javascript 2606:4700::6811:f1cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/86933076631/1665082348643/module_86933076631_CR_-_Sticky_CTA_Bar.min.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8eb94fbd85389103ca6cb525b3780ad5258d7b2fa16c4b82907d66cbb2d1802d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1380
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Thu, 06 Oct 2022 18:52:29 GMT
server: cloudflare
etag: W/"4a6006bbe53a24df29650f40be9b8820"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1665082348643
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qad8sj7fjnys%2FOpp8DX53dWx0m5E1NUcQa36x4ZsBqU5la7Lb0vAPbWjDHcu0H6vh1h4MHZOFZQt8mxKVIX2HCK0xQLrVGGxVmX1DJLgcs8mTtUv8XRyLIBn53UKn3xZsoc%2BnkXWPZ8rwtR1bko%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 75631f8b4dc39262-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 3354902.js Show response
www.cybereason.com/hs/scriptloader/ 1 KB
738 B 567ms
558ms Script
application/javascript 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hs/scriptloader/3354902.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 7b08fe6b589846cf07eb214b7c4876d1b08c35d4b261688e5008ce53906f5b6d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: gzip
last-modified: Fri, 07 Oct 2022 02:12:16 GMT
x-cdn: Imperva
etag: "7b2d36b6"
content-type: application/javascript;charset=utf-8
x-iinfo: 2-31817444-31817258 3CNN RT(1665108864103 1110) q(0 0 0 -1) r(0 5)
cache-control: max-age=11, public
content-length: 521
expires: Fri, 07 Oct 2022 02:14:36 GMT

GET
H2 200 _Incapsula_Resource Show response
www.cybereason.com/ 147 KB
21 KB 64ms
55ms Script
application/javascript 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=171025114
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 4747f4362e426749d97a60b8899535e21c34c739fdcc488346aa407212c3c22f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

cache-control: no-cache, no-store
content-encoding: gzip
x-robots-tag: noindex
content-length: 21339
content-type: application/javascript

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 431 KB
95 KB 214ms
123ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a96928b9895558d14dc4700a612fc16ca30af4a89c585310881c2c56a2e20b6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 97106
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 07 Oct 2022 02:14:25 GMT

GET
H2 200 26b02624-42c7-456d-82c2-9669db762671.json Show response
cdn.cookielaw.org/consent/26b02624-42c7-456d-82c2-9669db762671/ 4 KB
2 KB 28ms
14ms XHR
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/26b02624-42c7-456d-82c2-9669db762671/26b02624-42c7-456d-82c2-9669db762671.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f9ad9b8cca38762ae76330bff550db0bd62272b4c139d9cdcbc949935bafdd0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: W84I+EZWSa/8Tp/+qGOWnQ==
age: 8862
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1648
x-ms-lease-status: unlocked
last-modified: Wed, 03 Aug 2022 14:59:26 GMT
server: cloudflare
etag: 0x8DA7560C2409B40
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 978994f0-301e-0137-3749-a7321c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 75631f8ab9545c20-FRA
expires: Fri, 07 Oct 2022 06:14:25 GMT

GET
H2 200 animate.min.css
cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/ 70 KB
4 KB 22ms
21ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1664468898614/__CR_Web_Platform/CSS/cr-master__main.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1664468898614/__CR_Web_Platform/CSS/cr-master__main.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2453048
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4216
last-modified: Mon, 07 Sep 2020 12:33:38 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f5628a2-11846"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ryQE3zYDAiFjr%2BDLwjq0Lf8DT94lYixgryLCws8yUVTV9bfexWSfxa6Aio%2BFAU8%2BJE%2Bo9qkFw%2BW8u2yBO6Xp%2FIaN%2BS9xcche9LmhB9l%2FrYfZCpymrfaPw0nPed2d5tBKpjVqLq769PbSejILron5O5vL"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 75631f8aa80191de-FRA
expires: Wed, 27 Sep 2023 02:14:25 GMT

GET
H2 200 css2
fonts.googleapis.com/ 19 KB
972 B 73ms
72ms Stylesheet
text/css 2a00:1450:400d:80a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Barlow:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1664468898614/__CR_Web_Platform/CSS/cr-master__main.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dbd7f1d813cc432777765f0866d0e138226bee883d39f872182999519463c680

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1664468898614/__CR_Web_Platform/CSS/cr-master__main.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 02:14:25 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 07 Oct 2022 02:14:25 GMT

GET
H2 200 css2
fonts.googleapis.com/ 21 KB
967 B 75ms
75ms Stylesheet
text/css 2a00:1450:400d:80a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Barlow+Condensed:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1664468898614/__CR_Web_Platform/CSS/cr-master__main.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

327bff03815a03aa28f368d2736190b3a501918044016aade71ab4163d2c3350

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1664468898614/__CR_Web_Platform/CSS/cr-master__main.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 02:14:25 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 07 Oct 2022 02:14:25 GMT

GET
H2 200 css2
fonts.googleapis.com/ 46 KB
2 KB 77ms
76ms Stylesheet
text/css 2a00:1450:400d:80a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Barlow:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1664468898614/__CR_Web_Platform/CSS/cr-master__main.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d7a4717db77f430a3955be59eacc45e11cdb058fd14f6de5a9a95bc213d31146

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1664468898614/__CR_Web_Platform/CSS/cr-master__main.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 07 Oct 2022 02:14:25 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 07 Oct 2022 02:14:25 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 182 B
393 B 89ms
33ms XHR
application/json 2606:4700:4400::ac40:929e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:929e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd9308db31181fde13aca740757dcb439baf71d731011a87da483a28faae444f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 75631f8b2fee6967-FRA
access-control-allow-headers: Content-Type

GET
H2 200 cr-blog-hero-owl-transparent.png
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/ 464 KB
465 KB 47ms
47ms Image
image/webp 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/cr-blog-hero-owl-transparent.png
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/module_assets/41682410610/1644941443237/module_41682410610_CR_-_Malicious_Life_Network_--_Main_Hero.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 51443fc1aa325f301b39d89ffeae8f8a7833ed59491b89419902b32ef30b3b39

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn2.hubspot.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
last-modified: Fri, 19 Feb 2021 04:27:31 GMT
x-cdn: Imperva
etag: "cd208635457bf65f33aa7c8849efcf21"
content-type: image/webp
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 1119) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=409018, public
content-length: 475630
expires: Tue, 11 Oct 2022 19:51:23 GMT

GET
H2 200 ionicons.ttf
www.cybereason.com/hubfs/__dam/fonts/ 184 KB
107 KB 47ms
43ms Font
font/ttf 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hubfs/__dam/fonts/ionicons.ttf
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/35275979682/1642096258129/__CR_Web_Platform/CSS/ionicons.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 2ba7f20b1d8990e17a47fe3d88e4c766628aaa2baf1dd30fca0a0db59836f5f9

Request headers

Referer: https://cdn2.hubspot.net/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: gzip
last-modified: Fri, 25 Sep 2020 09:38:00 GMT
x-cdn: Imperva
etag: W/"24712f6c47821394fba7942fbb52c3b2"
content-type: font/ttf
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 1121) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=253165, public
content-length: 109836
expires: Mon, 10 Oct 2022 00:33:50 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.38.0/ 369 KB
88 KB 19ms
18ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.38.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42b2b9d16fbf8d3c6be72420699360790966e58fe30d8794fd90a71c8aef122d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: jz950M8ZW7RakPP2zlLHZQ==
age: 2415
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 89624
x-ms-lease-status: unlocked
last-modified: Thu, 21 Jul 2022 06:31:17 GMT
server: cloudflare
etag: 0x8DA6AE29E465D1D
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 7e08b95c-701e-0174-68d7-9c18f5000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 75631f8b7854917d-FRA

GET
H2 200 cr-ml-sidebar-subscribe-bg.jpg
www.cybereason.com/hubfs/dam/images/images-web/backgrounds/ 34 KB
34 KB 28ms
28ms Image
image/jpeg 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/backgrounds/cr-ml-sidebar-subscribe-bg.jpg
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42760289143/1663004429410/__CR_Web_Platform/CSS/cr-mln__build.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 9967a27efc89a8cefe9665100ec51cded3a8c89f95cdca1285bfce207666cd11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn2.hubspot.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
last-modified: Thu, 31 Mar 2022 18:30:54 GMT
x-cdn: Imperva
etag: "c2444af5dedceb18b268a01a640beb72"
content-type: image/jpeg
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 1130) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=395260, public
content-length: 34358
expires: Tue, 11 Oct 2022 16:02:05 GMT

GET
H2 200 cr-mln-network__footer-subscribe-bg.png
www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/ 38 KB
38 KB 31ms
25ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hubfs/dam/images/images-web/blog-images/template-images/cr-mln-network__footer-subscribe-bg.png
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/42760289143/1663004429410/__CR_Web_Platform/CSS/cr-mln__build.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 38b5fa249791d286db654d516dfb6173cc332a8d725c41b58d08c642b26bc641

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn2.hubspot.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
last-modified: Wed, 10 Mar 2021 19:10:18 GMT
x-cdn: Imperva
etag: "c28026bc6a6d55f395e2227b7b19c8c9"
content-type: image/png
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 1134) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=395261, public
content-length: 38595
expires: Tue, 11 Oct 2022 16:02:06 GMT

GET
H2 200 Criteria-CF-Bold.woff2
www.cybereason.com/hubfs/dam/fonts/criteria/ 14 KB
14 KB 30ms
23ms Font
application/font-woff2 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hubfs/dam/fonts/criteria/Criteria-CF-Bold.woff2
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1664468898614/__CR_Web_Platform/CSS/cr-master__main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 17a31aae550a664382ab9d8085efc03a10a4548985f33ac4e5a533d5ab5e9339

Request headers

Referer: https://cdn2.hubspot.net/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
last-modified: Thu, 13 Jan 2022 17:33:57 GMT
x-cdn: Imperva
etag: "ba487b98622054117d0be2f92f3f45b2"
content-type: application/font-woff2
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 1140) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=253524, public
content-length: 14332
expires: Mon, 10 Oct 2022 00:39:49 GMT

GET
H2 200 FlamCondBook.woff2
www.cybereason.com/hubfs/dam/fonts/flama/ 14 KB
14 KB 33ms
26ms Font
application/font-woff2 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hubfs/dam/fonts/flama/FlamCondBook.woff2
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1664468898614/__CR_Web_Platform/CSS/cr-master__main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 2ca281bdcd543e2e3559e6505c323c8d64df73f2a594a043780df3007e16d161

Request headers

Referer: https://cdn2.hubspot.net/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
last-modified: Fri, 10 Dec 2021 14:25:11 GMT
x-cdn: Imperva
etag: "9b97cc4b573f2e8b6ead12339a15b141"
content-type: application/font-woff2
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 1141) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=253181, public
content-length: 14544
expires: Mon, 10 Oct 2022 00:34:06 GMT

GET
H2 200 HTxwL3I-JCGChYJ8VI-L6OO_au7B4-Lwz3bWuQ.woff2
fonts.gstatic.com/s/barlowcondensed/v12/ 20 KB
20 KB 209ms
124ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlowcondensed/v12/HTxwL3I-JCGChYJ8VI-L6OO_au7B4-Lwz3bWuQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow+Condensed:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d2c4912162eaa41299aaf5063ecb92a26d76071fe6d1f77742b32c833daab99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 22:18:01 GMT
x-content-type-options: nosniff
age: 186984
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20432
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:38:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Oct 2023 22:18:01 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ 44 KB
44 KB 122ms
36ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Mon, 03 Oct 2022 18:50:34 GMT
x-content-type-options: nosniff
age: 285831
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 Oct 2023 18:50:34 GMT

GET
H2 200 HTxwL3I-JCGChYJ8VI-L6OO_au7B4873z3bWuQ.woff2
fonts.gstatic.com/s/barlowcondensed/v12/ 21 KB
21 KB 198ms
113ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlowcondensed/v12/HTxwL3I-JCGChYJ8VI-L6OO_au7B4873z3bWuQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b281bf2f4179c06ba68f0a427f2341287c41eacc2ce9d534c6f5c513ac633fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Mon, 03 Oct 2022 16:10:31 GMT
x-content-type-options: nosniff
age: 295434
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21352
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:30:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 Oct 2023 16:10:31 GMT

GET
H2 200 7cHqv4kjgoGqM7E30-8s51os.woff2
fonts.gstatic.com/s/barlow/v12/ 21 KB
21 KB 186ms
102ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E30-8s51os.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b14e8397d552f351a4396dec25ec5da1348865683100e94c4ab0faea4a9a254

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 22:12:40 GMT
x-content-type-options: nosniff
age: 187305
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21796
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:35:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Oct 2023 22:12:40 GMT

GET
H2 200 7cHqv4kjgoGqM7E3t-4s51os.woff2
fonts.gstatic.com/s/barlow/v12/ 21 KB
21 KB 171ms
86ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3t-4s51os.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65a47caa5183b035bf78d0f93adbe5cea500333410259c54abf2de356740df7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 22:57:29 GMT
x-content-type-options: nosniff
age: 184616
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21724
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:29:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Oct 2023 22:57:29 GMT

GET
H2 200 HOSP.woff2
www.cybereason.com/hubfs/dam/fonts/hsop/ 154 KB
154 KB 33ms
27ms Font
application/font-woff2 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cybereason.com/hubfs/dam/fonts/hsop/HOSP.woff2
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/3354902/hub_generated/template_assets/34470477360/1664468898614/__CR_Web_Platform/CSS/cr-master__main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: a6728e3326fe3805e12f697731cbc97f2a5b773533c1cb4be0c56da998a94db6

Request headers

Referer: https://cdn2.hubspot.net/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
last-modified: Fri, 11 Feb 2022 15:12:37 GMT
x-cdn: Imperva
etag: "2ffd5c598df2d32b13ebd689e6daa668"
content-type: application/font-woff2
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 1142) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=643499, public
content-length: 157664
expires: Fri, 14 Oct 2022 12:59:24 GMT

GET
H2 200 image4-Aug-22-2022-06-15-31-61-PM.png
www.cybereason.com/hs-fs/hubfs/ 5 KB
5 KB 34ms
28ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image4-Aug-22-2022-06-15-31-61-PM.png?width=436&name=image4-Aug-22-2022-06-15-31-61-PM.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 11cce2e218d0f6dc5dd12f9870e73c19a94c0c17eefcbacfd1eda3177524fee8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
last-modified: Mon, 22 Aug 2022 18:15:32 GMT
x-cdn: Imperva
etag: "dc429239755f93b4b2c82679175dba71"
content-type: image/png
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 1169) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1143348, public
content-length: 5427
expires: Thu, 20 Oct 2022 07:50:13 GMT

GET
H2 200 image11-Aug-22-2022-06-16-42-74-PM.png
www.cybereason.com/hs-fs/hubfs/ 19 KB
20 KB 34ms
29ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image11-Aug-22-2022-06-16-42-74-PM.png?width=867&name=image11-Aug-22-2022-06-16-42-74-PM.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: b9c3236b03a3ab4ffc655aad3ebfc2c2c4051cc317e26bcfabda22adf935b4c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
last-modified: Mon, 22 Aug 2022 18:16:43 GMT
x-cdn: Imperva
etag: "09bf38c8e9b9d6e66cff0a7a8d255901"
content-type: image/png
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 1171) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1198180, public
content-length: 19956
expires: Thu, 20 Oct 2022 23:04:05 GMT

GET
H2 200 image1-Aug-22-2022-06-18-20-21-PM.png
www.cybereason.com/hs-fs/hubfs/ 19 KB
19 KB 36ms
31ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image1-Aug-22-2022-06-18-20-21-PM.png?width=892&name=image1-Aug-22-2022-06-18-20-21-PM.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: addfc3d76c07b3480115ee2d8cd33cfa511b70009635abfecd4dcaa6e5a5329b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
last-modified: Mon, 22 Aug 2022 18:18:21 GMT
x-cdn: Imperva
etag: "e7396085e808f7306dae894b1203e0d0"
content-type: image/png
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 1172) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1534486, public
content-length: 19481
expires: Mon, 24 Oct 2022 20:29:11 GMT

GET
H2 200 image16-Aug-22-2022-06-20-08-38-PM.png
www.cybereason.com/hs-fs/hubfs/ 4 KB
4 KB 40ms
35ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image16-Aug-22-2022-06-20-08-38-PM.png?width=649&name=image16-Aug-22-2022-06-20-08-38-PM.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 022885b31265a4e0be090404294fc0e5344d734a0c6ce052fec718d3c13b61d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
last-modified: Mon, 22 Aug 2022 18:20:09 GMT
x-cdn: Imperva
etag: "8cd0a8f08febcd04b67f5e3ce1ce1fa6"
content-type: image/png
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 1173) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1094878, public
content-length: 4153
expires: Wed, 19 Oct 2022 18:22:23 GMT

GET
H2 200 image3-Aug-22-2022-06-20-59-36-PM.png
www.cybereason.com/hs-fs/hubfs/ 3 KB
4 KB 42ms
38ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image3-Aug-22-2022-06-20-59-36-PM.png?width=681&name=image3-Aug-22-2022-06-20-59-36-PM.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 3104f988796b5fdf5420eb01df43f2c5741300a372c4a42cdb924f9442378bd9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
last-modified: Mon, 22 Aug 2022 18:21:00 GMT
x-cdn: Imperva
etag: "61618d98f930764d58f0697c433409ab"
content-type: image/png
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 1174) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1198183, public
content-length: 3513
expires: Thu, 20 Oct 2022 23:04:08 GMT

GET
H2 200 image7-Aug-22-2022-06-22-00-69-PM.png
www.cybereason.com/hs-fs/hubfs/ 6 KB
7 KB 41ms
38ms Image
image/png 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cybereason.com/hs-fs/hubfs/image7-Aug-22-2022-06-22-00-69-PM.png?width=679&name=image7-Aug-22-2022-06-22-00-69-PM.png
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.64.106 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 31b0be6d85e4bc5294100269b3088624876c0826b5fd37dd73fa258098e76d51

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
last-modified: Mon, 22 Aug 2022 18:22:01 GMT
x-cdn: Imperva
etag: "4123f398d1c990ea197569e8ac8f2870"
content-type: image/png
x-iinfo: 2-31817444-0 0CNN RT(1665108864103 1175) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1094879, public
content-length: 6624
expires: Wed, 19 Oct 2022 18:22:24 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 46ms
9ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

adf538ffb526ce99960f9d5c916af995f09463e8ec0cf409380843ed5b491c13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 07 Oct 2022 02:14:25 GMT
content-md5: axYMJfyif4XK+B9Am6/ZCw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1685
x-fb-rlafr: 0
x-fb-debug: v9YoSElAdgrw2gVyL8fkisC6PIKiCFPJWBrFsrRVZpmX+RZF2/6gpHQvwo0j1NUsgOstcB5UcRxFdjDM6Ov99w==
x-fb-trip-id: 917726464
x-fb-content-md5: e1e805ef548221e4bd9c49d972d105a6
cross-origin-opener-policy: same-origin-allow-popups
etag: "bc813b10e65f354caf746e61bd939e6f"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
priority: u=3,i
expires: Fri, 07 Oct 2022 02:30:51 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 97 KB
29 KB 278ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67D4) /
Resource Hash: 9bd8dcc115a0e9fce94520cecad5254352b86d55bca2506833057bb52e87ee1a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Fri, 07 Oct 2022 02:14:26 GMT
Content-Encoding: gzip
Age: 698
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Content-Length: 29223
x-amzn-internal-status: 304
Last-Modified: Wed, 28 Sep 2022 20:05:37 GMT
Server: ECS (frb/67D4)
Etag: "f26384f93da6974ed577808dfa1fede5+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800
Vary: Accept-Encoding

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
745 B 213ms
167ms Script
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=3354902&callback=jsonpHandler

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/hs/hsstatic/HubspotToolsMenu/static-1.138/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
server: cloudflare
x-hubspot-correlation-id: 0b15cb86-097c-43ba-8b2e-e5ae0e9901e1
x-trace: 2B1EFD7C4798840679AE0DC740F97B504539D26B94000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://exceptions.hubspot.com/csp/reports"}]}
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 75631f8c4ec1bb43-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
reporting-endpoints: default="https://exceptions.hubspot.com/csp/reports?cfRay=75631f8c4ec1bb43&resource=unknown"

GET
H2 200 l
use.typekit.net/af/343335/00000000000000003b9b0ad0/27/ 16 KB
16 KB 71ms
17ms Font
application/font-woff2 2a02:26f0:11a::6867:4851
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/343335/00000000000000003b9b0ad0/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a::6867:4851 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 599dd661a1d9e0af96d614fab0ea7396bf06de4265029166a265c2b10cc1a1b0

Request headers

Referer: https://www.cybereason.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
server: nginx
etag: "eedb93b5a9ba82f97df21a2548066c304a8baad8"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 16112

GET
H2 200 l
use.typekit.net/af/4b34d2/00000000000000003b9b0acf/27/ 16 KB
16 KB 73ms
20ms Font
application/font-woff2 2a02:26f0:11a::6867:4851
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/4b34d2/00000000000000003b9b0acf/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a::6867:4851 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: f3f2822ba3d24c1f7f53bff8959801c644b2c1c556eb8c15ca36a86717f1ae7d

Request headers

Referer: https://www.cybereason.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
server: nginx
etag: "2d91046573f0e4458e7737f18f00bb9c13388e11"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 16256

GET
H2 200 l
use.typekit.net/af/cb6232/00000000000000003b9b0ad8/27/ 15 KB
15 KB 91ms
38ms Font
application/font-woff2 2a02:26f0:11a::6867:4851
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/cb6232/00000000000000003b9b0ad8/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a::6867:4851 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: f64368e7be69abe40585911860d83acfa8b14179d3008b2594166ae4c10ec0fd

Request headers

Referer: https://www.cybereason.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
server: nginx
etag: "865da7d2ecc4da3cb6bd5574f01738cfc5c8bb11"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 15452

GET
H2 200 l
use.typekit.net/af/abc1c3/00000000000000003b9b0ac9/27/ 16 KB
16 KB 91ms
38ms Font
application/font-woff2 2a02:26f0:11a::6867:4851
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/abc1c3/00000000000000003b9b0ac9/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a::6867:4851 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 72493a3f42ed0260f03b6ffd3ea131be38a1070845bfae24927f643a3fcf3255

Request headers

Referer: https://www.cybereason.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
server: nginx
etag: "8c3ee2b4e977df4e0f73e1b985c24fba9611fc49"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 16660

GET
H2 200 l
use.typekit.net/af/62203f/00000000000000003b9b0ac8/27/ 17 KB
17 KB 91ms
38ms Font
application/font-woff2 2a02:26f0:11a::6867:4851
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/62203f/00000000000000003b9b0ac8/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i7&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a::6867:4851 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 5c8d63abd4075c4ebd692fbd02e35fb72950f214a6486607c1819d4279ad526f

Request headers

Referer: https://www.cybereason.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
server: nginx
etag: "7b5be73a29b093f7ae3c099f5a521c9274f6db28"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 17152

GET
H2 200 l
use.typekit.net/af/19a2f0/00000000000000003b9b0ac7/27/ 16 KB
16 KB 90ms
37ms Font
application/font-woff2 2a02:26f0:11a::6867:4851
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/19a2f0/00000000000000003b9b0ac7/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a::6867:4851 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: dd8ce52adc4b0ab60f82c29ba12f25e2f6446245fc8c0b5f4bd6dab3146f9ef7

Request headers

Referer: https://www.cybereason.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
server: nginx
etag: "b9e1ecdf0fe601a7e9dfc362b400290203e7b31c"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 16464

GET
H2 200 l
use.typekit.net/af/cfbead/0000000000000000000146b3/27/ 23 KB
23 KB 71ms
18ms Font
application/font-woff2 2a02:26f0:11a::6867:4851
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/cfbead/0000000000000000000146b3/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a::6867:4851 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 875f8e591b4fbc6567e2b33553bea9ca2d0e18593bd857783a569fe7bf4ba097

Request headers

Referer: https://www.cybereason.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
server: nginx
etag: "122498e3424e674610da39fb441d661549879239"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 23244

GET
H2 200 l
use.typekit.net/af/f50d41/00000000000000003b9b2c84/27/ 15 KB
15 KB 73ms
21ms Font
application/font-woff2 2a02:26f0:11a::6867:4851
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/f50d41/00000000000000003b9b2c84/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a::6867:4851 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 0b454edb897d49bf8a73b07627b670a55f0972988094770495a308e5a5e39d1b

Request headers

Referer: https://www.cybereason.com/
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:25 GMT
server: nginx
etag: "13c2813ff67959226aaa4eccfcdd1399bd756b8d"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 15336

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/26b02624-42c7-456d-82c2-9669db762671/a5309542-3a95-4b7d-92f9-5bea83600764/ 122 KB
21 KB 11ms
11ms Fetch
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/26b02624-42c7-456d-82c2-9669db762671/a5309542-3a95-4b7d-92f9-5bea83600764/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.38.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ae3bbe74b9c5368b45f6223a3ddd5da436782411ce8a7e50a0aa48be03a8abc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: /SDdagPpVuf4cs6Y/ZXN3Q==
age: 1379
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 21762
x-ms-lease-status: unlocked
last-modified: Wed, 03 Aug 2022 14:59:34 GMT
server: cloudflare
etag: 0x8DA7560C76B21F0
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: a2d34210-801e-0047-2849-a7078d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 75631f8c2ad45c20-FRA
expires: Fri, 07 Oct 2022 06:14:25 GMT

GET
H3 200 all.js Show response
connect.facebook.net/en_GB/ 302 KB
85 KB 17ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js?hash=d3aecef1ae1a5d5315a698f5b588b005

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

12038d9e690364421f9d1f31b75a00e2e84c7d2f6c700be59ba5a50d811060b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 07 Oct 2022 02:14:25 GMT
content-md5: +oh44Vq0+xkV3C7G/AwRgQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 86782
x-fb-rlafr: 0
x-fb-debug: uwJrO1q+ra77xvkQzUuOdPUn7JqOVZn2vQc2vCdzfMMx8TeMyslDXwO2Hf/akupuD/FMt1efDQLBAsYJhsj2sw==
x-fb-content-md5: a26e4fe762551d0684fbbf23537cce22
cross-origin-opener-policy: same-origin-allow-popups
etag: "00802ad2d3af1a53c160b4cecd37c870"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 06 Oct 2023 21:50:18 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.38.0/assets/ 13 KB
3 KB 14ms
13ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.38.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.38.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14e4d1596c6b58896dfce1fc1ec45372bab4d2259ba82828fa3f96cc4f859fc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: l8TaFfqEBdbGRIscoE5PLQ==
age: 8131
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3007
x-ms-lease-status: unlocked
last-modified: Thu, 21 Jul 2022 06:31:09 GMT
server: cloudflare
etag: 0x8DA6AE29925C8FF
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 33d48dc3-a01e-003d-3d49-a76dc0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 75631f8c6b005c20-FRA

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/6.38.0/assets/v2/ 62 KB
13 KB 14ms
14ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.38.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.38.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0c36470d3b6f534495768bdd7ed92dbb0d6d8d1f3b7b69adba7153b68b90f35

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: JtD7zjxzBe/apQLaCwCdaw==
age: 2239
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 13258
x-ms-lease-status: unlocked
last-modified: Thu, 21 Jul 2022 06:31:11 GMT
server: cloudflare
etag: 0x8DA6AE29A87E4A6
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: c63f872a-001e-00d5-7f49-a7903b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 75631f8c6b025c20-FRA

GET
H2 200 otCookieSettingsButton.json Show response
cdn.cookielaw.org/scripttemplates/6.38.0/assets/ 5 KB
2 KB 15ms
15ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.38.0/assets/otCookieSettingsButton.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.38.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 07 Oct 2022 02:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: keZk8SpZZgHvyFwdMFhvhQ==
age: 9753
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1767
x-ms-lease-status: unlocked
last-modified: Thu, 21 Jul 2022 06:31:10 GMT
server: cloudflare
etag: 0x8DA6AE29A3CDCC9
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: bf5df8e4-801e-00a2-7d49-a7157a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 75631f8c6b035c20-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/6.38.0/assets/ 22 KB
5 KB 15ms
14ms Fetch
text/css 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.38.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.38.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

17770d05051a8a4f270ba5bdf049b90cc166ac42bd4513f419308a5804d7a161

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 07 Oct 2022 02:14:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: TLLtdkuMahUQRVIfmZNHNw==
age: 1378
x-ms-lease-status: unlocked
last-modified: Thu, 21 Jul 2022 06:31:23 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 5a8540ca-801e-0107-5649-a76836000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
cf-ray: 75631f8c6b045c20-FRA

GET
DATA 200
OK truncated
/ 817 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 poweredBy_ot_logo.svg
cdn.cookielaw.org/logos/static/ 3 KB
2 KB 13ms
12ms Image
image/svg+xml 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/poweredBy_ot_logo.svg

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49b9b4996d1ff0a8e3de643a0c623255bf631f298f2799b949c29de93926ee7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 07 Oct 2022 02:14:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: LpuayL42jB78xRllx0vkOw==
age: 7039
x-ms-lease-status: unlocked
last-modified: Thu, 06 Oct 2022 21:18:22 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 73f051a0-001e-00de-49d9-d9884f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
cf-ray: 75631f8cf9cc917d-FRA

GET
H2 200 p.gif
p.typekit.net/ 35 B
228 B 98ms
19ms Image
image/gif 2a02:26f0:ea::1706:70c9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.typekit.net/p.gif?s=1&k=vyv2ljd&ht=tk&h=www.cybereason.com&f=32224.32226.32227.32228.32230.32231.10875.32265&a=657783&js=1.21.0&app=typekit&e=js&_=1665108866137
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ea::1706:70c9 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

unused62: 8096267
date: Fri, 07 Oct 2022 02:14:26 GMT
last-modified: Sat, 09 Oct 2021 06:43:10 GMT
server: nginx
etag: "616139fe-23"
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 35

POST
H2 204 collect
region1.google-analytics.com/g/ 0
340 B 106ms
37ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-PZ3FE06790&gtm=2oea50&_p=75959924&gcs=G100&gdid=dZTQ1Zm&cid=1593496973.1665108866&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1665108866&sct=1&seg=0&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&dt=THREAT%20ALERT%3A%20HavanaCrypt%20Ransomware%20Masquerading%20as%20Google%20Update&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PZ3FE06790
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:26 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cybereason.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 landing
pagead2.googlesyndication.com/pagead/ 42 B
548 B 221ms
69ms Ping
image/gif 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/landing?gcs=G100&gcd=G100&rnd=962622632.1665108866&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&gtm=2wga50TJVVB7C

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:26 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 41 KB
15 KB 156ms
65ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

f42283e0ca17a52688c5250e714ecd1b6a53af8b0f6e54ac64546499b0ec1b19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15192
x-xss-protection: 0
server: cafe
etag: 699633608045481581
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 07 Oct 2022 02:14:26 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 248ms
17ms Script
application/javascript 199.232.16.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.16.157 Vienna, Austria, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 41b758f84ab2dd5da6f7ba488813d17410ebb48bc2074d304c26d63c5ece003d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:26 GMT
content-encoding: gzip
last-modified: Tue, 30 Aug 2022 15:04:19 GMT
etag: "d4de8398858246712016031c834bb061+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15317
x-served-by: cache-iad-kiad7000104-IAD, cache-vie6322-VIE

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 66ms
33ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

30153b15b4cb898c421e657f6de21dc27435cb990e7888367bdee12e06398da7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Fri, 07 Oct 2022 02:14:25 GMT
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 633FFD49DBB840A7B64B83BE3044146A Ref B: FRAEDGE1316 Ref C: 2022-10-07T02:14:26Z
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11367

GET
H2 200 hotjar-704918.js Show response
static.hotjar.com/c/ 4 KB
2 KB 91ms
37ms Script
application/javascript 108.138.17.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-704918.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.17.83 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-17-83.fra56.r.cloudfront.net

Software

Resource Hash

2a63b7405c03e9fa06e1a01c0b0c33b03e1eebd71462f234345b58fced2e849c

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:26 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 4dd80d99fd5d0f6baaaf5179cd921f72.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P7
etag: W/0808c37c0d5fd771f1f73fa0e5395e60
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=60
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-id: HWNSNkLq9NU-g1mTlD2Y0s74y_-OORy23Ljcfqu3uFUt4ZljtdFGiQ==

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 25 KB
8 KB 42ms
12ms Script
application/javascript 2a04:4e42:200::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: bef476ec3cca40a08e1dff35c707c24d5774e788c57febdb54874e90402a6af2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:26 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Tue, 19 Jul 2022 22:48:09 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "95212d33cfff78ad59f5af5b20c48c53"
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 7722

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 92ms
19ms Script
application/x-javascript 2a02:26f0:11a::6867:4843
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a::6867:4843 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:26 GMT
content-encoding: gzip
last-modified: Fri, 12 Aug 2022 20:23:36 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=36270
accept-ranges: bytes
content-length: 3063

GET
H2 200 1cwYCUDAYD26hHzYzki9 Show response
ws.zoominfo.com/pixel/ 3 KB
2 KB 240ms
210ms Script
text/javascript 2606:4700::6810:a852
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/1cwYCUDAYD26hHzYzki9

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

753e02282f21545990e0829b8213211ff35112a5dcdc28e45b40a82f1ee11f8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 75631f8dfa4591d7-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type

GET
H2 200 3354902.js Show response
js.hs-scripts.com/ 1 KB
902 B 461ms
413ms Script
application/javascript 2606:4700::6811:d6cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/3354902.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:d6cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 933e0de511015d251931c1817b9a648a997fc81c592e823437e2db9f0af6577a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:26 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Fri, 07 Oct 2022 01:56:20 GMT
server: cloudflare
x-hubspot-correlation-id: 11799092-4df9-47e2-b3f2-028622ce64f0
x-trace: 2B2EEBFFF3587687B28DF7E69227F5CEA27707A07C000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.cybereason.com
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 75631f8e4b879208-FRA
expires: Fri, 07 Oct 2022 02:15:26 GMT

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 2 KB
1 KB 131ms
23ms Script
text/javascript 2606:4700:4400::ac40:91d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:91d9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:26 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Fri, 15 Oct 2021 14:31:37 GMT
server: cloudflare
age: 266
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=1200
cf-ray: 75631f8eab2e9b6e-FRA
expires: Fri, 07 Oct 2022 02:20:00 GMT

GET
H2 200 ping.min.js Show response
cdn.pdst.fm/ 26 KB
6 KB 436ms
33ms Script
application/javascript 35.244.142.80
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pdst.fm/ping.min.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.142.80 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 80.142.244.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: cb8d40d1eb7e2dc885affcf0012d9e1a73c270d843e8b890d36538e52d0a0342

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:11:22 GMT
content-encoding: gzip
age: 184
x-guploader-uploadid: ADPycdsBfTTxxqcOuYN66GsyjKz_KHTvHPxIe3lUadcCo8l5U2UTw5wFcp42vpcYCVcv2ZHgcSIx10jY34KCyo1FW8DiaA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5774
last-modified: Fri, 28 May 2021 20:34:03 GMT
server: UploadServer
etag: "d001d1c9f5a942fa5524eeacb047e819"
vary: Accept-Encoding
x-goog-generation: 1622234043862937
x-goog-hash: crc32c=oKoi/w==, md5=0AHRyfWpQvpVJO6ssEfoGQ==
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 5774
accept-ranges: bytes
content-type: application/javascript;
expires: Fri, 07 Oct 2022 03:11:22 GMT

GET
H/1.1 200
OK js Show response
pixel.mathtag.com/event/ 1 KB
2 KB 565ms
47ms Script
text/javascript 92.123.37.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.mathtag.com/event/js?mt_id=1506452&mt_adid=241675&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.123.37.164 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-37-164.deploy.static.akamaitechnologies.com
Software: MT3 4539 98cc2da master zrh-pixel-x4 config:1.0.0 /
Resource Hash: 4064c618e7dd487bc617ce9a273458a4dee0553186ecbb9812202b82227c3268

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Fri, 07 Oct 2022 02:14:26 GMT
Server: MT3 4539 98cc2da master zrh-pixel-x4 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: text/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 1493
Expires: Fri, 07 Oct 2022 02:14:25 GMT

GET
H2 200 zdcd6x8yhg85.js Show response
js.driftt.com/include/1665108900000/ 211 KB
60 KB 258ms
143ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1665108900000/zdcd6x8yhg85.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

1fb2efa39abfd8b624fc9a3d076fa53aabeca8492f32e85a541a11ecb188b787

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:26 GMT
x-amz-version-id: 3GA6XW5Qb0TxVaFGlMir3u4eJ2Z_SjZQ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
last-modified: Tue, 04 Oct 2022 20:36:08 GMT
server: nginx
etag: W/"6fc8f85c2a5eea170c0bec7d1533b060"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ckmu-__SPlJohK1NTUKWDRHztXZKRpuaFJA2iWN3qqIcAUwR_NObRg==

GET
H2 200 E-v1.js Show response
fast.wistia.com/assets/external/ 625 KB
114 KB 65ms
6ms Script
application/javascript 2a04:4e42::622
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.com/assets/external/E-v1.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42::622 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

05e896577858fe6f354a35e118dab4993f7eab9d43c45d095ce460a621cd512a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:26 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=0
age: 3425
x-cache: HIT, HIT
content-length: 116448
x-served-by: cache-iad-kiad7000159-IAD, cache-hhn4067-HHN
x-browser-version: 106
last-modified: Thu, 06 Oct 2022 19:56:10 GMT
x-timer: S1665108866.348240,VS0,VE0
etag: "633f32da-1c6e0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
x-browser: chrome
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 32, 99

GET
H2 403 lt-v2.min.js
lltrck.com/ 0
0 342ms
101ms Script
text/html 23.21.250.193
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://lltrck.com/lt-v2.min.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.21.250.193 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-21-250-193.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H2 200 6e1424cff90e9cd4.min.js Show response
tag.demandbase.com/ 67 KB
19 KB 69ms
9ms Script
application/javascript 108.138.17.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.demandbase.com/6e1424cff90e9cd4.min.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.17.46 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-17-46.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

e13d9925ef33a0356aea47518f1e42c057fb3de1584c8b15266f420a86d87696

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-amz-version-id: WvbitgYlrsgoBDOkIMRG8LicS6gTlkQL
content-encoding: gzip
via: 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
date: Fri, 07 Oct 2022 01:50:55 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: FRA56-P7
age: 1704
x-cache: Hit from cloudfront
last-modified: Fri, 23 Sep 2022 12:19:55 GMT
server: AmazonS3
etag: W/"ba4c12969391e1f0335886e4befc3482"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
x-amz-cf-id: 4g_38vNv0cUlGDMxS2eyy2vtHlv0smjDfiJaWFEJ0FcPuPR2TkGRXw==

GET
H2 200 airpr.js Show response
px.airpr.com/ 7 KB
2 KB 55ms
7ms Script
application/javascript 108.138.7.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://px.airpr.com/airpr.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.7.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-7-8.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: 529b9c583e6cf8da02c9cadf8c38b5714198f0fde2dcde01da2d5ee681228738

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 22:18:43 GMT
content-encoding: gzip
via: 1.1 e75bff6012758ccb55ff41b176b32342.cloudfront.net (CloudFront)
last-modified: Sat, 21 Apr 2018 18:03:55 GMT
server: nginx
x-amz-cf-pop: FRA56-P6
age: 14143
etag: "5adb7d0b-853"
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: max-age=43200
content-length: 2131
x-amz-cf-id: oZgoT1SRShbYPThrvIG_XNoF-CY-QLv4oz_I8n6n5A3jKLtcPJncEw==
expires: Fri, 07 Oct 2022 10:35:59 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 217 KB
75 KB 144ms
61ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-SSF38JVRVJ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJVVB7C

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e7949e4657bab0cdfb980818cb59d086cfa1ffd45bc05d585ed32ffbcf7f1bfe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:26 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 76812
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 07 Oct 2022 02:14:26 GMT

GET
H3

200

src=10272547;dc_pre=CMjXg_SFzfoCFYnSmgodWB4Daw;type=landing;cat=allsite;ord=9516010579012;gtm=2wga50;gcs=G100;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-mas...
ade.googlesyndication.com/ddm/activity/
Redirect Chain

https://ade.googlesyndication.com/ddm/activity/src=10272547;type=landing;cat=allsite;ord=9516010579012;gtm=2wga50;gcs=G100;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-r...
https://ade.googlesyndication.com/ddm/activity/src=10272547;dc_pre=CMjXg_SFzfoCFYnSmgodWB4Daw;type=landing;cat=allsite;ord=9516010579012;gtm=2wga50;gcs=G100;~oref=https%3A%2F%2Fwww.cybereason.com%2...

42 B
63 B

162ms
78ms

Image
image/gif

142.250.201.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/src=10272547;dc_pre=CMjXg_SFzfoCFYnSmgodWB4Daw;type=landing;cat=allsite;ord=9516010579012;gtm=2wga50;gcs=G100;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update?

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Server

142.250.201.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s35-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:26 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://ade.googlesyndication.com/ddm/activity/src=10272547;dc_pre=CMjXg_SFzfoCFYnSmgodWB4Daw;type=landing;cat=allsite;ord=9516010579012;gtm=2wga50;gcs=G100;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

src=10428681;dc_pre=CIvbg_SFzfoCFQnjmgodKbUAiw;type=cyber0;cat=cyber0;ord=2904094809293;gtm=2wga50;gcs=G100;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masqu...
ade.googlesyndication.com/ddm/activity/
Redirect Chain

https://ade.googlesyndication.com/ddm/activity/src=10428681;type=cyber0;cat=cyber0;ord=2904094809293;gtm=2wga50;gcs=G100;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ran...
https://ade.googlesyndication.com/ddm/activity/src=10428681;dc_pre=CIvbg_SFzfoCFQnjmgodKbUAiw;type=cyber0;cat=cyber0;ord=2904094809293;gtm=2wga50;gcs=G100;~oref=https%3A%2F%2Fwww.cybereason.com%2Fb...

42 B
63 B

161ms
77ms

Image
image/gif

142.250.201.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/src=10428681;dc_pre=CIvbg_SFzfoCFQnjmgodKbUAiw;type=cyber0;cat=cyber0;ord=2904094809293;gtm=2wga50;gcs=G100;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update?

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Server

142.250.201.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s35-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:26 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://ade.googlesyndication.com/ddm/activity/src=10428681;dc_pre=CIvbg_SFzfoCFQnjmgodKbUAiw;type=cyber0;cat=cyber0;ord=2904094809293;gtm=2wga50;gcs=G100;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET widget_iframe.7dae38096d06923d683a2a807172322a.html
platform.twitter.com/widgets/ Frame 2B43 0
0

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
157 B 418ms
390ms Image
image/gif 151.101.1.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1665108866269&id=t2_32cbm2fl&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&uuid=c99d6e8d-8381-4575-9b02-0b8f2338e337&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_02c59ad6
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:26 GMT
via: 1.1 varnish
server: Varnish
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 56273944.js Show response
bat.bing.com/p/action/ 1 KB
843 B 133ms
132ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/56273944.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

60998ce4ba58769642e0e331973a19ae753372df1369446e8fb4ce419e2eebf8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Fri, 07 Oct 2022 02:14:25 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A530F3D2AC03409C88C7A49E473D065F Ref B: FRAEDGE1316 Ref C: 2022-10-07T02:14:26Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private,max-age=60
content-length: 667

GET
H2 200 modules.cbd9768ba80ba0be5b17.js Show response
script.hotjar.com/ 254 KB
65 KB 55ms
8ms Script
application/javascript 52.222.236.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.cbd9768ba80ba0be5b17.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-704918.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-122.fra56.r.cloudfront.net

Software

Resource Hash

5b3c6e212cbb3b9f4f28b09cfdc53990e809792192d7d8639d3311f0551c2010

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 18:47:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 bb3ac1595bb014e3b09608a0358d33da.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 199640
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 66229
last-modified: Tue, 04 Oct 2022 18:46:48 GMT
etag: "483a48bedf96c50163b542fb95446039"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: _vPYB5Ixm-p8gMytHRAmNQ5uEf122rM6Fc2LEe9fiBLyyfDlzyRESA==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1665108866292&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-goo...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3885972%252C72596%252C4030924%26time%3D1665108866292%26url%3Dhttps%253A%252F%252F...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1665108866292&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-goo...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1665108866292&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-go...

0
142 B

218ms
186ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1665108866292&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tm=gtmv2&liSync=true&e_ipv6=AQLoVOPRst1aVwAAAYOwOPe4seQv3IM7peynyyS7kuisCHSpbl4Lk4u7uoXJ2aamQdPJ09VK
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:26 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 6BB0168A8E634D2792C5752D8DDEF791 Ref B: FRAEDGE1214 Ref C: 2022-10-07T02:14:27Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXqaF6K23rE4aL6q4K0lg==

Redirect headers

date: Fri, 07 Oct 2022 02:14:26 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 57D9C118E2F74F85ADA16042CFF77081 Ref B: FRAEDGE1114 Ref C: 2022-10-07T02:14:26Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1665108866292&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tm=gtmv2&liSync=true&e_ipv6=AQLoVOPRst1aVwAAAYOwOPe4seQv3IM7peynyyS7kuisCHSpbl4Lk4u7uoXJ2aamQdPJ09VK
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXqaF6Hf4uNQ+vwg/7wnw==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1665108866293&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-goo...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3885972%252C72596%252C4030924%26time%3D1665108866293%26url%3Dhttps%253A%252F%252F...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1665108866293&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-goo...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1665108866293&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-go...

0
264 B

212ms
180ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1665108866293&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tm=gtmv2&liSync=true&e_ipv6=AQKFupRaVUIt5QAAAYOwOPe53wN5OxBFCc3NZXT1UiCgF5qF7HwApRuTQ3I1KuKUnL78yCPT
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:26 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 4676CCD7891B4FCB9BD837F767EE6581 Ref B: FRAEDGE1214 Ref C: 2022-10-07T02:14:27Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXqaF6K2oHh35u2ugK8ZQ==

Redirect headers

date: Fri, 07 Oct 2022 02:14:26 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 8558B436F5594106A0D015AF083FD5B2 Ref B: FRAEDGE1114 Ref C: 2022-10-07T02:14:26Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3885972%2C72596%2C4030924&time=1665108866293&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tm=gtmv2&liSync=true&e_ipv6=AQKFupRaVUIt5QAAAYOwOPe53wN5OxBFCc3NZXT1UiCgF5qF7HwApRuTQ3I1KuKUnL78yCPT
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXqaF6HgY/biN4gGi3bLw==

GET
H2 200 box-69edcc3187336f9b0a3fbb4c73be9fe6.html Show response
vars.hotjar.com/ Frame 9B0D 2 KB
1 KB 81ms
14ms Document
text/html 108.156.60.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://vars.hotjar.com/box-69edcc3187336f9b0a3fbb4c73be9fe6.html

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-704918.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.156.60.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-156-60-78.ams1.r.cloudfront.net

Software

Resource Hash

867b23a408fa99143955de5665345cda886857174c328d2828e5dcd33bd98cd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 233178
cache-control: max-age=31536000
content-encoding: br
content-length: 1044
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 04 Oct 2022 09:28:08 GMT
etag: "f6a9ca04b0687ea3c0d98e8430c8c77b"
last-modified: Tue, 04 Oct 2022 07:09:34 GMT
strict-transport-security: max-age=2592000; includeSubDomains
vary: Accept-Encoding
via: 1.1 ee47c4d401aca1a1f5c2ee96ce3267e4.cloudfront.net (CloudFront)
x-amz-cf-id: BH4fxyKcie5l-vM0JFPFWV-NB9kUwKlgPUx10Tel2XV25ozEEu9UTQ==
x-amz-cf-pop: AMS1-P2
x-cache: Hit from cloudfront
x-robots-tag: none

GET
H2 200 3354902.js Show response
js.hs-banner.com/ 61 KB
16 KB 520ms
425ms Script
text/javascript 2606:4700:4400::ac40:9a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/3354902.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs/scriptloader/3354902.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9ed1a1330cd382765e03baf8a53054e6fdfd457430f2ebfe7c8db0029b5fb204

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:27 GMT
x-amz-version-id: u8GeU4hYPuNw5TsmR8TvspV5_NoxeNPO
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: B4GQKWWGET8D2MTP
x-amz-server-side-encryption: AES256
x-amz-id-2: GsvA+sZop6RldOMAfy0WKr0G9yjqCusth0NoZ4WPOAgGmBktPG8VbtdqCmSs91sNL/NxjVVoYGs=
last-modified: Thu, 06 Oct 2022 21:41:30 GMT
server: cloudflare
etag: W/"182e577ecf724d7173326e3a0c75c8e8"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.cybereason.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
vary: Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 75631f9048a5913a-FRA
expires: Fri, 07 Oct 2022 02:19:26 GMT

GET
H2 200 3354902.js Show response
js.hs-analytics.net/analytics/1665108600000/ 64 KB
20 KB 163ms
143ms Script
text/javascript 2606:4700::6811:45b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1665108600000/3354902.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs/scriptloader/3354902.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:45b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec4b8c51113c6ac7e233d43c9e65d16f7bba56a2ac006d4c444a6b6090129a94

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:26 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: JG78XZ9AZQMQ475V
x-amz-server-side-encryption: AES256
x-amz-id-2: tXawx9w42BumQ7YiZCXgcKp4wp+RmzQG4j/CmzY6tbnvbZsXWySNqHL2doEd1ujq//0YZ+6/eeY=
last-modified: Thu, 06 Oct 2022 18:37:28 GMT
server: cloudflare
etag: W/"09a6e023abc64dda8de510d933e965d5"
vary: origin, Accept-Encoding
content-type: text/javascript
cache-control: max-age=300, public
access-control-allow-credentials: false
cf-ray: 75631f909d029261-FRA
expires: Fri, 07 Oct 2022 02:19:26 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 548 KB
88 KB 50ms
21ms Script
application/javascript 2606:4700::6811:eacc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsleadflows.net/leadflows.js
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/hs/scriptloader/3354902.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:eacc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf3a88c35bdc16d97403947a9f9188faf13af9a6776529a422286716605d5fee

Request headers

Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Origin: https://www.cybereason.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:26 GMT
x-amz-version-id: Ur8e8LShl3Q9Sr_qgQx0CQrFz7yEnpM5
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-amz-cf-pop: IAD12-P3
age: 27571
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=lead-flows-js/static-1.1110/bundle/main/lead-flows-release.js&cfRay=75607e6cecb0929b-IAD
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-amz-replication-status: COMPLETED
last-modified: Tue, 06 Sep 2022 03:53:55 UTC
server: cloudflare
etag: W/"6ec4f161716a8da5c8c95cda1e89dc05"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-hs-cache-status: HIT
cache-control: s-maxage=86400, max-age=0
cf-ray: 75631f910e789293-FRA
x-amz-cf-id: 3o5KBZsU8N_RtWonh8kat5RKbMV9bE5H6rgcKD8Hin8-ItbTA2QD8Q==
x-hs-target-asset: lead-flows-js/static-1.1110/bundle/main/lead-flows-release.js

GET
H/1.1 200
OK activity.gif
apt.techtarget.com/activity/ 43 B
323 B 460ms
99ms Image
image/gif 206.19.49.24
ATT-CERFNET-BLOCK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=16570449&version=2.1.1&ref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&r=1665108866371
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 206.19.49.24 , United States, ASN17225 (ATT-CERFNET-BLOCK, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Fri, 07 Oct 2022 02:14:27 GMT
Last-Modified: Tue, 26 Mar 2019 18:30:29 GMT
Server: Apache/2.4.6 (CentOS)
ETag: "2b-5850384029cff"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=5
Content-Length: 43

GET
H2 200 56273944 Show response
www.clarity.ms/tag/uet/ 1 KB
2 KB 287ms
112ms Script
application/x-javascript 2620:1ec:bdf::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/56273944
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/56273944.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::44 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 98e640b6ca9c2f18fcc6e6b5a5d7fa18a726eac9136f14260f530d7494461b29

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-type: application/x-javascript
date: Fri, 07 Oct 2022 02:14:26 GMT
cache-control: no-cache, no-store
expires: -1
x-azure-ref: 0gos/YwAAAAAylz1Gxi4WT4Hku0HHeh/ZQU1TMDRFREdFMTgxMgA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
request-context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

GET
H3 200 / Show response
pagead2.googlesyndication.com/pagead/conversion/401574070/ 0
0 169ms
73ms Script
text/html 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/conversion/401574070/?random=1665108866421&cv=9&fst=1665108866421&num=1&value=0&label=6wPaCOv09oACELaRvr8B&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wga50&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tiba=THREAT%20ALERT%3A%20HavanaCrypt%20Ransomware%20Masquerading%20as%20Google%20Update&gcs=G100&gcd=G100&hn=www.googleadservices.com&bttype=purchase&async=1&rfmt=3&fmt=4
Requested by: Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

POST
H3 204 collect
region1.google-analytics.com/g/ 0
17 B 104ms
39ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-SSF38JVRVJ&gtm=2oea50&_p=75959924&gcs=G100&cid=1593496973.1665108866&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1665108866&sct=1&seg=0&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&dt=THREAT%20ALERT%3A%20HavanaCrypt%20Ransomware%20Masquerading%20as%20Google%20Update&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-SSF38JVRVJ&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:26 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cybereason.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 data.js Show response
tags.clickagy.com/ 38 KB
14 KB 82ms
38ms Script
application/javascript 2606:4700:4400::ac40:9973
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
Requested by: Host: ws.zoominfo.com
URL: https://ws.zoominfo.com/pixel/1cwYCUDAYD26hHzYzki9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9973 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b05f32b262a8ddfa4c0322b0b4b376258b7996177b98d5a1e2b4585d20cba27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:26 GMT
x-amz-version-id: voLTTawX.GcVEDQiIRYzY2txm8P5Ii8i
content-encoding: gzip
cf-cache-status: DYNAMIC
via: 1.1 a7322dae74179db004d6fbdc1e7dc03e.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-C1
age: 61020
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 16 Sep 2022 04:12:14 GMT
server: cloudflare
etag: W/"9d3ea74a65932cc93f95029e15978232"
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 75631f917a939b67-FRA
x-amz-cf-id: QgZbu6loVlaAwfEZQwN0_rMmwL2WgpQFrhpeIs1i0msWD2dIgHOCMA==

GET adsct
t.co/i/ 0
0

GET adsct
analytics.twitter.com/i/ 0
0

GET
H2 200 adsct
t.co/1/i/ 43 B
377 B 137ms
109ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=5&eci=3&event=%7B%7D&event_id=161e4db9-830d-4ed1-ac64-96ba513399ec&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=d07ce369-8bff-4680-aee4-cac01d0e32fc&tw_document_href=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tw_iframe_status=0&txn_id=o9na6&type=javascript&version=2.3.27

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-response-time: 102
date: Fri, 07 Oct 2022 02:14:26 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: e45453c03fb4ae1e
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 62d31389295a62282be1eb795c36fc525a87d3d70311e5d2c39fb77065b69b49
content-length: 43

GET adsct
analytics.twitter.com/1/i/ 0
0

GET demandbase
match.prod.bidr.io/cookie-sync/ 0
0

GET
H2 451 464526.gif
id.rlcdn.com/ 0
98 B 120ms
38ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/464526.gif
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:26 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H2 200 ip.json Show response
api.company-target.com/api/v2/ 461 B
957 B 90ms
60ms XHR
application/json 18.66.97.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&page_title=THREAT%20ALERT%3A%20HavanaCrypt%20Ransomware%20Masquerading%20as%20Google%20Update
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/6e1424cff90e9cd4.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-20.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: 06294245f12818c2d04b2a9f1e1d9d5cadd44667f565cdc6f51c83aaf4dfef28

Request headers

Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 07 Oct 2022 02:14:26 GMT
identification-source: CENTRAL
content-encoding: gzip
via: 1.1 3f52d342c56014599dee37446f6c9f2e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
x-cache: Miss from cloudfront
request-id: 6c3b1923-c375-4981-a327-f22d24cef2e4
pragma: no-cache
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.cybereason.com
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
vary: Accept-Encoding, Origin
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: z_IB2NjIOGNOgTWq3-xifSIFklGJPuF-fonefUMiwY9vVfYx7VIg7A==
expires: Thu, 06 Oct 2022 02:14:26 GMT

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/704918/ 147 B
322 B 141ms
34ms XHR
application/json 52.30.44.244
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/704918/visit-data?sv=7
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.cbd9768ba80ba0be5b17.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.44.244 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-44-244.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 4b8e8b42acdad2f84c0d44c5dbc12b8327706d1f49551e1ec577b08d4cbaf263

Request headers

Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Fri, 07 Oct 2022 02:14:26 GMT
content-encoding: br
vary: Accept-Encoding
access-control-max-age: 86400
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, no-store
access-control-allow-credentials: true

GET
H2 204 704918 Show response
vc.hotjar.io/sessions/ 0
258 B 135ms
57ms XHR
text/plain 13.32.110.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vc.hotjar.io/sessions/704918?s=0.25&r=0.04794096385329283
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.cbd9768ba80ba0be5b17.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.110.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-110-17.vie50.r.cloudfront.net
Software: Python/3.7 aiohttp/3.5.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:26 GMT
via: 1.1 47b3fa796fd76d32bef114d0b8ce8cac.cloudfront.net (CloudFront)
server: Python/3.7 aiohttp/3.5.4
x-amz-cf-pop: VIE50-C2
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-store
x-amz-cf-id: ibPVTf7JzloM1UFBJtdg92UL7jXtNNb6nWh7oFg-Sv23FuP4MmhEuQ==

POST
H3 204 pdst-events-prod-sink
us-central1-adaptive-growth.cloudfunctions.net/ 0
0 328ms
263ms Fetch
text/html 2001:4860:4802:36::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink
Requested by: Host: cdn.pdst.fm
URL: https://cdn.pdst.fm/ping.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend / Express
Resource Hash

Request headers

Accept: application/json
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 07 Oct 2022 02:14:27 GMT
server: Google Frontend
x-powered-by: Express
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
access-control-allow-methods: GET, POST
content-type: text/html
access-control-allow-origin: *
x-cloud-trace-context: 13da2de72515a54f10465405001c5c8a
function-execution-id: ah867vz1el5a
access-control-allow-headers: Content-Type, Accept
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

OPTIONS
H2 200 pdst-events-prod-sink
us-central1-adaptive-growth.cloudfunctions.net/ Frame 0
0 256ms
150ms Preflight
text/html 2001:4860:4802:36::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.cybereason.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

access-control-allow-headers: Content-Type, Accept
access-control-allow-methods: GET, POST
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 22
content-type: text/html; charset=utf-8
date: Fri, 07 Oct 2022 02:14:26 GMT
etag: W/"2-ROqGvmcGDXooyAXFZHZ+i4au1yQ"
function-execution-id: t2ybw91kzr2e
server: Google Frontend
x-cloud-trace-context: c9389f64baf4a4cc4b21ba71aa03f35f
x-powered-by: Express

POST
H2 200 data Show response
aorta.clickagy.com/ 57 B
508 B 334ms
107ms XHR
application/json 3.214.87.107
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://aorta.clickagy.com/data
Requested by: Host: tags.clickagy.com
URL: https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.214.87.107 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-214-87-107.compute-1.amazonaws.com
Software: Aorta/20220929.37e3bd418 /
Resource Hash: 2e7fa43392dd418d8d3bd6c33fd3d9dbd86702b023587f5e8874f4e31549cbdf

Request headers

Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 07 Oct 2022 02:14:27 GMT
content-encoding: gzip
server: Aorta/20220929.37e3bd418
expect: 0
access-control-max-age: 31536000
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
access-control-allow-origin: https://www.cybereason.com
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-aorta-region: us-east-1
x-aorta-host: 9a738c7f784f
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
content-length: 82

GET
H2 200 hasHashes Show response
hemsync.clickagy.com/external/ 2 B
328 B 387ms
102ms XHR
text/plain 34.200.202.85
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://hemsync.clickagy.com/external/hasHashes?clkgypv=jstag
Requested by: Host: tags.clickagy.com
URL: https://tags.clickagy.com/data.js?rnd=62fe5c0e6ad95
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.200.202.85 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-200-202-85.compute-1.amazonaws.com
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:27 GMT
content-encoding: gzip
vary: origin
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://www.cybereason.com
access-control-expose-headers: content-length, last-modified, expires, content-type
access-control-allow-credentials: true
content-length: 28

GET
H2

200

51557
stags.bluekai.com/site/
Redirect Chain

https://aorta.clickagy.com/pixel.gif?clkgypv=jstag
https://cm.g.doubleclick.net/pixel?google_nid=clickagy&google_sc&google_cm&google_hm=Yzo3MDQ0ZmU3NzczOWE1YzUxMWVmODcwNTJjZjcwMmM0Ng
https://aorta.clickagy.com/pixel.gif?ch=8&cm=CAESEOQ9taMmG6TzCeZUOSKvMxk&google_cver=1
https://stags.bluekai.com/site/51557?id=c:7044fe77739a5c511ef87052cf702c46&redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D122%26cm%3D$_BK_UUID&BKUUID=$_BK_UUID&limit=1

62 B
227 B

387ms
263ms

Image
image/gif

2.18.168.242
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stags.bluekai.com/site/51557?id=c:7044fe77739a5c511ef87052cf702c46&redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D122%26cm%3D$_BK_UUID&BKUUID=$_BK_UUID&limit=1
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H2
Server: 2.18.168.242 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-168-242.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date: Fri, 07 Oct 2022 02:14:27 GMT
content-length: 62
content-type: image/gif

Redirect headers

date: Fri, 07 Oct 2022 02:14:27 GMT
server: Aorta/20220929.37e3bd418
expect: 0
access-control-max-age: 31536000
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
location: https://stags.bluekai.com/site/51557?id=c:7044fe77739a5c511ef87052cf702c46&redir=https%3A%2F%2Faorta.clickagy.com%2Fpixel.gif%3Fclkgypv%3Dpxl%26ch%3D122%26cm%3D$_BK_UUID&BKUUID=$_BK_UUID&limit=1
access-control-allow-origin
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-aorta-region: us-east-1
x-aorta-host: 33a6319fc53d
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
content-length: 0

GET
H3

451

711861.gif
id.rlcdn.com/
Redirect Chain

https://aorta.clickagy.com/liveramp_redir
https://id.rlcdn.com/711861.gif

0
9 B

103ms
40ms

Image
text/plain

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/711861.gif
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: H3
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:27 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

Redirect headers

date: Fri, 07 Oct 2022 02:14:27 GMT
server: Aorta/20220929.37e3bd418
expect: 0
access-control-max-age: 31536000
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
location: https://id.rlcdn.com/711861.gif
access-control-allow-origin
access-control-expose-headers: Set-Cookie
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-aorta-region: us-east-1
x-aorta-host: 0c916f57972f
access-control-allow-headers: Origin,cache-control,content-type,man,messagetype,soapaction
content-length: 0

GET
H/1.1 200
OK iframe Show response
pixel.mathtag.com/sync/ Frame 99DA 713 B
1 KB 41ms
40ms Document
text/html 92.123.37.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.mathtag.com/sync/iframe?mt_uuid=790a633f-8b82-4a00-8130-fd34a75ada7b&no_iframe=1&mt_adid=241675&source=mathtag
Requested by: Host: pixel.mathtag.com
URL: https://pixel.mathtag.com/event/js?mt_id=1506452&mt_adid=241675&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.123.37.164 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-37-164.deploy.static.akamaitechnologies.com
Software: MT3 4539 98cc2da master zrh-pixel-x28 config:1.0.0 /
Resource Hash: 8040be8c28a19b0f78481f2da17e7220e75adde27eb9713ff626652a066f92da

Request headers

Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 713
Content-Type: text/html
Date: Fri, 07 Oct 2022 02:14:26 GMT
Expires: Fri, 07 Oct 2022 02:14:25 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 4539 98cc2da master zrh-pixel-x28 config:1.0.0

GET
H/1.1 200
OK img
pixel.mathtag.com/comp/ 0
481 B 38ms
38ms Image
image/gif 92.123.37.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/comp/img?mt_id=99&ns=xx&bcdv=0
Requested by: Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.123.37.164 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-37-164.deploy.static.akamaitechnologies.com
Software: MT3 4539 98cc2da master zrh-pixel-x25 config:1.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Fri, 07 Oct 2022 02:14:26 GMT
Server: MT3 4539 98cc2da master zrh-pixel-x25 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Expires: Fri, 07 Oct 2022 02:14:25 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/comp/ Frame 99DA 0
481 B 62ms
47ms Image
image/gif 92.123.37.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/comp/img?mt_id=99&ns=xx&bcdv=0
Requested by: Host: pixel.mathtag.com
URL: https://pixel.mathtag.com/sync/iframe?mt_uuid=790a633f-8b82-4a00-8130-fd34a75ada7b&no_iframe=1&mt_adid=241675&source=mathtag
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.123.37.164 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-37-164.deploy.static.akamaitechnologies.com
Software: MT3 4539 98cc2da master zrh-pixel-x29 config:1.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.mathtag.com/sync/iframe?mt_uuid=790a633f-8b82-4a00-8130-fd34a75ada7b&no_iframe=1&mt_adid=241675&source=mathtag
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Fri, 07 Oct 2022 02:14:26 GMT
Server: MT3 4539 98cc2da master zrh-pixel-x29 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Expires: Fri, 07 Oct 2022 02:14:25 GMT

GET
H2 200 clarity.js Show response
www.clarity.ms/eus2-b/s/0.6.42/ 53 KB
23 KB 102ms
102ms Script
application/javascript 2620:1ec:bdf::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/eus2-b/s/0.6.42/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/56273944
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::44 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: d97ca913935c9897ac4e255d17e14c8a3f0d8513681fe5b6736c4921fc5dd078

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:26 GMT
content-encoding: br
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
etag: "1d8d8e58fdaa9d4"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript;charset=utf-8
x-azure-ref: 0g4s/YwAAAABI37cf11ApSYM1bNiJzx+QQU1TMDRFREdFMTgxMgA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
cache-control: public,max-age=86400
accept-ranges: bytes
content-length: 23382
request-context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 124ms
38ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 07 Oct 2022 01:15:57 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 3510
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Fri, 07 Oct 2022 03:15:57 GMT

GET
H3

200

landing
googleads.g.doubleclick.net/pagead/
Redirect Chain

https://www.google.com/pagead/landing?gcs=G111&gcu=1&gcd=G100&rnd=962622632.1665108866&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-updat...
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcu=1&gcd=G100&rnd=962622632.1665108866&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as...

42 B
66 B

69ms
69ms

Ping
image/gif

2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcu=1&gcd=G100&rnd=962622632.1665108866&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&gtm=2wga50TJVVB7C&auid=441055802.1665108867

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:27 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:27 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcu=1&gcd=G100&rnd=962622632.1665108866&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&gtm=2wga50TJVVB7C&auid=441055802.1665108867
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/934771702/ 2 KB
1 KB 111ms
98ms Script
text/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/934771702/?random=1665108867035&cv=9&fst=1665108867035&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wga50&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tiba=THREAT%20ALERT%3A%20HavanaCrypt%20Ransomware%20Masquerading%20as%20Google%20Update&auid=441055802.1665108867&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a91c88e70ba55ed06cc47f2d40256fefc9ae5fe75511607bbf4b58f4b75708e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1085
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/561371164/ 2 KB
1 KB 188ms
176ms Script
text/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/561371164/?random=1665108867036&cv=9&fst=1665108867036&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wga50&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tiba=THREAT%20ALERT%3A%20HavanaCrypt%20Ransomware%20Masquerading%20as%20Google%20Update&auid=441055802.1665108867&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6a3700a3e2d8304ea935ddd4917e57d40fcf62739540521846099e40653c7c83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1085
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activityi;src=10272547;type=landing;cat=allsite;ord=5414039073414;gtm=2wga50;gcs=G111;gcu=1;auiddc=441055802.1665108867;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-rans...
10272547.fls.doubleclick.net/ Frame 9AF9 0
0

GET activityi;src=10428681;type=cyber0;cat=cyber0;ord=9037368693503;gtm=2wga50;gcs=G111;gcu=1;auiddc=441055802.1665108867;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransom...
10428681.fls.doubleclick.net/ Frame 3423 0
0

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/401574070/ 2 KB
1 KB 112ms
46ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/401574070/?random=1665108867064&cv=9&fst=1665108867064&num=1&value=0&label=6wPaCOv09oACELaRvr8B&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wga50&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tiba=THREAT%20ALERT%3A%20HavanaCrypt%20Ransomware%20Masquerading%20as%20Google%20Update&auid=441055802.1665108867&gcs=G111&gcd=G100&gcu=1&hn=www.googleadservices.com&bttype=purchase&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

0d74f42735cbe54ae22d984b062bc08eb0836c7bec9819261cc35ae6957683e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1507
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 37ms
36ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-SSF38JVRVJ&gtm=2oea50&_p=75959924&_gaz=1&gcs=G111&gdid=dZTQ1Zm&cid=1593496973.1665108866&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1665108866&sct=1&seg=0&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&dt=THREAT%20ALERT%3A%20HavanaCrypt%20Ransomware%20Masquerading%20as%20Google%20Update&en=user_engagement&ep.ga_temp_client_id=1593496973.1665108866&_et=621
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-SSF38JVRVJ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:27 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cybereason.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
349 B 56ms
19ms Ping
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-SSF38JVRVJ&cid=1593496973.1665108866&gtm=2oea50&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-SSF38JVRVJ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:27 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cybereason.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 134ms
50ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-SSF38JVRVJ&cid=1593496973.1665108866&gtm=2oea50&aip=1&z=1044869906

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/934771702/ 42 B
108 B 52ms
51ms Image
image/gif 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/934771702/?random=1665108867035&cv=9&fst=1665108000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wga50&sendb=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tiba=THREAT%20ALERT%3A%20HavanaCrypt%20Ransomware%20Masquerading%20as%20Google%20Update&async=1&fmt=3&is_vtc=1&random=2666201460&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:27 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/934771702/ 42 B
154 B 93ms
51ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/934771702/?random=1665108867035&cv=9&fst=1665108000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wga50&sendb=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tiba=THREAT%20ALERT%3A%20HavanaCrypt%20Ransomware%20Masquerading%20as%20Google%20Update&async=1&fmt=3&is_vtc=1&random=2666201460&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:27 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 124ms
46ms XHR
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=75959924&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&ul=en-us&de=UTF-8&dt=THREAT%20ALERT%3A%20HavanaCrypt%20Ransomware%20Masquerading%20as%20Google%20Update&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KBDAAEABAAAAACAAI~&jid=1438238457&gjid=508340499&cid=1593496973.1665108866&tid=UA-56367941-1&_gid=1291617858.1665108867&_r=1&_slc=1&z=1496273635

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cybereason.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.de/pagead/1p-conversion/401574070/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/401574070/?random=1168578397&cv=9&fst=1665108867064&num=1&value=0&label=6wPaCOv09oACELaRvr8B&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO...
https://www.google.com/pagead/1p-conversion/401574070/?random=1168578397&cv=9&fst=1665108867064&num=1&value=0&label=6wPaCOv09oACELaRvr8B&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_...
https://www.google.de/pagead/1p-conversion/401574070/?random=1168578397&cv=9&fst=1665108867064&num=1&value=0&label=6wPaCOv09oACELaRvr8B&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_a...

42 B
64 B

124ms
53ms

Image
image/gif

2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/401574070/?random=1168578397&cv=9&fst=1665108867064&num=1&value=0&label=6wPaCOv09oACELaRvr8B&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wga50&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tiba=THREAT%20ALERT%3A%20HavanaCrypt%20Ransomware%20Masquerading%20as%20Google%20Update&auid=441055802.1665108867&gcs=G111&gcd=G100&gcu=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CJqqsQI&pscrd=Ek5DaEVJOFBuNW1RWVFzX0dEZ3EtRm44dlJBUklsQUt6SEZLa0NEZ19rWEk0c2tTTVlBTFVTN2JGcTlPekluQy1WX3NyYUtET01JNmNpOUEaWENoRUk4UG41bVFZUW5MN0NzTzJseHI3T0FSSXRBTlZUQmxwczVGc3JGdlBZakZhVWxjNFdicTFCZlkxWFItWFg0VTJ0OW1ZUzJhajJmV1RkcHNTbG9DeVg&is_vtc=1&ocp_id=g4s_Y_27CNiH9fgPkPiuqAE&cid=CAQSKQCsnQUxMGboxkoWFq92PazwaZ8WA6vdhmbD3xuHg5QTicQSbcs3pdhjIBM&eitems=ChEI8Pn5mQYQqq24rZr9oIrHARIdAGVc4pjvKxOc96AImevjriIytZT9RsbkdKGl_nw&random=3926097331&resp=GooglemKTybQhCsO&ipr=y&prhg=0

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:27 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:27 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/401574070/?random=1168578397&cv=9&fst=1665108867064&num=1&value=0&label=6wPaCOv09oACELaRvr8B&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wga50&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tiba=THREAT%20ALERT%3A%20HavanaCrypt%20Ransomware%20Masquerading%20as%20Google%20Update&auid=441055802.1665108867&gcs=G111&gcd=G100&gcu=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CJqqsQI&pscrd=Ek5DaEVJOFBuNW1RWVFzX0dEZ3EtRm44dlJBUklsQUt6SEZLa0NEZ19rWEk0c2tTTVlBTFVTN2JGcTlPekluQy1WX3NyYUtET01JNmNpOUEaWENoRUk4UG41bVFZUW5MN0NzTzJseHI3T0FSSXRBTlZUQmxwczVGc3JGdlBZakZhVWxjNFdicTFCZlkxWFItWFg0VTJ0OW1ZUzJhajJmV1RkcHNTbG9DeVg&is_vtc=1&ocp_id=g4s_Y_27CNiH9fgPkPiuqAE&cid=CAQSKQCsnQUxMGboxkoWFq92PazwaZ8WA6vdhmbD3xuHg5QTicQSbcs3pdhjIBM&eitems=ChEI8Pn5mQYQqq24rZr9oIrHARIdAGVc4pjvKxOc96AImevjriIytZT9RsbkdKGl_nw&random=3926097331&resp=GooglemKTybQhCsO&ipr=y&prhg=0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect Show response
e.clarity.ms/ 0
160 B 639ms
286ms XHR
text/plain 20.62.48.180
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://e.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus2-b/s/0.6.42/clarity.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 20.62.48.180 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

access-control-allow-origin: https://www.cybereason.com
date: Fri, 07 Oct 2022 02:14:27 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608

GET
H3 200 /
www.google.com/pagead/1p-user-list/561371164/ 42 B
64 B 133ms
52ms Image
image/gif 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/561371164/?random=1665108867036&cv=9&fst=1665108000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wga50&sendb=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tiba=THREAT%20ALERT%3A%20HavanaCrypt%20Ransomware%20Masquerading%20as%20Google%20Update&async=1&fmt=3&is_vtc=1&random=2950158924&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:27 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/561371164/ 42 B
108 B 52ms
51ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/561371164/?random=1665108867036&cv=9&fst=1665108000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wga50&sendb=1&frm=0&url=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tiba=THREAT%20ALERT%3A%20HavanaCrypt%20Ransomware%20Masquerading%20as%20Google%20Update&async=1&fmt=3&is_vtc=1&random=2950158924&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:27 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 57ms
19ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-56367941-1&cid=1593496973.1665108866&jid=1438238457&gjid=508340499&_gid=1291617858.1665108867&_u=KBDAAEAAAAAAACAAI~&z=1384433970

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 07 Oct 2022 02:14:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cybereason.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 51ms
51ms Image
image/gif 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-56367941-1&cid=1593496973.1665108866&jid=1438238457&_u=KBDAAEAAAAAAACAAI~&z=947409897

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 124ms
48ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-56367941-1&cid=1593496973.1665108866&jid=1438238457&_u=KBDAAEAAAAAAACAAI~&z=947409897

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 core Show response
js.driftt.com/ Frame 6C6B 2 KB
1 KB 126ms
126ms Document
text/html 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1665108900000/zdcd6x8yhg85.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

669ac04122ead9e12ba8b9120ceaf429df4278bd96ae8afd8346fe9c7a03f94a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 07 Oct 2022 02:14:27 GMT
etag: W/"6b046a4448e09111ef0c1e3069f0a209"
last-modified: Tue, 04 Oct 2022 20:35:55 GMT
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-id: eAWz7QZsYYPxZkAOmiM4HmE3w1PSeMcElnBygVj_yjg9JhsNuruYrA==
x-amz-cf-pop: AMS54-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: oPDZZG_eGr8RW_H3fnMK5x.kFaUbkeKE
x-cache: RefreshHit from cloudfront

GET
H2 200 chat Show response
js.driftt.com/core/ Frame B2BB 2 KB
1 KB 315ms
314ms Document
text/html 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1665108900000/zdcd6x8yhg85.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

669ac04122ead9e12ba8b9120ceaf429df4278bd96ae8afd8346fe9c7a03f94a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 07 Oct 2022 02:14:28 GMT
etag: W/"6b046a4448e09111ef0c1e3069f0a209"
last-modified: Tue, 04 Oct 2022 20:35:55 GMT
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-id: daccEeksd6R5JP8HlMfMRfPg02adt-RGDWI8MHzSm5nxKta8edsV7Q==
x-amz-cf-pop: AMS54-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: oPDZZG_eGr8RW_H3fnMK5x.kFaUbkeKE
x-cache: RefreshHit from cloudfront

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 39ms
38ms Image
image/gif 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=75959924&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&ul=en-us&de=UTF-8&dt=THREAT%20ALERT%3A%20HavanaCrypt%20Ransomware%20Masquerading%20as%20Google%20Update&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=airpr&ea=visitor%20hit&_u=KDDAAEABAAAAACAAI~&jid=&gjid=&cid=1593496973.1665108866&tid=UA-56367941-1&_gid=1291617858.1665108867&cd16=1593496973.1665108866&z=372811131

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 22:18:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 14170
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

204

anpx
dpx.airpr.com/
Redirect Chain

https://dpx.airpr.com/px?hostname=www.cybereason.com&profile=660386&ga_account_id=UA-56367941-1&ga_account_type=UA&ga_c=1593496973.1665108866&an=true
https://secure.adnxs.com/getuid?https://dpx.airpr.com/anpx?adnxs_uid=$UID&airpr_id=5045847875
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdpx.airpr.com%2Fanpx%3Fadnxs_uid%3D%24UID%26airpr_id%3D5045847875
https://dpx.airpr.com/anpx?adnxs_uid=1531626826869209980&airpr_id=5045847875

0
63 B

9ms
9ms

Image
text/plain

35.156.209.154
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dpx.airpr.com/anpx?adnxs_uid=1531626826869209980&airpr_id=5045847875
Protocol: H2
Server: 35.156.209.154 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-156-209-154.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:27 GMT
cache-control: private
server: nginx

Redirect headers

Pragma: no-cache
Date: Fri, 07 Oct 2022 02:14:27 GMT
AN-X-Request-Uuid: 1df7fafc-1ccb-4cb4-81aa-b64490459f20
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://dpx.airpr.com/anpx?adnxs_uid=1531626826869209980&airpr_id=5045847875
Connection: keep-alive
X-Proxy-Origin: 185.213.155.164; 185.213.155.164; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
517 B 132ms
132ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3852045874&v=1.1&a=3354902&pi=82674355331&ct=blog-post&ccu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&cpi=82674355331&cgi=5272851739&lpi=82674355331&lvi=82674355331&lvc=en&pu=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&t=THREAT+ALERT%3A+HavanaCrypt+Ransomware+Masquerading+as+Google+Update&cts=1665108867800&vi=318bada2251525af017c28cbbd6d2724&nc=true&u=85683782.318bada2251525af017c28cbbd6d2724.1665108867797.1665108867797.1665108867797.1&b=85683782.1.1665108867797&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 9f72eb81-8ac6-4fe7-919c-e504e9ee7b8d
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5IqytVxEmc4weuuMxc8hXG3PZSw7eFDFWhRajmFdrND1nwcdAniFHH89anBa8rbkVYEy4d7fAyeg6SmQkuSIM063rLKrNdos62g2w0kuqwNQoW7eDdNF3fgBgiwVUhKmWxCIk73vlJ1RK5d0yvEt"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 75631f97c9f6bb43-FRA
x-robots-tag: none

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=04BB232828B846BE8042BBD1A0E2B4A4&RedC=c.clarity.ms&MXFR=32B041FEB31D658F207C53C8B71D6B92
https://c.clarity.ms/c.gif?CtsSyncId=04BB232828B846BE8042BBD1A0E2B4A4&MUID=1DC4595F6E9B6BF9088E4B696F496A78

42 B
369 B

29ms
28ms

Image
image/gif

20.234.93.27
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=04BB232828B846BE8042BBD1A0E2B4A4&MUID=1DC4595F6E9B6BF9088E4B696F496A78
Protocol: H2
Server: 20.234.93.27 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:27 GMT
last-modified: Tue, 13 Sep 2022 19:54:52 GMT
server: Microsoft-IIS/10.0
etag: "8d3298b0aac7d81:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:27 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EEFFB080D3E64E75B64F5F701ED18E50 Ref B: FRAEDGE1316 Ref C: 2022-10-07T02:14:27Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=04BB232828B846BE8042BBD1A0E2B4A4&MUID=1DC4595F6E9B6BF9088E4B696F496A78
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 254 B
1 KB 186ms
156ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=3354902&utk=318bada2251525af017c28cbbd6d2724&__hstc=85683782.318bada2251525af017c28cbbd6d2724.1665108867797.1665108867797.1665108867797.1&__hssc=85683782.1.1665108867797&contentId=82674355331&currentUrl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7afb77d6eb6a283a2a69860292a1b7fccf06f5f5d3cac1af4fa7209d84741385

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 07 Oct 2022 02:14:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: c5c2b780-f101-4fa5-8f55-f9073d0f6076
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.cybereason.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EQQMqULXpNtP7%2FdxAZosS8UPMvl6PfoEFIYAS3quPHEqHuSvB5b30tDFHwUHPtqOYS5jWAfVBR459Gh2Ye6wJ4ImJTVkylfLTiWkrV6NdD7njCY07gFdh79gY5lSGTOArvvYGKZOESK0U2v8lvyO"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 180
access-control-allow-credentials: false
cache-control: max-age=0, no-cache, no-store
x-robots-tag: none
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 75631f986edd9196-FRA

GET
H2 200 runtime~main.d9860ad0.js Show response
js.driftt.com/core/assets/js/ Frame 6C6B 6 KB
3 KB 15ms
15ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

ca7370a8c0660756c7cc349b341744e31ed2652325b099337030fa17779dac16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 20:35:54 GMT
x-amz-version-id: hp9rs.QIsjfAKP7n8iX1XFLREaa.GH_f
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 193113
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 04 Oct 2022 17:37:52 GMT
server: nginx
etag: W/"41fff542d34953f43ff6044677aca181"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: jkALsqlpPV0f-M37wJ_zZq4ayHyEMG5STCCaEfZ1psChF52YS1ua7A==

GET
H2 200 8.611ead2e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6C6B 35 KB
13 KB 16ms
16ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.611ead2e.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

7fe9c49bb2fa7df0e7f30f29e2cf5dc5856a6a94e24020cd71b15806418e2509

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 08:41:22 GMT
x-amz-version-id: F2w1xQA.MmTyK.v3rD0B8YtlwjpVXcK0
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 3691985
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 23 Aug 2022 15:27:02 GMT
server: nginx
etag: W/"6aa29962f34a8e117268142c7cc1cc3d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: NXjYmu0e_e5gHj_cHbhsz4rGIArZAY7NZDy3skYB3Mr0iFwMbFbyxA==

GET
H2 200 main~493df0b3.36fddc5f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6C6B 7 KB
3 KB 17ms
16ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.36fddc5f.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

ba1b5ba457e3244bfc1b5e32428086b59e9738588b18a6620b9b437b31e48211

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 18:51:29 GMT
x-amz-version-id: 9EnD3a2xqmtsRD1N0L0ke0M639lGWwZ6
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 890578
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Mon, 26 Sep 2022 18:38:51 GMT
server: nginx
etag: W/"d67b9f21a56510a527a7f7537b00473f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: jwdd6KNsf4-axjz5Z_UIr89ALFdd0F00O_-DtZXHgvape314X5DRig==

GET
H2 200 48.36272856.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6C6B 47 KB
14 KB 18ms
15ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/48.36272856.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

a77bb1b8bfef4a56cbbb32a3f0db155355f7259e1505797dcce1c128be3a97a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 14:05:25 GMT
x-amz-version-id: k8.uxYl53iC1oeWvq0NE3PJ03yVM0lns
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 2549342
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 06 Sep 2022 19:38:20 GMT
server: nginx
etag: W/"11fc6ce0a6034588f5e23638e2b6c3f2"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: HA8yRp8hrNCfYWFOHmInQ8kysnvLPsYQfae5LvnY2P9Bh6SJbIH8Nw==

GET
H2 200 22.fd21eb42.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6C6B 44 KB
13 KB 18ms
15ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.fd21eb42.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

78c1118165ba1620bd91cc6f96c1cd99fa9469a9382f73f313c8e556d0fdaa9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 02:05:26 GMT
x-amz-version-id: YexW6BjeF.CxCGE0Q.giYMzIs4l6URt0
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 2592541
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 06 Sep 2022 19:38:19 GMT
server: nginx
etag: W/"cbf1bca421271b2567e00a478296192b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: c1azV3E-HotU_7N-JSRfG_hufaqDY2oziNET2VgN2wQEOi9oGs1wvQ==

GET
H2 200 18.40ab7295.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6C6B 16 KB
5 KB 19ms
15ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.40ab7295.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

597514d432ff2059b3e477385c44fb38d44c73f5d640eebe645cf3b340bcff56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 14:05:25 GMT
x-amz-version-id: 3ktfD2K4Jga.M1SWwwN9gtZLMJ_jJceE
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 2549342
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 06 Sep 2022 19:38:19 GMT
server: nginx
etag: W/"fafe5f62fc3aec49b7966fa154962db8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: RBI5V4ZooEuF8f_UxWQ5Ztw_LzXJH7uLooCgnScEIulNaWLi3frp_w==

GET
H2 200 39.0cc86423.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6C6B 25 KB
8 KB 20ms
17ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/39.0cc86423.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

9df0c15923f76778de529c7e5131028841cb6891ca460d779c92e499005ee0d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Sun, 04 Sep 2022 04:57:26 GMT
x-amz-version-id: Nn_V4iY4VAT3mSV4zJkGaX.qq.CWi5Ht
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 2841421
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 01 Sep 2022 13:18:44 GMT
server: nginx
etag: W/"3cbfbd7bb911f7cfc3b4394f334cdb67"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 93aQaMZP1UR9vD47hbaFjHEbyaahJBmU6tP80Yr3p2HP7Z5PLUl_eg==

GET
H2 200 20.8c21ea18.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6C6B 74 KB
23 KB 22ms
18ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 26 Aug 2022 12:53:52 GMT
x-amz-version-id: _iATeboHvfY_0UKtYTku0LXCQxT6mgCN
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 3590435
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 25 Aug 2022 21:13:15 GMT
server: nginx
etag: W/"6d77a76055d81227033363af2f18caf8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: KBSeXayamhNAaYKWB7txvW1R9esVYSlBaJH1ErHYjXT3Y0CculPd9Q==

GET
H2 200 25.8f107198.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6C6B 59 KB
19 KB 25ms
22ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.8f107198.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

6c93a2e253cf1b83c4549ee38234134aa07f3b0293815375c49c9d4576986db1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 02:01:46 GMT
x-amz-version-id: PiE96LrRCvFZCUIjOT8oVAX6NhM5DsoZ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 3111161
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 31 Aug 2022 18:10:09 GMT
server: nginx
etag: W/"e2511c69e5bdc03467952abaccdb5383"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: oyCGU0a_FJRMT82b984fv5ogtK7kOhMv3j9gjJIabnR1V0FlGgiLqw==

GET
H2 200 13.3e86f1f6.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6C6B 91 KB
91 KB 29ms
26ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/13.3e86f1f6.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

81e6b4ec22135fd2056e29456e32539e21876266ab0bf8438b87117f70c0f827

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Sat, 03 Sep 2022 02:20:14 GMT
x-amz-version-id: tL0mO7lwTQOm1OEDR9eN1LSlBkEAt593
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: AMS54-C1
age: 2937253
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 92674
last-modified: Thu, 01 Sep 2022 13:18:43 GMT
server: nginx
etag: "fdee1a560ca08e3d3702e14d8f1f0b82"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 1uS-pYmbwKQnFnDzQ9DjfuKTuSrrGTtOkgEW7dC70hj7vy-_YQuBlQ==

GET
H2 200 11.639238ba.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6C6B 23 KB
7 KB 25ms
23ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/11.639238ba.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Sun, 18 Sep 2022 01:32:02 GMT
x-amz-version-id: 41Rj_7QKP59w2WnODlMWAa6QFTo_5uBY
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 1644145
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 16 Sep 2022 16:12:57 GMT
server: nginx
etag: W/"4049f38c00add1738dc4806148ff8829"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Ouh9tMFyN79QkJc9EI7NWQ3sdk5ePTQS4SkCIgJWlD7WI1GO8A1_cQ==

GET
H2 200 16.fde6fa28.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6C6B 62 KB
20 KB 27ms
24ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.fde6fa28.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

91c379a7d8ec04aeeb162ea6d8069ad9fe872cec0d8a56f8861b02c494a6e0f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 01:42:02 GMT
x-amz-version-id: 4419YFPoRA1JyzCepHPPe9MgW2odb2j5
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 3285144
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 25 Aug 2022 21:13:15 GMT
server: nginx
etag: W/"90795af8c950a50300cf801b300db7ab"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: W1LW83KQexRANlr4BPdFWyfCSa742EIYM23iXCJsFgcRJ96CeMUUQg==

GET
H2 200 46.c9d569f4.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6C6B 105 KB
34 KB 29ms
27ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/46.c9d569f4.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

79d8bfb0ff06d8516e46d4457bd951ed893d2deed31ab348227e06c91a5a35cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 14:05:25 GMT
x-amz-version-id: z4GuioFw41AUfQig_beaXDNkINlEfczX
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 2549342
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 06 Sep 2022 19:38:20 GMT
server: nginx
etag: W/"60ea9f8ff45a51f96f67728ef12e7e79"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: fiRu2TgNN_9a1b32_bT_QSDuhYWQtCXNY9NxCLnlW30fP6t6QU21wg==

GET
H2 200 37.9da17c94.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6C6B 12 KB
12 KB 49ms
47ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/37.9da17c94.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

46959f0ff8db28a2e76b7bcd57953ead9ec578260c21cad5c5354a46f7890cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 02 Sep 2022 06:16:53 GMT
x-amz-version-id: woU_NMwXT9PlBFgNTXSbQAfLwa5D1lHO
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: AMS54-C1
age: 3009454
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 11808
last-modified: Thu, 01 Sep 2022 13:18:44 GMT
server: nginx
etag: "e5c98ad7a7e70a1957477e33db39149c"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: j3UmeLmyhRLxzOAfcSQy8SMJuIw15dW2DIkVKkk5J8IPRanDQ2nVEg==

GET
H2 200 28.190877b8.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6C6B 13 KB
6 KB 43ms
40ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/28.190877b8.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

d7ead427aca51c227410c4595b49b48dde8f9e76864b4f3fcb32861034b0c6a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 14:05:25 GMT
x-amz-version-id: G0DP4jvUaKtIbfyIxWqyC1CIhSHB9xO6
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 2549342
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 06 Sep 2022 19:38:19 GMT
server: nginx
etag: W/"94c7e7cb2f40e10abeee8e28c0f68eb7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: NY_zTHGfxHyG0LE6Jt24TXd6-qdOVJq5JcKhmPigSvftG8nIcNQuWQ==

GET
H2 200 21.b8c41db9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6C6B 17 KB
7 KB 43ms
41ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 30 Sep 2022 00:33:19 GMT
x-amz-version-id: Pi7EBXi_qXS8D1_qBV.NprvoIg.gfF1R
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 610868
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 29 Sep 2022 20:45:25 GMT
server: nginx
etag: W/"65e5c965272e021ae33ff8bc39565ef5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: bD7Y2JYwohwjtENwFPXgTtLym49R9c3p-Mur9snHdu0Gg8_jxj3KUA==

GET
H2 200 9.7980313a.chunk.css
js.driftt.com/core/assets/css/ Frame 6C6B 14 KB
3 KB 43ms
42ms Stylesheet
text/css 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/9.7980313a.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

146b085fcb240a04c301d265173b47e2794d3fd86c26ccb986ca01095fe8f847

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 13:41:58 GMT
x-amz-version-id: CxerwMRS6CdLERPs5NVshkyA9cHh0Tkt
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 1341149
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 21 Sep 2022 13:23:52 GMT
server: nginx
etag: W/"97ab5d7bf24ef1c4f1e14801b9a510ed"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 0ubSorh2FKpSSaHrpF7Q4PV_QuqQmy3_imcEYzYpUWbwU7N_unq1ew==

GET
H2 200 9.aec5ae1e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6C6B 75 KB
23 KB 44ms
42ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.aec5ae1e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

c2fddf08a4e5ab67c648a4b100dbdef6406f5f4c897d3b741d7c6d08a588d27b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 20:51:18 GMT
x-amz-version-id: RcGjz84EopTVannwrQjbyu.XebyJ_Kcs
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 624189
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 29 Sep 2022 20:38:56 GMT
server: nginx
etag: W/"a6fea5b51572ff8b49ecfa51f1d6b222"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ovYFec2MYHDnnC4DFp_3H4a2BGfRBeOjlcTUwTojzxNZw1VttcwEmA==

GET
H2 200 17.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 6C6B 24 B
666 B 43ms
42ms Stylesheet
text/css 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/17.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 01:42:03 GMT
x-amz-version-id: 5UwSmZqQrlAmjqCNab6YwRajrlZZuPZ.
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: AMS54-C1
age: 3285144
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 24
last-modified: Thu, 25 Aug 2022 21:13:13 GMT
server: nginx
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: rf-fHjrXdsrfeeXo_Lzu6mzUcKs7xjiXg8Li0w2LyYppfXGaKGad-g==

GET
H2 200 17.9f871eab.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6C6B 78 KB
20 KB 45ms
44ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.9f871eab.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

0f9be297502b6ab0826a96ea3dc949fc5a970c993aadff30a4bdd2553a3c0f0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 27 Sep 2022 13:07:09 GMT
x-amz-version-id: XqJN.BQurZ.WvwfHTo0gzIwh2iUhCmfF
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 824838
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 27 Sep 2022 12:54:37 GMT
server: nginx
etag: W/"1c17301b3219dfcdc54b018eed28e592"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 6lRM-L5c41yci53mqd0OiAGu04UTN3rrtQLHnoEx-8jnM9Lbq2cbUQ==

GET
H2 200 24.9e93913f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6C6B 49 KB
13 KB 46ms
45ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.9e93913f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

9166b352495a70d02631c9792d021598f6ee53bef4f49baa766a059e6f9c8190

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 27 Sep 2022 13:07:09 GMT
x-amz-version-id: TKLLvkDHW8MNe4LTIWvBlrDRRNKrxHZ.
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 824838
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 27 Sep 2022 12:54:37 GMT
server: nginx
etag: W/"b0ce2074e6898eaf63dee45cca7a4495"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: p0fmXTdW6wI22vkFYs5D_NuyOtYcgL03ealuMS-udlcIhJsZ1Tj-7Q==

GET
H2 200 15.4a32c13f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6C6B 40 KB
13 KB 46ms
46ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/15.4a32c13f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

e0ede14c4d32144f48d3fb3b16472cdf34000377cfbd99b46aed857772952d06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 20:35:54 GMT
x-amz-version-id: ko_Aq3_zqqeuo6ih6xeBPnMIV4_7915_
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 193113
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 04 Oct 2022 17:37:49 GMT
server: nginx
etag: W/"ba3af1ed9d6cbe1d4c2451dda8b87ec4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qFzEVVX2vW4lGobkA9lAHioZzF1LwOTJetGlwkKeb2gyc2XqJ9jMXg==

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6C6B 9 KB
3 KB 16ms
15ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 00:41:02 GMT
x-amz-version-id: E.Le1HHD6dXp1z9JLSdA8U2RMDD.dyV2
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 2684006
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 01 Sep 2022 13:18:43 GMT
server: nginx
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: u-_KpUNPI1bVFoM15uRP54yDM9G0pXvXGwJXUsKURlafeiNK-LmK3A==

GET
H2 200 26.2d4cdbd1.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6C6B 34 KB
10 KB 17ms
16ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.2d4cdbd1.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

71e905aff9bad1d3b5a783336fcdd013cc97beb8985e4cd2cf7d195925a48211

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 18:23:27 GMT
x-amz-version-id: siv4sYmLp3BEOV5kWKjSS9V7tHMZAkGl
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 3138661
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 31 Aug 2022 18:10:09 GMT
server: nginx
etag: W/"c55d27c90bd5affbf7c7047151ac3b6a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 60AJOlzLOhr9s-DU8yrQTB19451OwJyMU1LsDT3RCxAcfhmtfHu_Mw==

GET
H2 200 27.9bf46b67.chunk.css
js.driftt.com/core/assets/css/ Frame 6C6B 8 KB
2 KB 16ms
15ms Stylesheet
text/css 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/27.9bf46b67.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

4eda4b5575532ad6a713d3d9bbcde581c519d9b8d0202363925ddc80049eed6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 12 Aug 2022 18:08:02 GMT
x-amz-version-id: OwtYu1UfCDk9O65HArj6B6mV7fLBXaFN
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 4781186
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 12 Aug 2022 17:25:54 GMT
server: nginx
etag: W/"4f21faf2ba450e5fcdf7eda90813e185"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: UWNX2AydX5lMrJr5teswwucKoRxMy2F7YrMeAfNXmJOdi4BjCSEF_g==

GET
H2 200 27.8ce71763.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6C6B 13 KB
6 KB 17ms
17ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/27.8ce71763.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

70a312bca25d7ef781c740dbd24da745dd7497e9189ac319983b7ab8d7ecc6dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 27 Sep 2022 13:07:11 GMT
x-amz-version-id: 4m89pd1hZD6.1b2OhUNLYqPxt2viGYcz
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 824837
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 27 Sep 2022 12:54:37 GMT
server: nginx
etag: W/"95bfb1423cbba7940f8fdc86ec6829d8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: jloXWrvBM93BgARfMqQjzDNSl9gK6z3awjvIPPrMjz38LG-OQoQ8fg==

GET
H2 200 19.c695453b.chunk.css
js.driftt.com/core/assets/css/ Frame 6C6B 365 B
1009 B 18ms
17ms Stylesheet
text/css 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/19.c695453b.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 26 Aug 2022 04:38:21 GMT
x-amz-version-id: 0qTUVNxeDehZuMQX6dMenM0wOhIgB9z3
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: AMS54-C1
age: 3620167
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 365
last-modified: Thu, 25 Aug 2022 21:13:13 GMT
server: nginx
etag: "06b2963b029c0824382815165bfea73e"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: fkClvM2W_8PrFrSxXndSqJWW7U-7MA8eYGv6XB1vlEWS0b8DTFWPdA==

GET
H2 200 19.ccc4dd0f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 6C6B 90 KB
25 KB 18ms
18ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.ccc4dd0f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

b54842779c45583692387ab3c5a25856b096651ce71ca021bf4851dd695d957a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=zdcd6x8yhg85&region=US&forceShow=false&skipCampaigns=false&sessionId=4007592d-2804-4165-9d00-49227d336d22&sessionStarted=1665108867.777&campaignRefreshToken=641782e6-36d9-43b2-bb2b-1bcb6de61235&hideController=false&pageLoadStartTime=1665108865501&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 27 Sep 2022 13:07:11 GMT
x-amz-version-id: IEfu.nS.7rMKDGUmIJ2zWU7noVl9Gbdv
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 824837
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 27 Sep 2022 12:54:37 GMT
server: nginx
etag: W/"1c76d62c0affe1337ebc4f2f2fe16a18"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: lOdCyqyMvGsovT9GlL14ToC_Czjscimzn76JJPFvkYXzuS5LGdu0Ew==

GET
H2 200 runtime~main.d9860ad0.js Show response
js.driftt.com/core/assets/js/ Frame B2BB 6 KB
3 KB 15ms
15ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

ca7370a8c0660756c7cc349b341744e31ed2652325b099337030fa17779dac16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 20:35:54 GMT
x-amz-version-id: hp9rs.QIsjfAKP7n8iX1XFLREaa.GH_f
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 193114
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 04 Oct 2022 17:37:52 GMT
server: nginx
etag: W/"41fff542d34953f43ff6044677aca181"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: dxai-MX4noVAnCEuX-cznirwQpzOZEeNtbf7qfNjGytf0si_3PCOfw==

GET
H2 200 8.611ead2e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame B2BB 35 KB
13 KB 16ms
15ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.611ead2e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

7fe9c49bb2fa7df0e7f30f29e2cf5dc5856a6a94e24020cd71b15806418e2509

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 08:41:22 GMT
x-amz-version-id: F2w1xQA.MmTyK.v3rD0B8YtlwjpVXcK0
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 3691986
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 23 Aug 2022 15:27:02 GMT
server: nginx
etag: W/"6aa29962f34a8e117268142c7cc1cc3d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: eKhtSdHODhmtY54uyL-BrNQ5EIHmbU12r1ubtdDRMZ_vCz3UT-IMXQ==

GET
H2 200 main~493df0b3.36fddc5f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame B2BB 7 KB
3 KB 16ms
16ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.36fddc5f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

ba1b5ba457e3244bfc1b5e32428086b59e9738588b18a6620b9b437b31e48211

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 18:51:29 GMT
x-amz-version-id: 9EnD3a2xqmtsRD1N0L0ke0M639lGWwZ6
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 890579
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Mon, 26 Sep 2022 18:38:51 GMT
server: nginx
etag: W/"d67b9f21a56510a527a7f7537b00473f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 9xLs_3CTCASKWF4ewmilLKNy2Wkg8L3MXk1U2uEUTRJbty7jfRwwmw==

GET
H2 200 48.36272856.chunk.js Show response
js.driftt.com/core/assets/js/ Frame B2BB 47 KB
14 KB 16ms
15ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/48.36272856.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

a77bb1b8bfef4a56cbbb32a3f0db155355f7259e1505797dcce1c128be3a97a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 14:05:25 GMT
x-amz-version-id: k8.uxYl53iC1oeWvq0NE3PJ03yVM0lns
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 2549343
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 06 Sep 2022 19:38:20 GMT
server: nginx
etag: W/"11fc6ce0a6034588f5e23638e2b6c3f2"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _XC2wXFgsz3zbeliLy9JPJ-8VElw9BIGdqqVmir5G8TMaJeLVSpGyA==

GET
H2 200 22.fd21eb42.chunk.js Show response
js.driftt.com/core/assets/js/ Frame B2BB 44 KB
13 KB 17ms
15ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.fd21eb42.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

78c1118165ba1620bd91cc6f96c1cd99fa9469a9382f73f313c8e556d0fdaa9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 02:05:26 GMT
x-amz-version-id: YexW6BjeF.CxCGE0Q.giYMzIs4l6URt0
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 2592542
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 06 Sep 2022 19:38:19 GMT
server: nginx
etag: W/"cbf1bca421271b2567e00a478296192b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: IwHvnBu8HyiKQD0ukXs5PIAmOSWaYTBxe0z_4zFCMvwZphhCqGGiAg==

GET
H2 200 18.40ab7295.chunk.js Show response
js.driftt.com/core/assets/js/ Frame B2BB 16 KB
5 KB 18ms
15ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.40ab7295.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

597514d432ff2059b3e477385c44fb38d44c73f5d640eebe645cf3b340bcff56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 14:05:25 GMT
x-amz-version-id: 3ktfD2K4Jga.M1SWwwN9gtZLMJ_jJceE
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 2549343
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 06 Sep 2022 19:38:19 GMT
server: nginx
etag: W/"fafe5f62fc3aec49b7966fa154962db8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: CWjedRQIHfA6dvZwNb956NB8oqLWEuw1wd3ZFcGyBm1uH83ZdYqc9Q==

GET
H2 200 39.0cc86423.chunk.js Show response
js.driftt.com/core/assets/js/ Frame B2BB 25 KB
8 KB 18ms
16ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/39.0cc86423.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

9df0c15923f76778de529c7e5131028841cb6891ca460d779c92e499005ee0d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Sun, 04 Sep 2022 04:57:26 GMT
x-amz-version-id: Nn_V4iY4VAT3mSV4zJkGaX.qq.CWi5Ht
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 2841422
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 01 Sep 2022 13:18:44 GMT
server: nginx
etag: W/"3cbfbd7bb911f7cfc3b4394f334cdb67"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: aTZU751x2FNppSzsSjHplf9CirhgNHDw1rPlHhnobwRDZL0xDTZrrw==

GET
H2 200 20.8c21ea18.chunk.js Show response
js.driftt.com/core/assets/js/ Frame B2BB 74 KB
23 KB 20ms
18ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 26 Aug 2022 12:53:52 GMT
x-amz-version-id: _iATeboHvfY_0UKtYTku0LXCQxT6mgCN
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 3590436
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 25 Aug 2022 21:13:15 GMT
server: nginx
etag: W/"6d77a76055d81227033363af2f18caf8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: V9QJT3jYOy4cXAPY28HrV5GKKrq5CuL015ZxOYgaF5w939Wf1bg_tg==

GET
H2 200 25.8f107198.chunk.js Show response
js.driftt.com/core/assets/js/ Frame B2BB 59 KB
19 KB 21ms
19ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.8f107198.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

6c93a2e253cf1b83c4549ee38234134aa07f3b0293815375c49c9d4576986db1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 02:01:46 GMT
x-amz-version-id: PiE96LrRCvFZCUIjOT8oVAX6NhM5DsoZ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 3111162
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 31 Aug 2022 18:10:09 GMT
server: nginx
etag: W/"e2511c69e5bdc03467952abaccdb5383"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: sQjjvt7_yw8Kreaj21OU2s7rgfL455eCJhh1yfrMP2LRdCJ9ztJ1Bg==

GET
H2 200 13.3e86f1f6.chunk.js Show response
js.driftt.com/core/assets/js/ Frame B2BB 91 KB
91 KB 22ms
20ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/13.3e86f1f6.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

81e6b4ec22135fd2056e29456e32539e21876266ab0bf8438b87117f70c0f827

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Sat, 03 Sep 2022 02:20:14 GMT
x-amz-version-id: tL0mO7lwTQOm1OEDR9eN1LSlBkEAt593
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: AMS54-C1
age: 2937254
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 92674
last-modified: Thu, 01 Sep 2022 13:18:43 GMT
server: nginx
etag: "fdee1a560ca08e3d3702e14d8f1f0b82"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: G28NG-xdhTY3HMTWqJxM6gLJ8oSKTJoE2Eyt6ydh2UXug9lGQ288gg==

GET
H2 200 11.639238ba.chunk.js Show response
js.driftt.com/core/assets/js/ Frame B2BB 23 KB
7 KB 24ms
22ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/11.639238ba.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Sun, 18 Sep 2022 01:32:02 GMT
x-amz-version-id: 41Rj_7QKP59w2WnODlMWAa6QFTo_5uBY
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 1644146
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 16 Sep 2022 16:12:57 GMT
server: nginx
etag: W/"4049f38c00add1738dc4806148ff8829"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: M_Ld50sI3qosLlC1mm4dgHaOmWatLUTKkZLJA6wXg6Mghhn-MmOB-A==

GET
H2 200 16.fde6fa28.chunk.js Show response
js.driftt.com/core/assets/js/ Frame B2BB 62 KB
20 KB 25ms
23ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.fde6fa28.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

91c379a7d8ec04aeeb162ea6d8069ad9fe872cec0d8a56f8861b02c494a6e0f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 01:42:02 GMT
x-amz-version-id: 4419YFPoRA1JyzCepHPPe9MgW2odb2j5
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 3285145
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 25 Aug 2022 21:13:15 GMT
server: nginx
etag: W/"90795af8c950a50300cf801b300db7ab"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: pJKFX-4rkmFbFF4m7E6m72BOmbk5D2TpWv8oOU90F96N7u6qosgOJw==

GET
H2 200 46.c9d569f4.chunk.js Show response
js.driftt.com/core/assets/js/ Frame B2BB 105 KB
34 KB 25ms
23ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/46.c9d569f4.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

79d8bfb0ff06d8516e46d4457bd951ed893d2deed31ab348227e06c91a5a35cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 14:05:25 GMT
x-amz-version-id: z4GuioFw41AUfQig_beaXDNkINlEfczX
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 2549343
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 06 Sep 2022 19:38:20 GMT
server: nginx
etag: W/"60ea9f8ff45a51f96f67728ef12e7e79"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: t0P8pLq5AC_9Vz36lAQnFhBaQNSZNZ5GlhyrNPVkLfc2FPSM4Aj9UA==

GET
H2 200 37.9da17c94.chunk.js Show response
js.driftt.com/core/assets/js/ Frame B2BB 12 KB
12 KB 26ms
24ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/37.9da17c94.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

46959f0ff8db28a2e76b7bcd57953ead9ec578260c21cad5c5354a46f7890cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 02 Sep 2022 06:16:53 GMT
x-amz-version-id: woU_NMwXT9PlBFgNTXSbQAfLwa5D1lHO
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: AMS54-C1
age: 3009455
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 11808
last-modified: Thu, 01 Sep 2022 13:18:44 GMT
server: nginx
etag: "e5c98ad7a7e70a1957477e33db39149c"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Vd0E2wXwIFLf40WA3KxLdCKR7RNrWQZOldiLqGGg9C3PV9wSmIhdFQ==

GET
H2 200 28.190877b8.chunk.js Show response
js.driftt.com/core/assets/js/ Frame B2BB 13 KB
6 KB 27ms
25ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/28.190877b8.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

d7ead427aca51c227410c4595b49b48dde8f9e76864b4f3fcb32861034b0c6a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 14:05:25 GMT
x-amz-version-id: G0DP4jvUaKtIbfyIxWqyC1CIhSHB9xO6
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 2549343
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 06 Sep 2022 19:38:19 GMT
server: nginx
etag: W/"94c7e7cb2f40e10abeee8e28c0f68eb7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 3xM9TSaA3teXGqkMOKrrXcfEUXF10juJn2LL9OIhH8oSTHM2sliAAQ==

GET
H2 200 21.b8c41db9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame B2BB 17 KB
7 KB 27ms
26ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 30 Sep 2022 00:33:19 GMT
x-amz-version-id: Pi7EBXi_qXS8D1_qBV.NprvoIg.gfF1R
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 610869
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 29 Sep 2022 20:45:25 GMT
server: nginx
etag: W/"65e5c965272e021ae33ff8bc39565ef5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 64m1vE_0hGGPUd4elv3NPGfBfcAaBeAKYfOhAAG7I3uYnpjM5P0zpg==

GET
H2 200 9.7980313a.chunk.css
js.driftt.com/core/assets/css/ Frame B2BB 14 KB
3 KB 27ms
26ms Stylesheet
text/css 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/9.7980313a.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

146b085fcb240a04c301d265173b47e2794d3fd86c26ccb986ca01095fe8f847

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 13:41:58 GMT
x-amz-version-id: CxerwMRS6CdLERPs5NVshkyA9cHh0Tkt
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 1341150
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 21 Sep 2022 13:23:52 GMT
server: nginx
etag: W/"97ab5d7bf24ef1c4f1e14801b9a510ed"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 3AbfoedSXBhb4vFV5r_-Dy_vFdh3M0cwGYBNoTSa2yZUNVb9Of1kNQ==

GET
H2 200 9.aec5ae1e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame B2BB 75 KB
23 KB 28ms
27ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.aec5ae1e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

c2fddf08a4e5ab67c648a4b100dbdef6406f5f4c897d3b741d7c6d08a588d27b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 20:51:18 GMT
x-amz-version-id: RcGjz84EopTVannwrQjbyu.XebyJ_Kcs
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 624190
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 29 Sep 2022 20:38:56 GMT
server: nginx
etag: W/"a6fea5b51572ff8b49ecfa51f1d6b222"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qI3eZrWkK4FdFKO9SLYFOhkbKYjXudivApjzyjRL4XtY_lvtLcTi8Q==

GET
H2 200 17.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame B2BB 24 B
667 B 28ms
27ms Stylesheet
text/css 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/17.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 01:42:03 GMT
x-amz-version-id: 5UwSmZqQrlAmjqCNab6YwRajrlZZuPZ.
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: AMS54-C1
age: 3285145
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 24
last-modified: Thu, 25 Aug 2022 21:13:13 GMT
server: nginx
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: TObHIM95kQ-7dgLcNSyGLHGRz6P2G1dMmlF7suEz85BduSqrrPC0MA==

GET
H2 200 17.9f871eab.chunk.js Show response
js.driftt.com/core/assets/js/ Frame B2BB 78 KB
20 KB 29ms
28ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.9f871eab.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

0f9be297502b6ab0826a96ea3dc949fc5a970c993aadff30a4bdd2553a3c0f0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 27 Sep 2022 13:07:09 GMT
x-amz-version-id: XqJN.BQurZ.WvwfHTo0gzIwh2iUhCmfF
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 824839
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 27 Sep 2022 12:54:37 GMT
server: nginx
etag: W/"1c17301b3219dfcdc54b018eed28e592"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: mh3zbZK31ZDxAzWMJMnA_BjF8H54NqPekIMLDY3RVoC2UB7wcflgpQ==

GET
H2 200 24.9e93913f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame B2BB 49 KB
13 KB 29ms
29ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.9e93913f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

9166b352495a70d02631c9792d021598f6ee53bef4f49baa766a059e6f9c8190

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 27 Sep 2022 13:07:09 GMT
x-amz-version-id: TKLLvkDHW8MNe4LTIWvBlrDRRNKrxHZ.
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 824839
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 27 Sep 2022 12:54:37 GMT
server: nginx
etag: W/"b0ce2074e6898eaf63dee45cca7a4495"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qaTO3VmyIISnJ5IKgDrWCwYaWhPwLMgmsLSCiePoNZhztt0IZCLh0w==

GET
H2 200 15.4a32c13f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame B2BB 40 KB
13 KB 30ms
30ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/15.4a32c13f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

e0ede14c4d32144f48d3fb3b16472cdf34000377cfbd99b46aed857772952d06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 20:35:54 GMT
x-amz-version-id: ko_Aq3_zqqeuo6ih6xeBPnMIV4_7915_
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 193114
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 04 Oct 2022 17:37:49 GMT
server: nginx
etag: W/"ba3af1ed9d6cbe1d4c2451dda8b87ec4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: tfJu_bQt8vxXkHsd1iaI0wBAEjzsxFbIRLS-HVFdEU2zza0Vusp8wQ==

GET
H2 200 34.11d2b6a7.chunk.css
js.driftt.com/core/assets/css/ Frame B2BB 3 KB
1 KB 15ms
15ms Stylesheet
text/css 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/34.11d2b6a7.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 07:00:31 GMT
x-amz-version-id: rxRgEAXAQ8YU3stqfNk8baaCfNLByKA1
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 2661237
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 01 Sep 2022 13:18:42 GMT
server: nginx
etag: W/"87532c4db85f1429fa6d759bc3332f36"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: CVLLMkwvCLbyPlQgfgoCE9A4C-EhHc3BudSPa6uUP81it786TokLPQ==

GET
H2 200 34.07340d2f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame B2BB 3 KB
2 KB 16ms
15ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/34.07340d2f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

5949dc5ef9ac0f8cb0d210d221d6eceeca2ffad94e3600b41566f468e146ae9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Sun, 04 Sep 2022 10:39:43 GMT
x-amz-version-id: jA_v_qJOBqqVuVuzFLKFbJbdj51OP00D
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 2820885
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 25 Aug 2022 18:10:17 GMT
server: nginx
etag: W/"f732dfb3db72f996e1f4bc0225629a20"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 1mNVv6E55eFHeMf2QL1-MOxwY0jXYfu-v3GFtQ1Su8GQNTUeQuS9iQ==

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame B2BB 9 KB
3 KB 15ms
14ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 06 Sep 2022 00:41:02 GMT
x-amz-version-id: E.Le1HHD6dXp1z9JLSdA8U2RMDD.dyV2
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 2684006
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 01 Sep 2022 13:18:43 GMT
server: nginx
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: uECKgD_teQ9F2zs-pTJBIxy1TvMp8TNAidoq72i-XEQaHUR3PQKTRw==

GET
H2 200 3.07aa08a5.chunk.css
js.driftt.com/core/assets/css/ Frame B2BB 7 KB
2 KB 16ms
15ms Stylesheet
text/css 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/3.07aa08a5.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 30 Sep 2022 02:58:51 GMT
x-amz-version-id: Bme3Ff3iPGc5WQiLnlmHV5B7d_GvIfWo
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 602137
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 29 Sep 2022 20:45:23 GMT
server: nginx
etag: W/"189aeffd571884559dababa22c66d75a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: aVyJ83Y6lSH5D6UqqCrhcSJNEW7qhc1zHOfZ5DPM_pNdRAhcYkOx8w==

GET
H2 200 3.f50b964b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame B2BB 54 KB
15 KB 19ms
18ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/3.f50b964b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 14:05:26 GMT
x-amz-version-id: _kry5Vt7qkbP1XHkOczJttIwv4KZoljE
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 2549342
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 06 Sep 2022 19:38:20 GMT
server: nginx
etag: W/"1ac37bf2b93050f29058b66a9ad43e10"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: TAU09eZRm3qfGzWjwupkqcvM6Cin-jdKmBtOLTRVjFKGxpw-w_iYZw==

GET
H2 200 1.2744e555.chunk.css
js.driftt.com/core/assets/css/ Frame B2BB 43 KB
7 KB 16ms
15ms Stylesheet
text/css 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/1.2744e555.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

7073fd7f7f86e4d7fa4ee64df42999c3a58d3ffd7f842b0e8e98001407a1966b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 22 Sep 2022 21:23:14 GMT
x-amz-version-id: h6NxhuFNLOMjRNKgXauNxPDXvquTMVXm
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 1227074
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 22 Sep 2022 21:13:24 GMT
server: nginx
etag: W/"faf2e5ac2f9cf40f3d49e4c4f468e306"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: PDKYFyWXAHUGeZMh7RMvdSaIVEsQ3rlGWXxPNZxyubx-F61HMHC83w==

GET
H2 200 1.ecd7de36.chunk.js Show response
js.driftt.com/core/assets/js/ Frame B2BB 73 KB
25 KB 17ms
16ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/1.ecd7de36.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

d58a0a7cecd5c71c1365f6927c6b27dd86dc7fd899f954308b6f54c51692d178

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 20:35:54 GMT
x-amz-version-id: sGYYC3XWewg9S3OFHYbekA9bbTcFqg.d
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 193114
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 04 Oct 2022 17:37:48 GMT
server: nginx
etag: W/"5c556082078ef430f4edb882fa5df822"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: xODtBKPA61qRjgjSuLVztxPQhz3g3QE6u0dhXnVwO89Yh5Xf6QERiA==

GET
H2 200 32.a3318c5e.chunk.css
js.driftt.com/core/assets/css/ Frame B2BB 14 KB
3 KB 16ms
15ms Stylesheet
text/css 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/32.a3318c5e.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

f3342c52eee43a2ea931cae2ee2d6d9a2939432ffcb03bb4f2983ac7e49b26cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 21 Sep 2022 13:41:58 GMT
x-amz-version-id: Tq0yzJUum5RyM1Vf648gx8d4gVPONjH2
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 1341149
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 21 Sep 2022 13:23:51 GMT
server: nginx
etag: W/"b06e02b360914b25e58305b1b9b954dc"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: xgcQ0xNaqbR5MfK8KbqgDwYaCMSZ1-C0VwtJo70hhLuY67Tu9c9Ozg==

GET
H2 200 32.d5d47ece.chunk.js Show response
js.driftt.com/core/assets/js/ Frame B2BB 12 KB
5 KB 17ms
17ms Script
application/javascript 13.227.219.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/32.d5d47ece.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d9860ad0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-48.ams54.r.cloudfront.net

Software

nginx /

Resource Hash

650c03f603ba5cfdfbecf0d8f7a031c73e1321e27c0c419230e1af7be12112e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1665108865501
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 27 Sep 2022 13:07:11 GMT
x-amz-version-id: wXCfB9nghzbvqtVACieGZDuOZ6xciMKI
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 1b0117d337408839a32bf2a49b55b3f0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 824837
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 27 Sep 2022 12:54:37 GMT
server: nginx
etag: W/"eeddb065f27c76dc4eec2ca704676575"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: chzbrOjBk-t9YQYas1mlZQ5egf0b6S6RyONh8_ObpsSN2QCnjqxavw==

POST
H2 200 v2 Show response
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame 6C6B 25 B
123 B 115ms
112ms XHR
application/json 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/48.36272856.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 07 Oct 2022 02:14:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 57cbf70b437c1654
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 13
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

OPTIONS
H2 200 v2
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame 0
0 363ms
102ms Preflight
text/plain 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Fri, 07 Oct 2022 02:14:28 GMT
requestid: driftbfa7c7548709d85d84943c98672
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 0

POST
H2 200 ping Show response
bootstrap.api.drift.com/widget_bootstrap/ Frame 6C6B 147 B
245 B 107ms
105ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/48.36272856.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

0f22cf2acf8146a0114391fa869da34a4c62183bce53e066d6605bf022b12ce1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 07 Oct 2022 02:14:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 7a7fcb248b157ea0
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 5
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 147

OPTIONS
H2 200 ping
bootstrap.api.drift.com/widget_bootstrap/ Frame 0
0 355ms
104ms Preflight
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Fri, 07 Oct 2022 02:14:28 GMT
requestid: drift184df2246baaef4337dd1d5b60c
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 0

POST
H2 204 collect Show response
e.clarity.ms/ 0
48 B 95ms
95ms XHR
text/plain 20.62.48.180
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://e.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus2-b/s/0.6.42/clarity.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 20.62.48.180 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

access-control-allow-origin: https://www.cybereason.com
date: Fri, 07 Oct 2022 02:14:28 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608

POST
H2 200 bulk Show response
metrics.api.drift.com/monitoring/metrics/event2/ Frame 6C6B 25 B
88 B 114ms
114ms XHR
application/json 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event2/bulk

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/48.36272856.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 07 Oct 2022 02:14:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 7de469a0c8a7d6a7
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 14
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

OPTIONS
H2 200 bulk
metrics.api.drift.com/monitoring/metrics/event2/ Frame 0
0 100ms
100ms Preflight
text/plain 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event2/bulk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Fri, 07 Oct 2022 02:14:30 GMT
requestid: drift754c8b545c8bc5abb164cb6703f
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 0

POST
H2 200 perf Show response
www.cybereason.com/_hcms/ 2 B
685 B 156ms
155ms XHR
text/plain 45.60.64.106
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cybereason.com/_hcms/perf

Requested by

Host: www.cybereason.com
URL: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.64.106 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-type: application/json

Response headers

date: Fri, 07 Oct 2022 02:14:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
x-hubspot-correlation-id: 7a2a91a5-b73e-44ba-ab0a-b5d0527a6a72
x-iinfo: 2-31817444-31817446 PNYN RT(1665108864103 6074) q(0 0 0 -1) r(2 2) U6
x-hs-https-only: worker
server: cloudflare
x-trace: 2BAB967CC0A3A5103FFF96CBBCCF318025A07AD169000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XEmtQfGzQD4pkvCPHWyR9ewkFghTd6muMkZJKIM2Z%2BsZM10%2BmTd8o2Xk6MXhJMfQfUO%2FGcnKLAqeEu6%2FojZZwY2x1m2XLHNBnvVrrrRm2W%2Fziin7BNAqvUsmqOV4cGkxwBeBvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
access-control-allow-credentials: false
cf-ray: 75631faa7d1690e3-FRA
x-robots-tag: none

POST
H3 204 collect
region1.google-analytics.com/g/ 0
17 B 39ms
39ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-PZ3FE06790&gtm=2oea50&_p=75959924&gcs=G111&gdid=dZTQ1Zm&cid=1593496973.1665108866&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1665108866&sct=1&seg=0&dl=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&dt=THREAT%20ALERT%3A%20HavanaCrypt%20Ransomware%20Masquerading%20as%20Google%20Update&en=user_engagement&ep.ga_temp_client_id=1593496973.1665108866&_et=903
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PZ3FE06790
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cybereason.com/blog/threat-alert-havanacrypt-ransomware-masquerading-as-google-update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 07 Oct 2022 02:14:32 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cybereason.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.7dae38096d06923d683a2a807172322a.html?origin=https%3A%2F%2Fwww.cybereason.com

Domain: t.co
URL: https://t.co/i/adsct?bci=5&eci=2&event_id=b49d1ada-ee25-4250-bf21-ca2414429f39&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=d07ce369-8bff-4680-aee4-cac01d0e32fc&tw_document_href=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=ny0ol&type=javascript&version=2.3.27

Domain: analytics.twitter.com
URL: https://analytics.twitter.com/i/adsct?bci=5&eci=2&event_id=b49d1ada-ee25-4250-bf21-ca2414429f39&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=d07ce369-8bff-4680-aee4-cac01d0e32fc&tw_document_href=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=ny0ol&type=javascript&version=2.3.27

Domain: analytics.twitter.com
URL: https://analytics.twitter.com/1/i/adsct?bci=5&eci=3&event=%7B%7D&event_id=161e4db9-830d-4ed1-ac64-96ba513399ec&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=d07ce369-8bff-4680-aee4-cac01d0e32fc&tw_document_href=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&tw_iframe_status=0&txn_id=o9na6&type=javascript&version=2.3.27

Domain: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-sync/demandbase

Domain: 10272547.fls.doubleclick.net
URL: https://10272547.fls.doubleclick.net/activityi;src=10272547;type=landing;cat=allsite;ord=5414039073414;gtm=2wga50;gcs=G111;gcu=1;auiddc=441055802.1665108867;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update?

Domain: 10428681.fls.doubleclick.net
URL: https://10428681.fls.doubleclick.net/activityi;src=10428681;type=cyber0;cat=cyber0;ord=9037368693503;gtm=2wga50;gcs=G111;gcu=1;auiddc=441055802.1665108867;~oref=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update?

Verdicts & Comments Add Verdict or Comment

151 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

53 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.cybereason.com/	1970-01-20 06:31:50	Name: __cf_bm Value: 4B8Wa4E._xwlsq62sSPnYyfqn1fv0ur1Q.hevclnm6I-1665108865-0-AdAKmq+e77v1Hq6dKAXhkmGWUMSOEsjtiqJn6vFJsd8tAvHU2dnXFjmUXdEyAZNI/oR0O7T0eFsJQjWqESM4j9o=
.www.cybereason.com/	1969-12-31 23:59:59	Name: __cfruid Value: b6c95acf841ebc915dd7e7e56aad52a5957adedd-1665108865
.cybereason.com/	1970-01-20 15:17:10	Name: visid_incap_2710048 Value: O0C3YAO4TDemDPz+2VaLJICLP2MAAAAAQUIPAAAAAAA/n2oOH8YBAkfV2vGA9jEI
.cybereason.com/	1969-12-31 23:59:59	Name: nlbi_2710048 Value: w7ZWMfts8i7AowJs2P/mMAAAAABDWD/8TjrO/o61QSESnYxL
.cybereason.com/	1969-12-31 23:59:59	Name: incap_ses_246_2710048 Value: NvFaPPVG0DsGe9m9ZfhpA4CLP2MAAAAA5X3vvdzFRqP8esp8MFLnaA==
.cybereason.com/	1970-01-20 15:17:24	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Fri+Oct+07+2022+02%3A14%3A26+GMT%2B0000+(GMT)&version=6.38.0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fwww.cybereason.com%2Fblog%2Fthreat-alert-havanacrypt-ransomware-masquerading-as-google-update&groups=C0001%3A1%2CC0004%3A0%2CC0002%3A0%2CC0003%3A0
.hubspot.com/	1970-01-20 06:31:50	Name: __cf_bm Value: tfRBJGHlC_wX6_XVR5dkwcm5318e4QE0zCZ0aibo8tU-1665108866-0-AYHuDO5Zeoq34lyN1qA5hIK3SHptmErxtiIInrS8xfMZKvEx27uoGJ5ElA0kpZK2XEJ120imuXfU8Zx4RBxcsdw=
.bing.com/	1970-01-20 15:53:24	Name: MUID Value: 1DC4595F6E9B6BF9088E4B696F496A78
.cybereason.com/	1970-01-20 08:41:24	Name: _rdt_uuid Value: 1665108866268.c99d6e8d-8381-4575-9b02-0b8f2338e337
.cybereason.com/	1970-01-20 06:33:15	Name: _uetsid Value: c45f0d3045e511edaffb1d6098b6159a
.cybereason.com/	1970-01-20 15:53:24	Name: _uetvid Value: c45f092045e511edbd6867e076ec489f
.techtarget.com/	1970-01-20 06:31:50	Name: __cf_bm Value: pCk73xaBU1D_MRAiSPpmNkC7lhWd_o.41fpvN_iRl84-1665108866-0-AYI+1s+3Yv6ZtwXv4Vsy+26J7nX/qK3Ki+2A24WrXefOeW1wZk1ypKS774vBtFrXyhGRiqZ2xH6cINvg/DcKc/I=
.ws.zoominfo.com/	1970-01-20 15:17:24	Name: visitorId Value: 145f304a283ed0c24c42710060abad26622f8b14dad005e11563899d2f9cc111
.zoominfo.com/	1970-01-20 06:31:50	Name: __cf_bm Value: uaT1pvTpac62Ojr2_BxzCq5Qj6AUH6CszO7UuQxr5vA-1665108866-0-Aa01p03w1fZrCb+1bY7x5J4XkpZ+iPujE4AV+Iu/gZ5gjCk+UmQE40ECVE6zw88w5+BlZF6FVE3+aHabQO5sSmE=
.cybereason.com/	1970-01-20 15:17:24	Name: _hjSessionUser_704918 Value: eyJpZCI6ImY0NTk3MGZlLWNiNWEtNWRjNy04ZTVjLTU3MjVkYzNhMzkxNSIsImNyZWF0ZWQiOjE2NjUxMDg4NjY1MzIsImV4aXN0aW5nIjpmYWxzZX0=
.cybereason.com/	1970-01-20 06:31:50	Name: _hjFirstSeen Value: 1
www.cybereason.com/	1970-01-20 06:31:48	Name: _hjIncludedInSessionSample Value: 0
.cybereason.com/	1970-01-20 06:31:50	Name: _hjSession_704918 Value: eyJpZCI6IjQ4YTM1YzYxLWE1NTUtNGE0Ny1iYjdlLTMwNDhmNzEzNDE3NiIsImNyZWF0ZWQiOjE2NjUxMDg4NjY1NTIsImluU2FtcGxlIjpmYWxzZX0=
www.cybereason.com/	1970-01-20 06:31:48	Name: _hjIncludedInPageviewSample Value: 1
.cybereason.com/	1970-01-20 06:31:50	Name: _hjAbsoluteSessionInProgress Value: 1
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 06:33:15	Name: lidc Value: "b=OGST06:s=O:r=O:a=O:p=O:g=2499:u=1:x=1:i=1665108866:t=1665195266:v=2:sig=AQHPWX9Zco6N0L8tsfsfMOECPKAuVz2c"
.linkedin.com/	1970-01-20 07:15:00	Name: UserMatchHistory Value: AQJCU6NrF7qqMwAAAYOwOPYr3Uxe3oWX494QrJhw2hnirYA4lq-s7Zw5lB2AGcWSbK7JSzKNruG6Wg
.linkedin.com/	1970-01-20 07:15:00	Name: AnalyticsSyncHistory Value: AQLgPalZF6erRwAAAYOwOPYrcMhfdirGVF_Dp5tNs0yFAJnRhNgBwm_n6vZU80bbPFc086tw-2b5hcRCO1bjoA
.linkedin.com/	1970-01-20 15:17:24	Name: bcookie Value: "v=2&5551c744-65d5-4ab3-8ff4-a58df11cbce3"
www.cybereason.com/	1970-01-20 15:17:24	Name: __pdst Value: 3d8eee61999f418cabad579b60324204
.mathtag.com/	1970-01-20 15:57:44	Name: uuid Value: 790a633f-8b82-4a00-8130-fd34a75ada7b
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 15:17:24	Name: bscookie Value: "v=1&20221007021426ad37c968-a039-4a18-8430-f9457ac21d93AQEz4m7cRASaKOZrW8veWdnv17g78sD9"
.linkedin.com/	1970-01-20 10:51:00	Name: li_gc Value: MTswOzE2NjUxMDg4NjY7MjswMjGMLpa/7oQYX/4z4+y0XBatJJ9sw+EYlNcaXHRUyl69cw==
.t.co/	1970-01-20 16:07:48	Name: muc_ads Value: 0d185bdc-e4ad-41af-9390-ceed268c260c
.mathtag.com/	1970-01-20 07:15:00	Name: mt_misc Value: mt_bt:1
www.clarity.ms/	1970-01-20 15:17:24	Name: CLID Value: 23142988098f489faf0bd6947fcc1604.20221007.20231007
.cybereason.com/	1970-01-20 08:41:24	Name: _gcl_au Value: 1.1.441055802.1665108867
.cybereason.com/	1970-01-20 16:07:48	Name: _ga_PZ3FE06790 Value: GS1.1.1665108866.1.0.1665108867.0.0.0
.cybereason.com/	1970-01-20 16:07:48	Name: _ga_SSF38JVRVJ Value: GS1.1.1665108866.1.0.1665108867.60.0.0
.cybereason.com/	1970-01-20 15:17:24	Name: _clck Value: zq550j\|1\|f5i\|0
.cybereason.com/	1970-01-20 16:07:48	Name: _ga Value: GA1.2.1593496973.1665108866
.cybereason.com/	1970-01-20 06:33:15	Name: _gid Value: GA1.2.1291617858.1665108867
.cybereason.com/	1970-01-20 06:31:48	Name: _gat Value: 1
.doubleclick.net/	1970-01-20 15:53:24	Name: IDE Value: AHWqTUnDKbJx8__FPCtn6HPDqirLfg1SopcPZHZS1aDXDyv2eLZl3YxUBiL75zHZ4jE
www.cybereason.com/	1970-01-20 06:31:50	Name: drift_campaign_refresh Value: 641782e6-36d9-43b2-bb2b-1bcb6de61235
.cybereason.com/	1970-01-20 10:51:00	Name: __hstc Value: 85683782.318bada2251525af017c28cbbd6d2724.1665108867797.1665108867797.1665108867797.1
.cybereason.com/	1970-01-20 10:51:00	Name: hubspotutk Value: 318bada2251525af017c28cbbd6d2724
.cybereason.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.cybereason.com/	1970-01-20 06:31:50	Name: __hssc Value: 85683782.1.1665108867797
.cybereason.com/	1970-01-20 06:33:15	Name: _clsk Value: g94d1v\|1665108867861\|1\|1\|e.clarity.ms/collect
dpx.airpr.com/	1970-01-20 06:31:49	Name: an_airpr_recent_visit Value: 1
.adnxs.com/	1970-01-20 08:41:24	Name: uuid2 Value: 1531626826869209980
.c.bing.com/	1970-01-20 15:53:24	Name: SRM_B Value: 1DC4595F6E9B6BF9088E4B696F496A78
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 15:53:24	Name: MUID Value: 1DC4595F6E9B6BF9088E4B696F496A78
.c.clarity.ms/	1970-01-20 06:31:49	Name: ANONCHK Value: 0

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://lltrck.com/lt-v2.min.js Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://id.rlcdn.com/464526.gif Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://id.rlcdn.com/711861.gif Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	deny

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10272547.fls.doubleclick.net
10428681.fls.doubleclick.net
3354902.fs1.hubspotusercontent-na1.net
ade.googlesyndication.com
ajax.googleapis.com
alb.reddit.com
analytics.twitter.com
aorta.clickagy.com
api.company-target.com
app.hubspot.com
apt.techtarget.com
bat.bing.com
bootstrap.api.drift.com
c.bing.com
c.clarity.ms
cdn.cookielaw.org
cdn.pdst.fm
cdn2.hubspot.net
cdnjs.cloudflare.com
cm.g.doubleclick.net
connect.facebook.net
dpx.airpr.com
e.clarity.ms
fast.wistia.com
fonts.googleapis.com
fonts.gstatic.com
forms.hubspot.com
geolocation.onetrust.com
googleads.g.doubleclick.net
hemsync.clickagy.com
id.rlcdn.com
in.hotjar.com
js.driftt.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsleadflows.net
lltrck.com
match.prod.bidr.io
metrics.api.drift.com
p.typekit.net
pagead2.googlesyndication.com
pixel.mathtag.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px.airpr.com
px4.ads.linkedin.com
region1.analytics.google.com
region1.google-analytics.com
script.hotjar.com
secure.adnxs.com
snap.licdn.com
stags.bluekai.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
tag.demandbase.com
tags.clickagy.com
track.hubspot.com
trk.techtarget.com
us-central1-adaptive-growth.cloudfunctions.net
use.typekit.net
vars.hotjar.com
vc.hotjar.io
ws.zoominfo.com
www.clarity.ms
www.cybereason.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.redditstatic.com
10272547.fls.doubleclick.net
10428681.fls.doubleclick.net
analytics.twitter.com
match.prod.bidr.io
platform.twitter.com
t.co
104.244.42.69
108.138.17.46
108.138.17.83
108.138.7.8
108.156.60.78
13.107.42.14
13.227.219.48
13.32.110.17
142.250.186.34
142.250.201.194
151.101.1.140
18.66.97.20
185.89.210.244
199.232.16.157
2.18.168.242
20.234.93.27
20.62.48.180
2001:4860:4802:32::36
2001:4860:4802:36::36
206.19.49.24
23.21.250.193
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2800:234:46c:e8b:1e2f:2bd:694
2606:4700:4400::6812:2128
2606:4700:4400::ac40:91d9
2606:4700:4400::ac40:929e
2606:4700:4400::ac40:9973
2606:4700:4400::ac40:9a55
2606:4700::6810:9440
2606:4700::6810:a852
2606:4700::6811:190e
2606:4700::6811:45b0
2606:4700::6811:d6cc
2606:4700::6811:eacc
2606:4700::6811:f1cc
2606:4700::6813:9b53
2620:1ec:21::14
2620:1ec:bdf::44
2620:1ec:c11::200
2a00:1450:4001:800::200a
2a00:1450:4001:803::2003
2a00:1450:4001:809::2008
2a00:1450:4001:80f::2003
2a00:1450:4001:830::2004
2a00:1450:4001:830::200e
2a00:1450:400c:c00::9d
2a00:1450:400d:805::2002
2a00:1450:400d:80a::200a
2a02:26f0:11a::6867:4843
2a02:26f0:11a::6867:4851
2a02:26f0:ea::1706:70c9
2a03:2880:f02d:12:face:b00c:0:3
2a04:4e42:200::396
2a04:4e42::622
3.214.87.107
3.94.218.138
34.200.202.85
35.156.209.154
35.244.142.80
35.244.174.68
45.60.64.106
50.16.7.188
52.222.236.122
52.30.44.244
92.123.37.164
022885b31265a4e0be090404294fc0e5344d734a0c6ce052fec718d3c13b61d5
05e896577858fe6f354a35e118dab4993f7eab9d43c45d095ce460a621cd512a
06294245f12818c2d04b2a9f1e1d9d5cadd44667f565cdc6f51c83aaf4dfef28
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b281bf2f4179c06ba68f0a427f2341287c41eacc2ce9d534c6f5c513ac633fb
0b454edb897d49bf8a73b07627b670a55f0972988094770495a308e5a5e39d1b
0d74f42735cbe54ae22d984b062bc08eb0836c7bec9819261cc35ae6957683e4
0e38365e416ab6d7967b10fd966b661477d270f50041f0a2552263aa3fb71d3b
0f22cf2acf8146a0114391fa869da34a4c62183bce53e066d6605bf022b12ce1
0f94c946a13b9ebe43281550b7d0c00edf4694ad06bcb4c8679bee6d48df5115
0f9be297502b6ab0826a96ea3dc949fc5a970c993aadff30a4bdd2553a3c0f0b
119bf322a2ce6d2a82422b51404bc54b375c881f12a120205598d1691fa48820
11cce2e218d0f6dc5dd12f9870e73c19a94c0c17eefcbacfd1eda3177524fee8
12038d9e690364421f9d1f31b75a00e2e84c7d2f6c700be59ba5a50d811060b5
12127e3110351f54262db955bafe353593dd58c89c7f6b6fc159c10515e93c61
146b085fcb240a04c301d265173b47e2794d3fd86c26ccb986ca01095fe8f847
14e4d1596c6b58896dfce1fc1ec45372bab4d2259ba82828fa3f96cc4f859fc4
17770d05051a8a4f270ba5bdf049b90cc166ac42bd4513f419308a5804d7a161
17a31aae550a664382ab9d8085efc03a10a4548985f33ac4e5a533d5ab5e9339
18c545256f2217ee841db63336dddc318198118b706001a05985fc1f9efc6551
19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563
1ef8b59b832109ecbec2f9ed52e8073e2ab73862fa5e6697e1fe05d1c8358a02
1fb2efa39abfd8b624fc9a3d076fa53aabeca8492f32e85a541a11ecb188b787
257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4
2a63b7405c03e9fa06e1a01c0b0c33b03e1eebd71462f234345b58fced2e849c
2b14e8397d552f351a4396dec25ec5da1348865683100e94c4ab0faea4a9a254
2ba7f20b1d8990e17a47fe3d88e4c766628aaa2baf1dd30fca0a0db59836f5f9
2ca281bdcd543e2e3559e6505c323c8d64df73f2a594a043780df3007e16d161
2d2c4912162eaa41299aaf5063ecb92a26d76071fe6d1f77742b32c833daab99
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e7fa43392dd418d8d3bd6c33fd3d9dbd86702b023587f5e8874f4e31549cbdf
30153b15b4cb898c421e657f6de21dc27435cb990e7888367bdee12e06398da7
3104f988796b5fdf5420eb01df43f2c5741300a372c4a42cdb924f9442378bd9
31b0be6d85e4bc5294100269b3088624876c0826b5fd37dd73fa258098e76d51
327bff03815a03aa28f368d2736190b3a501918044016aade71ab4163d2c3350
38b5fa249791d286db654d516dfb6173cc332a8d725c41b58d08c642b26bc641
4064c618e7dd487bc617ce9a273458a4dee0553186ecbb9812202b82227c3268
41b758f84ab2dd5da6f7ba488813d17410ebb48bc2074d304c26d63c5ece003d
42b2b9d16fbf8d3c6be72420699360790966e58fe30d8794fd90a71c8aef122d
46959f0ff8db28a2e76b7bcd57953ead9ec578260c21cad5c5354a46f7890cf7
4747f4362e426749d97a60b8899535e21c34c739fdcc488346aa407212c3c22f
49b9b4996d1ff0a8e3de643a0c623255bf631f298f2799b949c29de93926ee7a
4b8e8b42acdad2f84c0d44c5dbc12b8327706d1f49551e1ec577b08d4cbaf263
4eda4b5575532ad6a713d3d9bbcde581c519d9b8d0202363925ddc80049eed6d
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
51443fc1aa325f301b39d89ffeae8f8a7833ed59491b89419902b32ef30b3b39
529b9c583e6cf8da02c9cadf8c38b5714198f0fde2dcde01da2d5ee681228738
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5949dc5ef9ac0f8cb0d210d221d6eceeca2ffad94e3600b41566f468e146ae9a
597514d432ff2059b3e477385c44fb38d44c73f5d640eebe645cf3b340bcff56
599dd661a1d9e0af96d614fab0ea7396bf06de4265029166a265c2b10cc1a1b0
5b3c6e212cbb3b9f4f28b09cfdc53990e809792192d7d8639d3311f0551c2010
5c8d63abd4075c4ebd692fbd02e35fb72950f214a6486607c1819d4279ad526f
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
5e8ed65e44181591a95a96268b3264ff9bf1be930ed106ccf0c603f5d08045f6
5f76be64297164a902f6270c19689abbd772a121a822eedd4648d0606a4f1174
5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f
60998ce4ba58769642e0e331973a19ae753372df1369446e8fb4ce419e2eebf8
629c7fcd42b37fc72bd2c461f358c895273859bbf34fe445066cdca11bfa465e
650c03f603ba5cfdfbecf0d8f7a031c73e1321e27c0c419230e1af7be12112e9
65a47caa5183b035bf78d0f93adbe5cea500333410259c54abf2de356740df7e
669ac04122ead9e12ba8b9120ceaf429df4278bd96ae8afd8346fe9c7a03f94a
66ba9d76c09ad6dd52135d52c368f6d87ac40b5b4ce418e41a105fb221c7e470
6a3700a3e2d8304ea935ddd4917e57d40fcf62739540521846099e40653c7c83
6c93a2e253cf1b83c4549ee38234134aa07f3b0293815375c49c9d4576986db1
7073fd7f7f86e4d7fa4ee64df42999c3a58d3ffd7f842b0e8e98001407a1966b
70a312bca25d7ef781c740dbd24da745dd7497e9189ac319983b7ab8d7ecc6dc
71e905aff9bad1d3b5a783336fcdd013cc97beb8985e4cd2cf7d195925a48211
72493a3f42ed0260f03b6ffd3ea131be38a1070845bfae24927f643a3fcf3255
72fe18777ebf37b44d58c82be9b67edceefb88c2c6984c614c72991d6e3b8853
753e02282f21545990e0829b8213211ff35112a5dcdc28e45b40a82f1ee11f8c
78c1118165ba1620bd91cc6f96c1cd99fa9469a9382f73f313c8e556d0fdaa9d
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
79d8bfb0ff06d8516e46d4457bd951ed893d2deed31ab348227e06c91a5a35cf
7ae3bbe74b9c5368b45f6223a3ddd5da436782411ce8a7e50a0aa48be03a8abc
7afb77d6eb6a283a2a69860292a1b7fccf06f5f5d3cac1af4fa7209d84741385
7b08fe6b589846cf07eb214b7c4876d1b08c35d4b261688e5008ce53906f5b6d
7fe9c49bb2fa7df0e7f30f29e2cf5dc5856a6a94e24020cd71b15806418e2509
8040be8c28a19b0f78481f2da17e7220e75adde27eb9713ff626652a066f92da
81c836c05ab1f2d37b7aa60d509a656c7a441e2a4fabf035c1b0666a4daa50fa
81e6b4ec22135fd2056e29456e32539e21876266ab0bf8438b87117f70c0f827
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
867b23a408fa99143955de5665345cda886857174c328d2828e5dcd33bd98cd1
875f8e591b4fbc6567e2b33553bea9ca2d0e18593bd857783a569fe7bf4ba097
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
89f2c0c3f337120cffabbad513474acd34ce323fce4613619a9677a09730784b
8ab3db762e6e4cea7193505f037182af1e0509b4ef8cc793b120d1d8ada54694
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8eb94fbd85389103ca6cb525b3780ad5258d7b2fa16c4b82907d66cbb2d1802d
8f657cd3617d00d51bbc4dee693b71bde939c80310034a8d82641804d4eb7e16
9166b352495a70d02631c9792d021598f6ee53bef4f49baa766a059e6f9c8190
91c379a7d8ec04aeeb162ea6d8069ad9fe872cec0d8a56f8861b02c494a6e0f2
933e0de511015d251931c1817b9a648a997fc81c592e823437e2db9f0af6577a
95b12c6ee478557a50799d6b2084a65b22c4add84bbfa48136c1f00c0aaf74c9
97163b731eeaba18956ab2503090d85d58ef9cf7ec7d95dab7d872f188257963
98e640b6ca9c2f18fcc6e6b5a5d7fa18a726eac9136f14260f530d7494461b29
9967a27efc89a8cefe9665100ec51cded3a8c89f95cdca1285bfce207666cd11
99985c50b5c9c935c272df6687cc04da7fa72a790343424fce7c361a4b26c8f9
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a50df52651133ee2b309daf0c3b921e9f5109067d5e11f2b8dd055f9ca3e66f
9ac091308b4e55259cb79f11c76cd1787372e462b36275f33621c8bf01c5c0ce
9b05f32b262a8ddfa4c0322b0b4b376258b7996177b98d5a1e2b4585d20cba27
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
9bd8dcc115a0e9fce94520cecad5254352b86d55bca2506833057bb52e87ee1a
9cec59b071d9d61e74c42ac4db8d2815aaace7e51983afe2481c14b97f332258
9d943fe5fde08d5b742d383b625031f75e3e89035369f2cde2778f4c6cf5c119
9df0c15923f76778de529c7e5131028841cb6891ca460d779c92e499005ee0d0
9ed1a1330cd382765e03baf8a53054e6fdfd457430f2ebfe7c8db0029b5fb204
a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f
a4803d7bdeb478a5b9238fe74d8aaa98dafe2e8e68fccbd0e3f4dced823f27f0
a6728e3326fe3805e12f697731cbc97f2a5b773533c1cb4be0c56da998a94db6
a77bb1b8bfef4a56cbbb32a3f0db155355f7259e1505797dcce1c128be3a97a1
a91c88e70ba55ed06cc47f2d40256fefc9ae5fe75511607bbf4b58f4b75708e9
a96928b9895558d14dc4700a612fc16ca30af4a89c585310881c2c56a2e20b6d
ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
addfc3d76c07b3480115ee2d8cd33cfa511b70009635abfecd4dcaa6e5a5329b
adf538ffb526ce99960f9d5c916af995f09463e8ec0cf409380843ed5b491c13
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b2dc460864a60ac3ce89c4c6fab1c62ef9171ac1365cc47aa8aca95ecb06f0cf
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b48f9a7031474a0f73f92f2e6cbbfad730b5466cda96d86a4459c06efc986173
b54842779c45583692387ab3c5a25856b096651ce71ca021bf4851dd695d957a
b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1
b6c9f9a48bd0a163671773a199c876dc64d66947d47ac509c95e29177046c9a3
b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1
b9c3236b03a3ab4ffc655aad3ebfc2c2c4051cc317e26bcfabda22adf935b4c6
ba1b5ba457e3244bfc1b5e32428086b59e9738588b18a6620b9b437b31e48211
ba1c3f03384ea9d37020836541cb09196600c1de0855b590ee7278d99909d079
bbc4456bca95006683a8f081d0d2ed645eef5b14c62eca12c70f7e1cec26c1a0
bef476ec3cca40a08e1dff35c707c24d5774e788c57febdb54874e90402a6af2
bf3a88c35bdc16d97403947a9f9188faf13af9a6776529a422286716605d5fee
c0c36470d3b6f534495768bdd7ed92dbb0d6d8d1f3b7b69adba7153b68b90f35
c2fddf08a4e5ab67c648a4b100dbdef6406f5f4c897d3b741d7c6d08a588d27b
c31a94a2a97f5b5fe19d6d4081c9c66400d9483fc65d62d4ef8ca83b5c2fb57a
c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140
c9130ee8c979a74ab038cf5e8a06db5cb94253eab35ea5242f515d605f4781ad
ca7370a8c0660756c7cc349b341744e31ed2652325b099337030fa17779dac16
cb8d40d1eb7e2dc885affcf0012d9e1a73c270d843e8b890d36538e52d0a0342
d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42
d58a0a7cecd5c71c1365f6927c6b27dd86dc7fd899f954308b6f54c51692d178
d7a4717db77f430a3955be59eacc45e11cdb058fd14f6de5a9a95bc213d31146
d7ead427aca51c227410c4595b49b48dde8f9e76864b4f3fcb32861034b0c6a2
d82231820461c83d1b0966caae71bd2732bd89e9a910fdb90d193c3dca16dbc7
d97ca913935c9897ac4e255d17e14c8a3f0d8513681fe5b6736c4921fc5dd078
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
dbd7f1d813cc432777765f0866d0e138226bee883d39f872182999519463c680
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
dd8ce52adc4b0ab60f82c29ba12f25e2f6446245fc8c0b5f4bd6dab3146f9ef7
e0ede14c4d32144f48d3fb3b16472cdf34000377cfbd99b46aed857772952d06
e13d9925ef33a0356aea47518f1e42c057fb3de1584c8b15266f420a86d87696
e18234d885ed9a551c15b4a6db8a66f519058a512c928a61e22c9d479203feb5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba
e7949e4657bab0cdfb980818cb59d086cfa1ffd45bc05d585ed32ffbcf7f1bfe
e90344957225c9e0caa52e2591fd6066740e0650bc100c422435762160fb2e33
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
ec4b8c51113c6ac7e233d43c9e65d16f7bba56a2ac006d4c444a6b6090129a94
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efaf50dd0be48360746de27c8624174b9689a29834970fe93656ec22cc9b770c
f24560f5b81158a42b8d38ffe5795d9959eb2308ee6780ea912a6594bb999d1e
f30ab4d4ac012a26a0539a4579a3d9f190fb8c5b699aa8aca6df0a0ccc6f0bea
f3342c52eee43a2ea931cae2ee2d6d9a2939432ffcb03bb4f2983ac7e49b26cc
f3f2822ba3d24c1f7f53bff8959801c644b2c1c556eb8c15ca36a86717f1ae7d
f42283e0ca17a52688c5250e714ecd1b6a53af8b0f6e54ac64546499b0ec1b19
f474db06cd263abe2d03b1aefe3c226629a480481d3f556f636e5ef16fdf1d2a
f533e083f3d896349ecf4b75a3b17a2e5155b309318af9dc44965ce50c66a1dd
f64368e7be69abe40585911860d83acfa8b14179d3008b2594166ae4c10ec0fd
f6992602860083443a6e36d8a4189d2ab5275d43eb4f8a8728589b9bfd992da7
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
f9ad9b8cca38762ae76330bff550db0bd62272b4c139d9cdcbc949935bafdd0b
f9db6465a204cc4186368b72a0ba4f063e64569aa4fc96e0f40c7ac69423121b
fcba0ef5c17fd435aaa6cfac66375e7bfae52f5116b7a6e126c8b0f38b841613
fd6c0f5026c29648ab8887658f23e6c57faedfe7f9d85e702823ae5dfcbdc8f0
fd9308db31181fde13aca740757dcb439baf71d731011a87da483a28faae444f
fe9ce59aa6f3f2c6d0be658bec3e8515959f544fed27adc4506480cb9ead5157

www.cybereason.com Open in urlscan Pro 45.60.64.106 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

245 Requests

93 %HTTPS

54 %IPv6

50 Domains

76 Subdomains

64 IPs

5 Countries

5146 kBTransfer

10746 kBSize

53 Cookies

19 Outgoing links

Redirected requests

245 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.cybereason.com Open in urlscan Pro
45.60.64.106 Public Scan

Screenshot
Live screenshot

Full Image

245
Requests

93 %
HTTPS

54 %
IPv6

50
Domains

76
Subdomains

64
IPs

5
Countries

5146 kB
Transfer

10746 kB
Size

53
Cookies

245 HTTP transactions
1 data transactions