www.truesec.com Open in urlscan Pro
76.76.21.22 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://blog.truesec.com/2021/07/04/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware/
Effective URL:
https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware
Submission: On May 02 via api (May 2nd 2022, 9:17:38 pm UTC) from US — Scanned from DE

Summary HTTP 74 Redirects Links 29 Behaviour Indicators

Summary

This website contacted 17 IPs in 2 countries across 13 domains to perform 74 HTTP transactions. The main IP is 76.76.21.22, located in United States and belongs to AMAZON-02, US. The main domain is www.truesec.com.
TLS certificate: Issued by R3 on April 26th 2022. Valid for: 3 months.

This is the only time www.truesec.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 31	76.76.21.22 76.76.21.22	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:b949	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	2606:4700:20:... 2606:4700:20::ac43:4bc3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:5905	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:812::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:710... 2a02:26f0:7100::687e:25b1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2006	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2016	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:170... 2a02:26f0:1700:794::f09	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
74	17

31 76.76.21.22 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

blog.truesec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.truesec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:b949 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2606:4700:20::ac43:4bc3 (United States)

ASN13335 (CLOUDFLARENET, US)

optimise2.assets-servd.host	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5905 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:7100::687e:25b1 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

consent.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

jnn-pa.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:1700:794::f09 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

consentcdn.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
31	truesec.com 2 redirects blog.truesec.com www.truesec.com	499 KB
17	assets-servd.host optimise2.assets-servd.host — Cisco Umbrella Rank: 94573	948 KB
9	youtube.com www.youtube.com — Cisco Umbrella Rank: 86	732 KB
4	googleapis.com jnn-pa.googleapis.com — Cisco Umbrella Rank: 270	22 KB
3	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 static.doubleclick.net — Cisco Umbrella Rank: 326	1 KB
3	cookiebot.com consent.cookiebot.com — Cisco Umbrella Rank: 4549 consentcdn.cookiebot.com — Cisco Umbrella Rank: 5347	84 KB
3	gstatic.com fonts.gstatic.com www.gstatic.com	33 KB
2	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4437	2 KB
1	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 106	77 KB
1	ggpht.com yt3.ggpht.com — Cisco Umbrella Rank: 212	1 KB
1	google.com www.google.com — Cisco Umbrella Rank: 5	14 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 55	70 KB
1	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 6310	145 KB
74	13

	Domain	Requested by
29	www.truesec.com	www.truesec.com
17	optimise2.assets-servd.host	www.truesec.com
9	www.youtube.com	www.truesec.com www.youtube.com
4	jnn-pa.googleapis.com	www.youtube.com
2	www.gstatic.com	www.youtube.com www.gstatic.com
2	googleads.g.doubleclick.net	1 redirects www.youtube.com
2	consent.cookiebot.com	www.googletagmanager.com consent.cookiebot.com
2	forms.hsforms.com	js.hsforms.net
2	blog.truesec.com	2 redirects
1	consentcdn.cookiebot.com	consent.cookiebot.com
1	i.ytimg.com	www.youtube.com
1	yt3.ggpht.com	www.youtube.com
1	www.google.com	www.youtube.com
1	static.doubleclick.net	www.youtube.com
1	fonts.gstatic.com	www.youtube.com
1	www.googletagmanager.com	www.truesec.com
1	js.hsforms.net	www.truesec.com
74	17

This site contains links to these domains. Also see Links.

Domain
www.cookiebot.com
policies.google.com
www.linkedin.com
stripe.com
www.hotjar.com
www.leadfeeder.com
twitter.com
legal.hubspot.com
www.facebook.com
www.redditinc.com
live.truesec.com
securitysummit.se
geekweek.truesec.com
checkout.truesec.com
campaign.truesec.com
truesec.com
career.truesec.com
www.huntress.com
doublepulsar.com
blog.truesec.com
github.com
newsroom.truesec.com
press.truesec.se

Subject Issuer	Validity	Valid
www.truesec.com R3	`2022-04-26` - `2022-07-25`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-16` - `2022-07-15`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
consent.cookiebot.com DigiCert ECC Extended Validation Server CA	`2020-06-11` - `2022-06-11`	2 years	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.cookiebot.com DigiCert SHA2 Secure Server CA	`2021-07-05` - `2022-07-13`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware
Frame ID: 7465735DA465F0D70B312CE73757F084
Requests: 52 HTTP requests in this frame

Frame: https://www.youtube.com/embed/kKcko4LdeSM
Frame ID: F817C93BAE8C1524020AA9B71ABBF195
Requests: 20 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: EE63227A0A72B6028C2BC6BE30F29AC4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Kaseya supply chain attack targeting MSPs to deliver REvil ransomware - TruesecPowered by Cookiebot

Page URL History Show full URLs

https://blog.truesec.com/2021/07/04/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransom... HTTP 308
https://blog.truesec.com/2021/07/04/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransom... HTTP 308
https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware Page URL

Detected technologies

Cookiebot (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

consent\.cookiebot\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Page Statistics

74
Requests

99 %
HTTPS

94 %
IPv6

13
Domains

17
Subdomains

17
IPs

2
Countries

2627 kB
Transfer

6309 kB
Size

2
Cookies

29 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cookiebot.com/
Title: Powered by Cookiebot

Search URL Search Domain Scan URL

URL: https://www.cookiebot.com/goto/privacy-policy/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://policies.google.com/privacy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/legal/privacy-policy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://stripe.com/privacy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.hotjar.com/legal/policies/privacy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.leadfeeder.com/privacy/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://twitter.com/en/privacy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://legal.hubspot.com/privacy-policy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.facebook.com/policy.php/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.redditinc.com/policies/privacy-policy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://live.truesec.com/
Title: live.truesec.com

Search URL Search Domain Scan URL

URL: https://securitysummit.se/
Title: securitysummit.se

Search URL Search Domain Scan URL

URL: https://geekweek.truesec.com/
Title: geekweek.truesec.com

Search URL Search Domain Scan URL

URL: https://checkout.truesec.com/
Title: checkout.truesec.com

Search URL Search Domain Scan URL

URL: https://campaign.truesec.com/
Title: campaign.truesec.com

Search URL Search Domain Scan URL

URL: https://truesec.com/
Title: truesec.com

Search URL Search Domain Scan URL

URL: https://career.truesec.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Kaseya%20VSA,%20a%20product%20commonly%20used%20by%20MSPs%20to%20manage%20their%20clients%27%20IT%20environments,%20It%20was%20used%20as%20part%20of%20a%20supply%20chain%20attack%20delivering%20REvil%20ransomware%20to%20thousands%20of%20organizations.&url=https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Search URL Search Domain Scan URL

URL: https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident
Title: Huntress

Search URL Search Domain Scan URL

URL: https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b
Title: Kevin Beaumont

Search URL Search Domain Scan URL

URL: https://blog.truesec.com/2021/07/06/kaseya-vsa-zero-day-exploit/
Title: we published the details of the exploit in a follow-up technical post

Search URL Search Domain Scan URL

URL: https://github.com/Truesec/Kaseya-CheckandMitigate
Title: released a script

Search URL Search Domain Scan URL

URL: https://newsroom.truesec.com/
Title: English Newsroom

Search URL Search Domain Scan URL

URL: https://press.truesec.se/
Title: Swedish Newsroom

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Truesec/
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/Truesec
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/truesec/
Title: LinkedIn

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://blog.truesec.com/2021/07/04/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware/ HTTP 308
https://blog.truesec.com/2021/07/04/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware HTTP 308
https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 55

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

74 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware Show response
www.truesec.com/hub/blog/
Redirect Chain

https://blog.truesec.com/2021/07/04/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware/
https://blog.truesec.com/2021/07/04/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware
https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

327 KB
57 KB

676ms
324ms

Document
text/html

76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

83f76bcd208d874644bb4292c774f25c1daaecc7ae8a60e50658933ef538eab4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
age: 24993
cache-control: public, max-age=0, must-revalidate
content-disposition: inline
content-encoding: br
content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
content-type: text/html; charset=utf-8
date: Mon, 02 May 2022 21:17:33 GMT
etag: W/"83f76bcd208d874644bb4292c774f25c1daaecc7ae8a60e50658933ef538eab4"
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
referrer-policy: no-referrer
server: Vercel
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
x-matched-path: /hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware
x-vercel-cache: HIT
x-vercel-id: fra1::tss4b-1651526252787-a64cd7078805
x-xss-protection: 1; mode=block

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
cache-control: public, max-age=0, must-revalidate
content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
content-type: text/html
date: Mon, 02 May 2022 21:17:32 GMT
location: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
referrer-policy: no-referrer
refresh: 0;url=https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware
server: Vercel
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
x-vercel-cache: MISS
x-vercel-id: fra1::9jcsn-1651526252421-c46c6f77e804
x-xss-protection: 1; mode=block

GET
H2 200 2bb09b2a6016c0cd.css
www.truesec.com/_next/static/css/ 108 KB
21 KB 11ms
11ms Stylesheet
text/css 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.truesec.com/_next/static/css/2bb09b2a6016c0cd.css

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

fb3d845416cd436e09985eaf5686b935db41946dbfe83f598f0e9b1c55e8e177

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 542882
content-disposition: inline; filename="2bb09b2a6016c0cd.css"
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /_next/static/css/2bb09b2a6016c0cd.css
x-vercel-cache: HIT
strict-transport-security: max-age=63072000
content-type: text/css; charset=utf-8
x-vercel-id: fra1:fra1::tss4b-1651526253171-3b37bdc93336
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"fb3d845416cd436e09985eaf5686b935db41946dbfe83f598f0e9b1c55e8e177"
content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ 568 KB
145 KB 55ms
37ms Script
application/javascript 2606:4700::6811:b949
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b949 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0f3b8f390cb77125fd70f8ceb257315d1ad6b1734feb6ed4424dfef4549a1ec2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
via: 1.1 3d65275b81abaf880be10de6f2c71e9a.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 461
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 21 Apr 2022 12:03:19 UTC
server: cloudflare
etag: W/"d7d0efa4528342a5c3776dfcc8bd7433"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TFjKGUR0GBlAPPuN6dtEAdD6OgkyjTg8xGAIDUZ8SwYwMV%2FMNVbPtm89Nki39pvGk%2B5%2BhfKg7lj1qagqMHI97h1Q0cEervK%2BsApIX%2FpzEUGmD%2FQTe4wP19ixfa0wlTampv5FCfnJKR%2B10ne4"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: Hx249PcutdypfAd3nW2SmuKwwQWh.0rn
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=0
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-P1
cf-ray: 7053c8ca6ba06958-FRA
x-amz-cf-id: bJy7f0pssYsD2wID6Lk29I847V4BtnQeTcm6mIIRG6FjoZjHlEXrpA==
x-hs-target-asset: FormsNext/static-5.483/bundles/project_with_deps.js

GET
H2 200 webpack-cb7634a8b6194820.js Show response
www.truesec.com/_next/static/chunks/ 2 KB
1 KB 14ms
7ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.truesec.com/_next/static/chunks/webpack-cb7634a8b6194820.js

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

3b54dffddaa2eac539bd5b13d6f80c38da6076ce740db0c587a68e7e4f25c5b6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5727187
content-disposition: inline; filename="webpack-cb7634a8b6194820.js"
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /_next/static/chunks/webpack-cb7634a8b6194820.js
x-vercel-cache: HIT
strict-transport-security: max-age=63072000
content-type: application/javascript; charset=utf-8
x-vercel-id: fra1:fra1::tss4b-1651526253178-246fea62b364
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"3b54dffddaa2eac539bd5b13d6f80c38da6076ce740db0c587a68e7e4f25c5b6"
content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev

GET
H2 200 framework-fc97f3f1282ce3ed.js Show response
www.truesec.com/_next/static/chunks/ 137 KB
46 KB 25ms
16ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.truesec.com/_next/static/chunks/framework-fc97f3f1282ce3ed.js

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

aadb91364d1393a1e6b4bc849eaabb92c4ed68437fb5f0ea95bd9d66ceeee2da

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 547804
content-disposition: inline; filename="framework-fc97f3f1282ce3ed.js"
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /_next/static/chunks/framework-fc97f3f1282ce3ed.js
x-vercel-cache: HIT
strict-transport-security: max-age=63072000
content-type: application/javascript; charset=utf-8
x-vercel-id: fra1:fra1::tss4b-1651526253182-f8777ba63d31
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"aadb91364d1393a1e6b4bc849eaabb92c4ed68437fb5f0ea95bd9d66ceeee2da"
content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev

GET
H2 200 main-f962425130346e35.js Show response
www.truesec.com/_next/static/chunks/ 101 KB
28 KB 35ms
27ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.truesec.com/_next/static/chunks/main-f962425130346e35.js

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

a694204b892369f4801f39ef15a5b87d17e8c52492a08b0dda4d1e65535a1a38

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 547804
content-disposition: inline; filename="main-f962425130346e35.js"
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /_next/static/chunks/main-f962425130346e35.js
x-vercel-cache: HIT
strict-transport-security: max-age=63072000
content-type: application/javascript; charset=utf-8
x-vercel-id: fra1:fra1::tss4b-1651526253182-6f9761942bab
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"a694204b892369f4801f39ef15a5b87d17e8c52492a08b0dda4d1e65535a1a38"
content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev

GET
H2 200 _app-3f3e0652573a99f9.js Show response
www.truesec.com/_next/static/chunks/pages/ 201 KB
63 KB 38ms
30ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.truesec.com/_next/static/chunks/pages/_app-3f3e0652573a99f9.js

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

3b4f6ee96faadb024ed0310b54aa96dc873824444123cc88cc1cb4ffa1d0e3cb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 547804
content-disposition: inline; filename="_app-3f3e0652573a99f9.js"
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /_next/static/chunks/pages/_app-3f3e0652573a99f9.js
x-vercel-cache: HIT
strict-transport-security: max-age=63072000
content-type: application/javascript; charset=utf-8
x-vercel-id: fra1:fra1::tss4b-1651526253182-f6f3d4b19c23
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"3b4f6ee96faadb024ed0310b54aa96dc873824444123cc88cc1cb4ffa1d0e3cb"
content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev

GET
H2 200 970-c4b58c20ada208eb.js Show response
www.truesec.com/_next/static/chunks/ 8 KB
3 KB 54ms
46ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.truesec.com/_next/static/chunks/970-c4b58c20ada208eb.js

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

ca4bb2563b5be6323a5c153e14888dc16d1a0df7e1fbbe84c36330af56663e63

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 547804
content-disposition: inline; filename="970-c4b58c20ada208eb.js"
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /_next/static/chunks/970-c4b58c20ada208eb.js
x-vercel-cache: HIT
strict-transport-security: max-age=63072000
content-type: application/javascript; charset=utf-8
x-vercel-id: fra1:fra1::tss4b-1651526253182-e647b193f2c5
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"ca4bb2563b5be6323a5c153e14888dc16d1a0df7e1fbbe84c36330af56663e63"
content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev

GET
H2 200 691-a674f5ff7f8c5717.js Show response
www.truesec.com/_next/static/chunks/ 89 KB
27 KB 21ms
13ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.truesec.com/_next/static/chunks/691-a674f5ff7f8c5717.js

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

2c10b2241bd7c2dd2327e79ed6e59f2cab8989f7feb45213946b57cc76ee74dc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 521329
content-disposition: inline; filename="691-a674f5ff7f8c5717.js"
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /_next/static/chunks/691-a674f5ff7f8c5717.js
x-vercel-cache: HIT
strict-transport-security: max-age=63072000
content-type: application/javascript; charset=utf-8
x-vercel-id: fra1:fra1::tss4b-1651526253187-79defa395b3d
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"2c10b2241bd7c2dd2327e79ed6e59f2cab8989f7feb45213946b57cc76ee74dc"
content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev

GET
H2 200 730-2707391f2540bce5.js Show response
www.truesec.com/_next/static/chunks/ 12 KB
3 KB 54ms
46ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.truesec.com/_next/static/chunks/730-2707391f2540bce5.js

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

6a7635f073465a506a5a7c252fe6f7a63efa0d4c6d24179b8aca1931653223ab

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 547804
content-disposition: inline; filename="730-2707391f2540bce5.js"
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /_next/static/chunks/730-2707391f2540bce5.js
x-vercel-cache: HIT
strict-transport-security: max-age=63072000
content-type: application/javascript; charset=utf-8
x-vercel-id: fra1:fra1::tss4b-1651526253187-7f004ac40c29
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"6a7635f073465a506a5a7c252fe6f7a63efa0d4c6d24179b8aca1931653223ab"
content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev

GET
H2 200 495-b2e0536ae097a916.js Show response
www.truesec.com/_next/static/chunks/ 21 KB
7 KB 54ms
46ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.truesec.com/_next/static/chunks/495-b2e0536ae097a916.js

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e9516416d3e2d9a9e3eb3965e0c11fd6cef5a890760c5d508e018e53b9c9dc66

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 547803
content-disposition: inline; filename="495-b2e0536ae097a916.js"
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /_next/static/chunks/495-b2e0536ae097a916.js
x-vercel-cache: HIT
strict-transport-security: max-age=63072000
content-type: application/javascript; charset=utf-8
x-vercel-id: fra1:fra1::tss4b-1651526253200-800201cff5b4
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"e9516416d3e2d9a9e3eb3965e0c11fd6cef5a890760c5d508e018e53b9c9dc66"
content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev

GET
H2 200 883-aa34bb07688ae7ac.js Show response
www.truesec.com/_next/static/chunks/ 37 KB
12 KB 55ms
47ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.truesec.com/_next/static/chunks/883-aa34bb07688ae7ac.js

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

668abece3c2145837d1216937d4a95505afb62c397b751fc81b0240adf949297

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 547803
content-disposition: inline; filename="883-aa34bb07688ae7ac.js"
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /_next/static/chunks/883-aa34bb07688ae7ac.js
x-vercel-cache: HIT
strict-transport-security: max-age=63072000
content-type: application/javascript; charset=utf-8
x-vercel-id: fra1:fra1::tss4b-1651526253200-6d475c9bf07a
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"668abece3c2145837d1216937d4a95505afb62c397b751fc81b0240adf949297"
content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev

GET
H2 200 634-46b95f13ec23b54c.js Show response
www.truesec.com/_next/static/chunks/ 19 KB
5 KB 59ms
51ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.truesec.com/_next/static/chunks/634-46b95f13ec23b54c.js

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

9d99e69c4cb11e5f6b41962ae00d7add057c6544d5bba335a11144cc846c5f2b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 547803
content-disposition: inline; filename="634-46b95f13ec23b54c.js"
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /_next/static/chunks/634-46b95f13ec23b54c.js
x-vercel-cache: HIT
strict-transport-security: max-age=63072000
content-type: application/javascript; charset=utf-8
x-vercel-id: fra1:fra1::tss4b-1651526253200-c68aa115b57b
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"9d99e69c4cb11e5f6b41962ae00d7add057c6544d5bba335a11144cc846c5f2b"
content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev

GET
H2 200 752-c752085fb754f5c7.js Show response
www.truesec.com/_next/static/chunks/ 21 KB
6 KB 59ms
52ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.truesec.com/_next/static/chunks/752-c752085fb754f5c7.js

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

550dc0229461695101d087dcf20293def298523c25ce89619a9aecf19fd732f0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 547803
content-disposition: inline; filename="752-c752085fb754f5c7.js"
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /_next/static/chunks/752-c752085fb754f5c7.js
x-vercel-cache: HIT
strict-transport-security: max-age=63072000
content-type: application/javascript; charset=utf-8
x-vercel-id: fra1:fra1::tss4b-1651526253200-42d000d12c68
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"550dc0229461695101d087dcf20293def298523c25ce89619a9aecf19fd732f0"
content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev

GET
H2 200 479-08a5826867ab1712.js Show response
www.truesec.com/_next/static/chunks/ 12 KB
4 KB 59ms
52ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.truesec.com/_next/static/chunks/479-08a5826867ab1712.js

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

7d9beb38d6c65a97167c744dbb59ffefc5480a35225729c28b35edf7dd0a1955

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 547803
content-disposition: inline; filename="479-08a5826867ab1712.js"
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /_next/static/chunks/479-08a5826867ab1712.js
x-vercel-cache: HIT
strict-transport-security: max-age=63072000
content-type: application/javascript; charset=utf-8
x-vercel-id: fra1:fra1::tss4b-1651526253200-305ca5a89a0d
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"7d9beb38d6c65a97167c744dbb59ffefc5480a35225729c28b35edf7dd0a1955"
content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev

GET
H2 200 984-3030fa49955836f4.js Show response
www.truesec.com/_next/static/chunks/ 42 KB
11 KB 60ms
53ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.truesec.com/_next/static/chunks/984-3030fa49955836f4.js

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

d31e82d89a2f3647e4bd2a50749355fa3d2721bd050dc017f4d0fc3a614cf350

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 547803
content-disposition: inline; filename="984-3030fa49955836f4.js"
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /_next/static/chunks/984-3030fa49955836f4.js
x-vercel-cache: HIT
strict-transport-security: max-age=63072000
content-type: application/javascript; charset=utf-8
x-vercel-id: fra1:fra1::tss4b-1651526253200-b1de4d4913f1
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"d31e82d89a2f3647e4bd2a50749355fa3d2721bd050dc017f4d0fc3a614cf350"
content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev

GET
H2 200 971-979faa5799b6ab0c.js Show response
www.truesec.com/_next/static/chunks/ 15 KB
5 KB 62ms
56ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.truesec.com/_next/static/chunks/971-979faa5799b6ab0c.js

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

be3e54375ffaf51988de61d1e215c13f700351dd573eb16acb0674969c8a2242

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 547803
content-disposition: inline; filename="971-979faa5799b6ab0c.js"
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /_next/static/chunks/971-979faa5799b6ab0c.js
x-vercel-cache: HIT
strict-transport-security: max-age=63072000
content-type: application/javascript; charset=utf-8
x-vercel-id: fra1:fra1::tss4b-1651526253200-612ad42c9c21
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"be3e54375ffaf51988de61d1e215c13f700351dd573eb16acb0674969c8a2242"
content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev

GET
H2 200 992-598b9cc4860cbaeb.js Show response
www.truesec.com/_next/static/chunks/ 11 KB
4 KB 64ms
57ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.truesec.com/_next/static/chunks/992-598b9cc4860cbaeb.js

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

5b02b64a9d46ea92f6e4e2c6c7a82a38c2c987aaf84c394fedb4d2e0b26f8a6c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 547803
content-disposition: inline; filename="992-598b9cc4860cbaeb.js"
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /_next/static/chunks/992-598b9cc4860cbaeb.js
x-vercel-cache: HIT
strict-transport-security: max-age=63072000
content-type: application/javascript; charset=utf-8
x-vercel-id: fra1:fra1::tss4b-1651526253200-494dd08982b9
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"5b02b64a9d46ea92f6e4e2c6c7a82a38c2c987aaf84c394fedb4d2e0b26f8a6c"
content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev

GET
H2 200 %5Bslug%5D-fe04a442c495f430.js Show response
www.truesec.com/_next/static/chunks/pages/hub/blog/ 4 KB
2 KB 65ms
58ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.truesec.com/_next/static/chunks/pages/hub/blog/%5Bslug%5D-fe04a442c495f430.js

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e267dca009b76041eabc1050ba4a166c5868c8e255469a1a0bd2167e353cc5fd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 547802
content-disposition: inline; filename="[slug]-fe04a442c495f430.js"
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /_next/static/chunks/pages/hub/blog/%5Bslug%5D-fe04a442c495f430.js
x-vercel-cache: HIT
strict-transport-security: max-age=63072000
content-type: application/javascript; charset=utf-8
x-vercel-id: fra1:fra1::tss4b-1651526253200-b375d8f20061
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"e267dca009b76041eabc1050ba4a166c5868c8e255469a1a0bd2167e353cc5fd"
content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev

GET
H2 200 _buildManifest.js Show response
www.truesec.com/_next/static/84JNeVpecPO3IS7KIpIxq/ 3 KB
1 KB 65ms
59ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.truesec.com/_next/static/84JNeVpecPO3IS7KIpIxq/_buildManifest.js

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

a67ca5769dacd3265d686bc86d6e5fe3c1c5eed05c62138023f5b06429abe462

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 371652
content-disposition: inline; filename="_buildManifest.js"
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /_next/static/84JNeVpecPO3IS7KIpIxq/_buildManifest.js
x-vercel-cache: HIT
strict-transport-security: max-age=63072000
content-type: application/javascript; charset=utf-8
x-vercel-id: fra1:fra1::tss4b-1651526253200-5a3444df7588
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"a67ca5769dacd3265d686bc86d6e5fe3c1c5eed05c62138023f5b06429abe462"
content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev

GET
H2 200 _ssgManifest.js Show response
www.truesec.com/_next/static/84JNeVpecPO3IS7KIpIxq/ 564 B
955 B 65ms
59ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.truesec.com/_next/static/84JNeVpecPO3IS7KIpIxq/_ssgManifest.js

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

0c863053454caad46a30039b2e37b56adc4037f08752961afff8c8bca195984b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
x-content-type-options: nosniff
age: 452113
content-disposition: inline; filename="_ssgManifest.js"
content-length: 564
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /_next/static/84JNeVpecPO3IS7KIpIxq/_ssgManifest.js
x-vercel-cache: HIT
strict-transport-security: max-age=63072000
content-type: application/javascript; charset=utf-8
x-vercel-id: fra1:fra1::tss4b-1651526253200-d06189365d4a
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"0c863053454caad46a30039b2e37b56adc4037f08752961afff8c8bca195984b"
content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
accept-ranges: bytes

GET
H2 200 _middlewareManifest.js Show response
www.truesec.com/_next/static/84JNeVpecPO3IS7KIpIxq/ 92 B
558 B 65ms
59ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.truesec.com/_next/static/84JNeVpecPO3IS7KIpIxq/_middlewareManifest.js

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
x-content-type-options: nosniff
age: 11411335
content-disposition: inline; filename="_middlewareManifest.js"
content-length: 92
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /_next/static/84JNeVpecPO3IS7KIpIxq/_middlewareManifest.js
x-vercel-cache: HIT
strict-transport-security: max-age=63072000
content-type: application/javascript; charset=utf-8
x-vercel-id: fra1:fra1::tss4b-1651526253200-5eecae6c5bf1
cache-control: public,max-age=31536000,immutable
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a"
content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
accept-ranges: bytes

GET
H2 200 iStock-1282287699.jpg
optimise2.assets-servd.host/jealous-emu/production/Blog/ 171 KB
171 KB 377ms
338ms Image
image/webp 2606:4700:20::ac43:4bc3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optimise2.assets-servd.host/jealous-emu/production/Blog/iStock-1282287699.jpg?w=1920&h=1080&auto=compress%2Cformat&fit=clip&dm=1639487607&s=446c3d9cf0a316baa4866b9e05be19b7
Requested by: Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bc3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 59630935840a38c5b2a1c7191c2bea389e06888dbaf33946fd80c62474a5e8ae

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-servd-from: Cache EU
date: Mon, 02 May 2022 21:17:33 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wwcN4dXsWQTt8ilHhtHXD97UBpiLWTb7H9Xn7F0LP9tsH4p05X0OG%2FJUvwq3OlNHP3a3lqpTQ23yjuNDWzy3mFI%2B0DAtWlTsVeiiNzxHRJv1di6I%2FNfRMFqQAafiud8wavJkl7iOyZCgGD2SpyDCwS3D%2BJwrfv%2BnRw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31104000
x-servd-hash: 21f64effaac9323dfdc24b65ec668cad
cf-ray: 7053c8ca9e138fc5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cross-origin-resource-policy: cross-origin

GET
H2 200 atom-6-1.png
www.truesec.com/assets/patterns/ 515 B
718 B 71ms
66ms Image
image/png 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.truesec.com/assets/patterns/atom-6-1.png

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

f1426c9322621378e362570f4ae1a661cf55a46b073bc83c568c2afe67d169e4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
x-content-type-options: nosniff
age: 3374367
content-disposition: inline; filename="atom-6-1.png"
x-vercel-cache: HIT
content-length: 515
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /assets/patterns/atom-6-1.png
date: Mon, 02 May 2022 21:17:33 GMT
strict-transport-security: max-age=63072000
content-type: image/png
x-vercel-id: fra1:fra1::tss4b-1651526253200-29efd205359c
cache-control: public, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"f1426c9322621378e362570f4ae1a661cf55a46b073bc83c568c2afe67d169e4"
accept-ranges: bytes

GET
H2 200 fabio-viggiani-truesec.jpg
optimise2.assets-servd.host/jealous-emu/production/Users/ 5 KB
6 KB 66ms
28ms Image
image/webp 2606:4700:20::ac43:4bc3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optimise2.assets-servd.host/jealous-emu/production/Users/fabio-viggiani-truesec.jpg?w=300&h=300&auto=compress%2Cformat&fit=crop&dm=1638201165&s=fe902bc63a70da01b19a1fdd76e2e438
Requested by: Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bc3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f837149a0a9a2b92a8d7f152da2ef4e69b30f98ed029cddcfcaa76bf9883ffc1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-servd-from: Cache EU
date: Mon, 02 May 2022 21:17:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rXPtVJJRmWJwXpliKFP3s03ZeVjSucw%2B208HM8Z%2BV5vHqqNhYlvabxdsQLRtSqV96LDS6WdpoiiIPlZ%2F9EB%2Bz%2BDYm1Z4Ie4zl4rG22xEGdf3tE%2BHN6ztxmo9v97UQHghqIfwaoK5aO6i%2FSVTP%2F0qFnaOsOSVvXGWiA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31104000
x-servd-hash: 5b13e1e245d45555eacc00ae63ebb9e2
cf-ray: 7053c8ca9e158fc5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cross-origin-resource-policy: cross-origin

GET
H2 200 kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware-overview-2.png
optimise2.assets-servd.host/jealous-emu/production/Blog/blog-archive/ 62 KB
63 KB 359ms
321ms Image
image/webp 2606:4700:20::ac43:4bc3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optimise2.assets-servd.host/jealous-emu/production/Blog/blog-archive/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware-overview-2.png?w=2014&auto=compress%2Cformat&fit=crop&dm=1633612810&s=24cdf07bab4e784794a5cd016d38a580
Requested by: Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bc3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ddbeaa61005463a17ff6d9903ff1d73a158e04a10db88ede26fe7f6d7ece989

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-servd-from: Cache EU
date: Mon, 02 May 2022 21:17:33 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X9%2Ftd89DuyYtUUOwmpLyMpO%2FzE6q67Rj9q6JmurA7qbn7QnbOxzhbtwiFm%2FoGHjJf6zUbEsCFg990TtZ%2FAI7JgAzY32zi29Fq2BrbPF085C7V78RR%2F4Vjcqr0akjs7InqovchGc4q2IhXefCH5cL8IqOXW0rH6yobw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31104000
x-servd-hash: 6690ce38f46bca3066eb17c3a917f1d0
cf-ray: 7053c8ca9e178fc5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cross-origin-resource-policy: cross-origin

GET
H2 200 kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware-chain-3-2048x1115.png
optimise2.assets-servd.host/jealous-emu/production/Blog/blog-archive/ 67 KB
67 KB 778ms
741ms Image
image/webp 2606:4700:20::ac43:4bc3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optimise2.assets-servd.host/jealous-emu/production/Blog/blog-archive/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware-chain-3-2048x1115.png?w=2048&auto=compress%2Cformat&fit=crop&dm=1633612968&s=1085e821adf340562c1cfc500f8da762
Requested by: Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bc3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6243f3c77f193612648027475eaab6da009b985f0716acdfc021de263dd6f3c9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-servd-from: Cache EU
date: Mon, 02 May 2022 21:17:33 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d97jlrP7hbiB5V0r6TCFMdVg%2B7ZTCnMnfQwBSsWNq3XcgTrVcZ%2B%2F7adAQNmT7v6gJ%2BnQ0BqUk3KpO%2FcHgUYq1m8nii2LrspBctPP4y4KLg2Yd3FjTZe%2Fi3fjH8vvxmtYGO%2BF4EgxfrCJdd40gg7q%2FJ8TzbldrbjVew%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31104000
x-servd-hash: d7f4bb228b7cff1ff849d4e43a2e841c
cf-ray: 7053c8ca9e188fc5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cross-origin-resource-policy: cross-origin

GET
H2 200 kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware-wireshark4-2.png
optimise2.assets-servd.host/jealous-emu/production/Blog/blog-archive/ 58 KB
58 KB 523ms
486ms Image
image/webp 2606:4700:20::ac43:4bc3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optimise2.assets-servd.host/jealous-emu/production/Blog/blog-archive/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware-wireshark4-2.png?w=1006&auto=compress%2Cformat&fit=crop&dm=1633613057&s=c222f842416cda7285457d1695257fb0
Requested by: Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bc3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c931e84b0d28fb4eaca2ecf8dfb3d1b2b2537c1c916c0999411d755ce92f269c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-servd-from: Cache EU
date: Mon, 02 May 2022 21:17:33 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5LS7GiZgGF%2FfNCZjoTEKphdAyDRzLTCcYrqQ%2B7altH%2BTeD09B1LXrK7560m1daR5L7KiKd3aEQUNoVrb0xiIcQgfkVJpFDMnqT%2F09j2GSt50ZXcVGCL2UJThgOHtDUfmYoGEOOzjadQWwo1y3zGtvZCtoaYyd3Sp8g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31104000
x-servd-hash: 0ff5f1f0a390887f99554a3aeaf6dceb
cf-ray: 7053c8ca9e198fc5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cross-origin-resource-policy: cross-origin

GET
H2 200 Mattias-Wahlen-Truesec-blog.jpg
optimise2.assets-servd.host/jealous-emu/production/Blog/blog-archive/2022/ 62 KB
62 KB 67ms
30ms Image
image/webp 2606:4700:20::ac43:4bc3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optimise2.assets-servd.host/jealous-emu/production/Blog/blog-archive/2022/Mattias-Wahlen-Truesec-blog.jpg?w=1280&h=800&auto=compress%2Cformat&fit=clip&dm=1646664655&s=6f2a9b3afee6176c0f4d5bd4abcef13f
Requested by: Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bc3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48113d6d968a06309e6f0de034ee0a48838b086541626863fb6a1d587eb26758

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-servd-from: Cache EU
date: Mon, 02 May 2022 21:17:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qybH9plrtcgF7sC7X3yCP3ECkQN0LuiViD%2Faxs9hu21k17hQNnzi5ztaas5t34KBGJtVDvlE7QRQm5pWyMVN59Ugi2UGvcZt8SdcaNQcek208lQ3J42dNSreCHgZ6FiHxG5GOUcYc2N8Xf6MGC37vJ7fjDPXpbG8Zw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31104000
x-servd-hash: 56fd84c9cc985390abb9084daaa079d1
cf-ray: 7053c8ca9e1a8fc5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cross-origin-resource-policy: cross-origin

GET
H2 200 mattias-wahlen-truesec.jpg
optimise2.assets-servd.host/jealous-emu/production/Users/ 7 KB
8 KB 45ms
39ms Image
image/webp 2606:4700:20::ac43:4bc3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optimise2.assets-servd.host/jealous-emu/production/Users/mattias-wahlen-truesec.jpg?w=300&h=300&auto=compress%2Cformat&fit=crop&dm=1638201500&s=7d711e3c6533dc068e7a034103ac4893
Requested by: Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bc3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 080e4e6a3bb5279ae05d16d94e7ff0bf70d9a754bc9595ba104d01cb823bfff0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-servd-from: Cache EU
date: Mon, 02 May 2022 21:17:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vg8TzmzaJTHXwxdlZ6kXXiEw%2FDDujL7X1D%2FWq3MuYf5pp%2FbI51UW6mA5pyOgT52dmZXSRm3LDfQQYjvhEIFBM0kL0bwrIhVQtDMW5VbreINOgwXWGZBm3YEsMtwpNEx2vROTcV4L6E8dq4W3XA6B0yhYxklpfBAa2A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31104000
x-servd-hash: cfe50a71905eb7bff2e2b46dc9a2177a
cf-ray: 7053c8cabe438fc5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cross-origin-resource-policy: cross-origin

GET
H2 200 alex-wong-l5Tzv1alcps-unsplash.jpg
optimise2.assets-servd.host/jealous-emu/production/Abstract/ 158 KB
159 KB 25ms
19ms Image
image/webp 2606:4700:20::ac43:4bc3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optimise2.assets-servd.host/jealous-emu/production/Abstract/alex-wong-l5Tzv1alcps-unsplash.jpg?w=1280&h=800&auto=compress%2Cformat&fit=clip&dm=1633331430&s=542f834fa94c1cbbc7befe5371ede444
Requested by: Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bc3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5e896a3f9b16c1ed62fc2874360e9299ce7cfaa2d4cc75877ccd5a46ddd178f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-servd-from: Cache EU
date: Mon, 02 May 2022 21:17:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JkubsSWJ6dx215F421RxQT8gPYbN%2BeCsxPzu2Go8iM9EX4LFBzSC4hyteO4LakU9g3zkJpYehcph%2BOnHu2nyTmIqsROpKIU%2BjSJ1zSTqrCegkuUJ6Na9eRHpw8CD0Ns%2BgcCA6FZNYjvIi9Ohgia1f2A%2BdGRmjIU4XA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31104000
x-servd-hash: e7bdea64eed0b979a882a24e228ca4b3
cf-ray: 7053c8cabe458fc5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cross-origin-resource-policy: cross-origin

GET
H2 200 silhouette-of-man-during-waiting-at-airport-WWUZ7G7-2-TEST.jpg
optimise2.assets-servd.host/jealous-emu/production/Hero/ 18 KB
19 KB 38ms
32ms Image
image/webp 2606:4700:20::ac43:4bc3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optimise2.assets-servd.host/jealous-emu/production/Hero/silhouette-of-man-during-waiting-at-airport-WWUZ7G7-2-TEST.jpg?w=1280&h=800&auto=compress%2Cformat&fit=clip&dm=1633331362&s=8142cbbf24800f083d09465265ce6f61
Requested by: Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bc3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41a9b13eb00b9a9e361db7118f4121edce5df098b1f1e8c9d7e68c732c26cfa0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-servd-from: Cache EU
date: Mon, 02 May 2022 21:17:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QbWwV6JSr20%2FpkyernvyxKVaVWXSH9lkRo%2BJr%2Fss55ua74RGRKKTjW55oJ0xi3rr%2Bwutrg98La2wk%2FydYusCy0ycB21atS9fHnfQGi8eMwgl1%2FCd7qPt003oq8i%2BV3t5UX371KN6zJ99Jb3Qm1N5eekAA3j%2FV77NzA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31104000
x-servd-hash: cb02bc928f2ddab767ea7793dad2a37e
cf-ray: 7053c8cabe478fc5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cross-origin-resource-policy: cross-origin

GET
H2 200 iStock-524154022.jpg
optimise2.assets-servd.host/jealous-emu/production/Blog/ 10 KB
10 KB 33ms
27ms Image
image/webp 2606:4700:20::ac43:4bc3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optimise2.assets-servd.host/jealous-emu/production/Blog/iStock-524154022.jpg?w=1280&h=800&auto=compress%2Cformat&fit=clip&dm=1645126486&s=7df15f2b841768e1470878384f214b07
Requested by: Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bc3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff712ff2b433f78559d51464625a77b60171b9204216640e0073332a18c2a17c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-servd-from: Cache EU
date: Mon, 02 May 2022 21:17:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=povamjJVvZr3121sSeMC4hqt94m0vJK9Emdu0ERKfLLnUrDy%2F09PXZQKNRqb%2BPMNzJ6JhJF3vEzOSIoOm0iWia00xqIhUjPaYMSm2lG8H%2BWxYT%2BTqK235aJXttiopcK%2F%2Fl5nx%2FGXtO2XyJQVvL3%2FjrXGndsKZUG8jA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31104000
x-servd-hash: 975ca2ad20b8daec7120560424b06d0a
cf-ray: 7053c8cabe488fc5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cross-origin-resource-policy: cross-origin

GET
H2 200 Christoffer-Stromblad-Expert-Truesec.jpg
optimise2.assets-servd.host/jealous-emu/production/Users/ 11 KB
12 KB 32ms
26ms Image
image/webp 2606:4700:20::ac43:4bc3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optimise2.assets-servd.host/jealous-emu/production/Users/Christoffer-Stromblad-Expert-Truesec.jpg?w=300&h=300&auto=compress%2Cformat&fit=crop&dm=1642085855&s=eaf6eafeac162cb64596501db683a96d
Requested by: Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bc3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: febc37aac923fba810d8d26c1afa7fc1845701770ebc722d1391e33220830147

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-servd-from: Cache EU
date: Mon, 02 May 2022 21:17:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pBDq84Bl06v%2BWiBMpcLoblrjJJudzSbClni1PjlvTedvQNs1lhZh8OMFQqEY4qIIMB9XggAYyc2vGXOF%2Bxu3Ume5vllHjobCOo7guWQwHMgUHT14uvbXJ0UNDPFu2qiYBk6nYP6IYL50qggJjY7MB29mm8R1cmqo4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31104000
x-servd-hash: 85a8d9a4d8247678319619639b6bc627
cf-ray: 7053c8cabe498fc5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cross-origin-resource-policy: cross-origin

GET
H2 200 sajad-nori-B5knZPjp8SY-unsplash.jpg
optimise2.assets-servd.host/jealous-emu/production/Blog/ 42 KB
42 KB 349ms
343ms Image
image/webp 2606:4700:20::ac43:4bc3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optimise2.assets-servd.host/jealous-emu/production/Blog/sajad-nori-B5knZPjp8SY-unsplash.jpg?w=1280&h=800&auto=compress%2Cformat&fit=clip&dm=1633379677&s=a8d6f548269a064995ee2c2152028dea
Requested by: Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bc3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46802a692af6557a560d548bcd048a28966d2b68beb29083974943de82b818a3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-servd-from: Cache EU
date: Mon, 02 May 2022 21:17:33 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=skyWsGLH8GdhGk2WZDFUB6vod30ijO6K20CWpyCHL%2FPDtCnPhQSugFL3dPxspAOdZo10qdlLscZnxa%2FDNHynDtllvoTx4trvTtU2SIiG5RCScSoIBSDoWNxcE%2B6oYXPujXgLh9bz0fWJ9t4oKPaqR%2FvU0CUgPXKZ5A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31104000
x-servd-hash: 52b4d5ad0fc96204d3b03a6256af3cb6
cf-ray: 7053c8cabe4a8fc5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cross-origin-resource-policy: cross-origin

GET
H2 200 j3-tTwJ7xRQ-TEMP.jpg
optimise2.assets-servd.host/jealous-emu/production/Blog/ 94 KB
95 KB 517ms
511ms Image
image/webp 2606:4700:20::ac43:4bc3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optimise2.assets-servd.host/jealous-emu/production/Blog/j3-tTwJ7xRQ-TEMP.jpg?w=1280&h=800&auto=compress%2Cformat&fit=clip&dm=1633331388&s=d12ed553f5c72d682ee2b1abb5dffc86
Requested by: Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bc3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd33bbecf9cd62f171950662a1f7fd70377af80b2a8c6710b8b5f26fb379fa0a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-servd-from: Cache EU
date: Mon, 02 May 2022 21:17:33 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C4ITVX1%2FokU4q32AVastFzlYn%2F2M0j2EYf5UVBjHO4ljHz9HhYlVsvbfjffuLLvvl5hOYodnV0hU5rTSHwWIV5eWTYXc1fGqnSsb0JXBos76O5E%2BN0xdgET2wFJKkV%2FUW9XBmmSc7EtqFpbYejNkrAosw1R1zoV%2FMg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31104000
x-servd-hash: 23b5ee3db52d22846df0ff952fa349c6
cf-ray: 7053c8cabe4b8fc5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cross-origin-resource-policy: cross-origin

GET
H2 200 dawid-zawila-fiu89zdeTQI-unsplash.jpg
optimise2.assets-servd.host/jealous-emu/production/Techtalk/ 43 KB
44 KB 539ms
533ms Image
image/webp 2606:4700:20::ac43:4bc3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optimise2.assets-servd.host/jealous-emu/production/Techtalk/dawid-zawila-fiu89zdeTQI-unsplash.jpg?w=1280&h=800&auto=compress%2Cformat&fit=clip&dm=1633331446&s=a573c33a7c95d5da15ae4fcb9eb4bb5c
Requested by: Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bc3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9171a46ea05b0dc4401c5d7977a8e1979425ed485079803c9c602561dbc887bf

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-servd-from: Cache EU
date: Mon, 02 May 2022 21:17:33 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sK3cddpmOGuPXXhO%2BVNDrURTlffRsuYb%2FFbSFcHoMKas8in8wGK7BDNLtIjTNLWZTCMETebvG%2F07Nn%2F%2FLhEsQ%2FOIZN1FX5zw%2F8uYS9ZqOvryqcRJPC7F2HVxm1wgLz6GiobyqmH9TulDxpg7PrL0rcqgBqwvbBcZhw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31104000
x-servd-hash: 91fe99075562ec71fd51a3aafb08d0c1
cf-ray: 7053c8cabe4c8fc5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cross-origin-resource-policy: cross-origin

GET
H2 200 font.woff2
www.truesec.com/fonts/NimbusSanReg/ 41 KB
41 KB 56ms
55ms Font
font/woff2 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.truesec.com/fonts/NimbusSanReg/font.woff2

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/_next/static/css/2bb09b2a6016c0cd.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

0b17da62fb36f7470a36919503a56c697359e2958588c16dfb667bc9891318f9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://www.truesec.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
x-content-type-options: nosniff
age: 11411334
content-disposition: inline; filename="font.woff2"
x-vercel-cache: HIT
content-length: 41772
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /fonts/NimbusSanReg/font.woff2
date: Mon, 02 May 2022 21:17:33 GMT
strict-transport-security: max-age=63072000
content-type: font/woff2
x-vercel-id: fra1:fra1::tss4b-1651526253200-170bf1ee5c5f
cache-control: public, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"0b17da62fb36f7470a36919503a56c697359e2958588c16dfb667bc9891318f9"
accept-ranges: bytes

GET
H2 200 font.woff2
www.truesec.com/fonts/NimbusSanExtReg/ 29 KB
30 KB 47ms
47ms Font
font/woff2 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.truesec.com/fonts/NimbusSanExtReg/font.woff2

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/_next/static/css/2bb09b2a6016c0cd.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

273a989952bcaab018a929e31149171f873713cd36caa79a6650a7bdd5b08130

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://www.truesec.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
x-content-type-options: nosniff
age: 11411334
content-disposition: inline; filename="font.woff2"
x-vercel-cache: HIT
content-length: 30036
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /fonts/NimbusSanExtReg/font.woff2
date: Mon, 02 May 2022 21:17:33 GMT
strict-transport-security: max-age=63072000
content-type: font/woff2
x-vercel-id: fra1:fra1::tss4b-1651526253200-4c6c4d85056a
cache-control: public, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"273a989952bcaab018a929e31149171f873713cd36caa79a6650a7bdd5b08130"
accept-ranges: bytes

GET
H2 200 kKcko4LdeSM Show response
www.youtube.com/embed/ Frame F817 62 KB
27 KB 85ms
56ms Document
text/html 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/kKcko4LdeSM

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fdc59599f522705f74c6d5ed046c42eedbbb14d492c461ca548b05247dd628e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
date: Mon, 02 May 2022 21:17:33 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 font.woff2
www.truesec.com/fonts/NimbusSanLig/ 41 KB
41 KB 46ms
45ms Font
font/woff2 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.truesec.com/fonts/NimbusSanLig/font.woff2

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/_next/static/css/2bb09b2a6016c0cd.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e30ce15e8acb6c3db0edadbc7fb54d04a8101efef317c703884a976c90335fe9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://www.truesec.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
x-content-type-options: nosniff
age: 11411334
content-disposition: inline; filename="font.woff2"
x-vercel-cache: HIT
content-length: 41712
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /fonts/NimbusSanLig/font.woff2
date: Mon, 02 May 2022 21:17:33 GMT
strict-transport-security: max-age=63072000
content-type: font/woff2
x-vercel-id: fra1:fra1::tss4b-1651526253225-70797a698f14
cache-control: public, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"e30ce15e8acb6c3db0edadbc7fb54d04a8101efef317c703884a976c90335fe9"
accept-ranges: bytes

GET
H2 200 aerial-photographing-with-drone-picture-id1026580092.jpg
optimise2.assets-servd.host/jealous-emu/production/Report/ 27 KB
27 KB 35ms
35ms Image
image/webp 2606:4700:20::ac43:4bc3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optimise2.assets-servd.host/jealous-emu/production/Report/aerial-photographing-with-drone-picture-id1026580092.jpg?w=1280&h=800&auto=compress%2Cformat&fit=clip&dm=1644237367&s=626bfdc25169022e454c7f34d982ff85
Requested by: Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bc3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ee0efafd4d3bf456260c4570c1f5f2ebe67af6ff74fcbaec9d0f871abf4b09e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.truesec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-servd-from: Cache EU
date: Mon, 02 May 2022 21:17:33 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n%2BWBVZO9nhxeyXvG1ubjrIo6mKJgV1sC7w370GBkL602NDufJQOtTF%2BRggeUlWseqLgg%2Fjh2wRdSVq6zRUVkeeiTzly0srrhZQ%2Fw%2Feu42bPHeTILTSI6F%2BbZSP1y9wTXMTTmoMT7P7wIo%2BdDOAnGrYs0N%2BmpYARbyw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31104000
x-servd-hash: 00b3a9236efdd5ef219f531f4f05a51f
cf-ray: 7053c8caae248fc5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cross-origin-resource-policy: cross-origin

GET
H2 200 Threats-to-the-Swedish-Financial-Sector-in-2021.jpg
optimise2.assets-servd.host/jealous-emu/production/Report/ 89 KB
89 KB 556ms
556ms Image
image/webp 2606:4700:20::ac43:4bc3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optimise2.assets-servd.host/jealous-emu/production/Report/Threats-to-the-Swedish-Financial-Sector-in-2021.jpg?w=1280&h=800&auto=compress%2Cformat&fit=clip&dm=1649251517&s=bb18763115ad77774dbf74655b60155d
Requested by: Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bc3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 86837e12d82b85a625555ac14b3f0be0123eb7c42171364bf42840f9696f964e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.truesec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-servd-from: Cache EU
date: Mon, 02 May 2022 21:17:33 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eP43cmEM609Lu6XI1q28bXJSfK2f5TywekhHJ90Pomw3RsD3qrZ%2F3%2FPDLWZ4L3OBuGrYwHfAMHx%2FF0jHbk9iIzt%2BvA61PRkvQS9xAAzF2vfWYKtLkYUgRKiStTy2Wwtf33h2UVY6qKxcFivv4XfON2dgWidwR9tRtw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31104000
x-servd-hash: b2c7a4905c13f68e0dbdf9a7e803e82c
cf-ray: 7053c8caae258fc5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cross-origin-resource-policy: cross-origin

GET
H2 200 jason-peter-Zkte7MW1j-I-unsplash.jpg
optimise2.assets-servd.host/jealous-emu/production/Blog/ 16 KB
17 KB 1446ms
1446ms Image
image/webp 2606:4700:20::ac43:4bc3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optimise2.assets-servd.host/jealous-emu/production/Blog/jason-peter-Zkte7MW1j-I-unsplash.jpg?w=1280&h=800&auto=compress%2Cformat&fit=clip&dm=1633331352&s=8eee768e0555293df650e1d0deb396f9
Requested by: Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bc3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 20b9d6ea07168a3f04fa08c07013134fa89e5ba2dc89cfda2b33d92e8a52d21f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.truesec.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

x-servd-from: Cache EU
date: Mon, 02 May 2022 21:17:34 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TIGLNpsn5SQMtyIgnydN1OAFxJ44VNe%2B9QsB2Nr%2F1Ybdo1Zn%2FAHtCE3FY1MRRqcRXz%2BIwdDe2DLRSK3RjYeBv7Rh4oXcTtIxJ1zpbxPbSvYbX%2BxYKXxAWG%2BVMXzUWP2rtstTMaX%2FLfvAwBvURfU1cQbutkBdmJ%2FsVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31104000
x-servd-hash: fd547a971e9e0ebc2b3285121e9a964b
cf-ray: 7053c8caae278fc5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cross-origin-resource-policy: cross-origin

GET
H2 200 slider-next-active.svg
www.truesec.com/assets/slider/ 245 B
443 B 63ms
62ms Image
image/svg+xml 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.truesec.com/assets/slider/slider-next-active.svg

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/_next/static/css/2bb09b2a6016c0cd.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

5202c7efbe462a95aa34ec4cba8b72b4250884b76e5362ffddc14cec6c82e58e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
x-content-type-options: nosniff
age: 11411334
content-disposition: inline; filename="slider-next-active.svg"
x-vercel-cache: HIT
content-length: 245
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /assets/slider/slider-next-active.svg
date: Mon, 02 May 2022 21:17:33 GMT
strict-transport-security: max-age=63072000
content-type: image/svg+xml
x-vercel-id: fra1:fra1::tss4b-1651526253225-00295e04d6ef
cache-control: public, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"5202c7efbe462a95aa34ec4cba8b72b4250884b76e5362ffddc14cec6c82e58e"
accept-ranges: bytes

GET
H2 200 slider-prev-active.svg
www.truesec.com/assets/slider/ 266 B
453 B 63ms
63ms Image
image/svg+xml 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.truesec.com/assets/slider/slider-prev-active.svg

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/_next/static/css/2bb09b2a6016c0cd.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

5e059d5d50bd7b9859989431b0eb4288e8fddd12d6339e1d919fcae7924e999f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
x-content-type-options: nosniff
age: 11411334
content-disposition: inline; filename="slider-prev-active.svg"
x-vercel-cache: HIT
content-length: 266
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /assets/slider/slider-prev-active.svg
date: Mon, 02 May 2022 21:17:33 GMT
strict-transport-security: max-age=63072000
content-type: image/svg+xml
x-vercel-id: fra1:fra1::tss4b-1651526253225-9105df3aa801
cache-control: public, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"5e059d5d50bd7b9859989431b0eb4288e8fddd12d6339e1d919fcae7924e999f"
accept-ranges: bytes

GET
H2 200 SourceCodePro-Regular.woff2
www.truesec.com/fonts/SourceCode/ 75 KB
75 KB 45ms
45ms Font
font/woff2 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.truesec.com/fonts/SourceCode/SourceCodePro-Regular.woff2

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/_next/static/css/2bb09b2a6016c0cd.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

8e89e4c4cbc9f5b62d5cc9939383f42998f58fcd22fa2d0f07a15ebcc11be892

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://www.truesec.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
x-content-type-options: nosniff
age: 11411334
content-disposition: inline; filename="SourceCodePro-Regular.woff2"
x-vercel-cache: HIT
content-length: 76848
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /fonts/SourceCode/SourceCodePro-Regular.woff2
date: Mon, 02 May 2022 21:17:33 GMT
strict-transport-security: max-age=63072000
content-type: font/woff2
x-vercel-id: fra1:fra1::tss4b-1651526253236-9084be04d35a
cache-control: public, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"8e89e4c4cbc9f5b62d5cc9939383f42998f58fcd22fa2d0f07a15ebcc11be892"
accept-ranges: bytes

GET
H3 200 json Show response
forms.hsforms.com/embed/v3/form/5907437/e3a542f3-ccea-4df6-b5e3-a9481f7b233b/ 5 KB
2 KB 147ms
136ms XHR
application/json 2606:4700::6810:5905
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/5907437/e3a542f3-ccea-4df6-b5e3-a9481f7b233b/json?hutk=

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5905 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6fb4966f624e41e295834e559ef024a078fa9122f379fc286d11c329bcec677

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: application/json, text/javascript
Referer
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-origin-hublet: na1
date: Mon, 02 May 2022 21:17:33 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: c43ba8c7-1833-4dc2-acb6-f04afc00ccf6
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-robots-tag: none
server: cloudflare
x-trace: 2B03162391381C298FF72AE411632A5FE93F48E084000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.truesec.com
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
cf-ray: 7053c8cd9bb25b7a-FRA
access-control-allow-headers: *

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 199 KB
70 KB 128ms
25ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-K2VMF8D&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/hub/blog/kaseya-supply-chain-attack-targeting-msps-to-deliver-revil-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a50858a686d75d3625d3878ef185cb3962cc595da7f06ff87b3f8c11dda6d87b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 71189
x-xss-protection: 0
last-modified: Mon, 02 May 2022 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 02 May 2022 21:17:33 GMT

GET
H2 200 www-player.css
www.youtube.com/s/player/9cdfefcf/ Frame F817 335 KB
46 KB 8ms
7ms Stylesheet
text/css 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/9cdfefcf/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/kKcko4LdeSM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ba2b65836b472334c8abe1133ccdd57f61ccc6ae8c64dfad891735b080475611

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/kKcko4LdeSM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Sun, 01 May 2022 00:38:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 160725
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47149
x-xss-protection: 0
last-modified: Thu, 28 Apr 2022 00:16:30 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 01 May 2023 00:38:48 GMT

GET
H2 200 www-embed-player.js Show response
www.youtube.com/s/player/9cdfefcf/www-embed-player.vflset/ Frame F817 277 KB
86 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/9cdfefcf/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/kKcko4LdeSM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f47d2e856e15811898277d3a1f455ab9b15d50920b1f351ada165287518bce68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/kKcko4LdeSM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Sun, 01 May 2022 08:28:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 132540
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87526
x-xss-protection: 0
last-modified: Thu, 28 Apr 2022 00:16:30 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 01 May 2023 08:28:33 GMT

GET
H2 200 base.js Show response
www.youtube.com/s/player/9cdfefcf/player_ias.vflset/de_DE/ Frame F817 2 MB
525 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/9cdfefcf/player_ias.vflset/de_DE/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/kKcko4LdeSM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f03c1a2805c2d799bb9633282859ff375d9a277921447284f6e614520348d26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/kKcko4LdeSM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 19:52:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 350714
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 537691
x-xss-protection: 0
last-modified: Thu, 28 Apr 2022 00:16:30 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 28 Apr 2023 19:52:19 GMT

GET
H2 200 fetch-polyfill.js Show response
www.youtube.com/s/player/9cdfefcf/fetch-polyfill.vflset/ Frame F817 9 KB
3 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/9cdfefcf/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/kKcko4LdeSM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/kKcko4LdeSM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 07:04:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 51196
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2786
x-xss-protection: 0
last-modified: Thu, 28 Apr 2022 00:16:30 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 02 May 2023 07:04:17 GMT

OPTIONS
H2 200 json
forms.hsforms.com/embed/v3/form/5907437/e3a542f3-ccea-4df6-b5e3-a9481f7b233b/ Frame 0
0 232ms
128ms Preflight
text/plain 2606:4700::6810:5905
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/5907437/e3a542f3-ccea-4df6-b5e3-a9481f7b233b/json?hutk=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5905 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Headers: x-requested-with
Access-Control-Request-Method: GET
Origin: https://www.truesec.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: x-requested-with
access-control-allow-methods: OPTIONS, GET
access-control-allow-origin: https://www.truesec.com
access-control-expose-headers: X-Origin-Hublet
access-control-max-age: 180
allow: HEAD,GET,OPTIONS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=0, no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 7053c8ccbb58926b-FRA
content-length: 18
content-type: text/plain; charset=utf-8
date: Mon, 02 May 2022 21:17:33 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-hubspot-correlation-id: c16bcca6-870f-4ae2-89a0-dfb047e7a7e4
x-robots-tag: none
x-trace: 2B3B6FA56EF91B8C00DEF9623F671F41264162D7C5000000000000000000

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame F817 15 KB
16 KB 34ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/kKcko4LdeSM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 17:06:41 GMT
x-content-type-options: nosniff
age: 533452
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 26 Apr 2023 17:06:41 GMT

GET
H2 200 uc.js Show response
consent.cookiebot.com/ 90 KB
28 KB 73ms
10ms Script
application/javascript 2a02:26f0:7100::687e:25b1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/uc.js?cbid=fb174c59-0016-4d4c-8f79-2c133cf6c3fc
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K2VMF8D&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::687e:25b1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 70139fbcc1972f9d790cc9fb10cd344668feb28bd366da912d62780f4cc2dc18

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
content-encoding: gzip
last-modified: Tue, 12 Apr 2022 08:26:54 GMT
etag: "01bdd10474ed81:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-expose-headers: Request-Context
cache-control: public, max-age=359
request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
accept-ranges: bytes
content-length: 27845
expires: Mon, 02 May 2022 21:23:32 GMT

GET
H3

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame F817
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
146 B

30ms
14ms

XHR
application/json

2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/kKcko4LdeSM

Protocol

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f904f7f89ae7a08ba46129aed0780332b1412fda48fdbb0a76e125f2a9bb741

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 02 May 2022 21:17:33 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame F817 29 B
588 B 29ms
7ms Script
text/javascript 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/9cdfefcf/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:08:11 GMT
x-content-type-options: nosniff
age: 562
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 02 May 2022 21:23:11 GMT

OPTIONS
H2 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 38ms
14ms Preflight
text/html 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Mon, 02 May 2022 21:17:33 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame F817 44 KB
22 KB 37ms
21ms XHR
application/json+protobuf 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/9cdfefcf/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

db06a0fc7380e6cef435779338f06b7d604312923abc1a14b6b2a708b2aa596e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 22098
x-xss-protection: 0

GET
H3 200 remote.js Show response
www.youtube.com/s/player/9cdfefcf/player_ias.vflset/de_DE/ Frame F817 118 KB
37 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/9cdfefcf/player_ias.vflset/de_DE/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/9cdfefcf/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e0c4174e61491bcca41b0035a78384a41275762a80217fde843045a58defff6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/kKcko4LdeSM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 19:57:12 GMT
content-encoding: br
x-content-type-options: nosniff
age: 350421
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37653
x-xss-protection: 0
last-modified: Thu, 28 Apr 2022 00:16:30 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 28 Apr 2023 19:57:12 GMT

GET
H2 200 2BdFh1Rfv9vzIlQZwBfqObkgbvLgOP6YC9YOTJoHW_o.js Show response
www.google.com/js/th/ Frame F817 35 KB
14 KB 31ms
7ms Script
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/2BdFh1Rfv9vzIlQZwBfqObkgbvLgOP6YC9YOTJoHW_o.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/9cdfefcf/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8174587545fbfdbf3225419c017ea39b9206ef2e038fe980bd60e4c9a075bfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 10:38:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 38362
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13557
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 11:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 02 May 2023 10:38:11 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/9cdfefcf/player_ias.vflset/de_DE/ Frame F817 27 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/9cdfefcf/player_ias.vflset/de_DE/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/9cdfefcf/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b5b1ae65b8c4bff67063af77d9186e254923c375d6b5994abf2d5d539ab62cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/kKcko4LdeSM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Thu, 28 Apr 2022 19:52:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 350714
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8111
x-xss-protection: 0
last-modified: Thu, 28 Apr 2022 00:16:30 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 28 Apr 2023 19:52:19 GMT

GET
DATA 200
OK truncated
/ Frame F817 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 zhvy3_ZaC9Fllc_FZVQZpBSnm1b8plAtnKLDVX2VgAP-WOrgyQ5YNCQLf_G_jkHn6zk_zit2BVw=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ Frame F817 1 KB
1 KB 30ms
7ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/zhvy3_ZaC9Fllc_FZVQZpBSnm1b8plAtnKLDVX2VgAP-WOrgyQ5YNCQLf_G_jkHn6zk_zit2BVw=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/kKcko4LdeSM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a463f197a33375cdbbe0b8aaa383f9219afbb4b6caba412fc7a642d146aeb9ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 17:51:46 GMT
x-content-type-options: nosniff
age: 12347
content-disposition: inline;filename="channels4_profile.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1134
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 23 Apr 2022 06:41:52 GMT

GET
H2 200 maxresdefault.jpg
i.ytimg.com/vi/kKcko4LdeSM/ Frame F817 77 KB
77 KB 79ms
56ms Image
image/jpeg 2a00:1450:4001:811::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/kKcko4LdeSM/maxresdefault.jpg

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/kKcko4LdeSM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eccab74b9739bef8ec0f81f6e8be004093244e1981268e09ef9fdc413cd7ee19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 78758
x-xss-protection: 0
server: sffe
etag: "1625489413"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 02 May 2022 23:17:33 GMT

GET
H2 200 bc-v4.min.html Show response
consentcdn.cookiebot.com/sdk/ Frame EE63 627 B
692 B 31ms
8ms Document
text/html 2a02:26f0:1700:794::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js?cbid=fb174c59-0016-4d4c-8f79-2c133cf6c3fc
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:794::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: gzip
content-length: 392
content-type: text/html
date: Mon, 02 May 2022 21:17:33 GMT
etag: "3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163"
expires: Tue, 02 May 2023 21:17:33 GMT
last-modified: Mon, 04 Apr 2022 07:23:49 GMT
server: AkamaiNetStorage
server-timing: cdn-cache; desc=HIT edge; dur=1
vary: Accept-Encoding
x-akamai-transformed: 9 - 0 pmb=mRUM,1

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame F817 4 KB
3 KB 39ms
15ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/9cdfefcf/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 02 May 2022 21:17:33 GMT

GET
H3 204 generate_204
www.youtube.com/ Frame F817 0
9 B 7ms
6ms Image
text/plain 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?uh1bbA
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/kKcko4LdeSM
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/kKcko4LdeSM
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 submit-arrow.svg
www.truesec.com/assets/form/ 243 B
427 B 12ms
12ms Image
image/svg+xml 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.truesec.com/assets/form/submit-arrow.svg

Requested by

Host: www.truesec.com
URL: https://www.truesec.com/_next/static/css/2bb09b2a6016c0cd.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

b12368d3c5dba872ff52f51d990122bb48b276fc7e21e4a12bf4bdcd52f33daa

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

content-security-policy: frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
x-content-type-options: nosniff
age: 11411334
content-disposition: inline; filename="submit-arrow.svg"
x-vercel-cache: HIT
content-length: 243
x-xss-protection: 1; mode=block
access-control-allow-origin: https://jealous-emu-production.cl-eu-west-2.servd.dev
referrer-policy: no-referrer
server: Vercel
x-matched-path: /assets/form/submit-arrow.svg
date: Mon, 02 May 2022 21:17:33 GMT
strict-transport-security: max-age=63072000
content-type: image/svg+xml
x-vercel-id: fra1:fra1::tss4b-1651526253926-518b9d887714
cache-control: public, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
etag: W/"b12368d3c5dba872ff52f51d990122bb48b276fc7e21e4a12bf4bdcd52f33daa"
accept-ranges: bytes

GET
H3 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/101/ Frame F817 52 KB
15 KB 23ms
8ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/101/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f69d70bf8ce1e473f3659ee6c746035ae11ebbe9383c1857783e300458667e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 16:21:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17783
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15395
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 19:36:20 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview-release"
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Tue, 03 May 2022 16:21:10 GMT

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame F817 98 B
142 B 18ms
18ms XHR
application/json+protobuf 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/9cdfefcf/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

784799583085b036d955dcf39bf3a8e99839b6f11a50d7fd9f5b39e0228beefe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Mon, 02 May 2022 21:17:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 118
x-xss-protection: 0

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 15ms
14ms Preflight
text/html 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Mon, 02 May 2022 21:17:33 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H2 200 cc.js Show response
consent.cookiebot.com/fb174c59-0016-4d4c-8f79-2c133cf6c3fc/ 247 KB
56 KB 53ms
52ms Script
application/x-javascript 2a02:26f0:7100::687e:25b1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/fb174c59-0016-4d4c-8f79-2c133cf6c3fc/cc.js?renew=false&referer=www.truesec.com&dnt=false
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js?cbid=fb174c59-0016-4d4c-8f79-2c133cf6c3fc
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::687e:25b1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 2619cfaf1454f7c38d096c90d4a58eb668e7c20978b82692b458d1a223e5e61e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:17:34 GMT
content-encoding: gzip
last-modified: Mon, 02 May 2022 21:17:34 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-expose-headers: Request-Context
cache-control: private, max-age=1200
content-length: 56518
request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef

GET
DATA 200
OK truncated
/ 293 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame F817 28 B
54 B 24ms
23ms XHR
application/json 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/9cdfefcf/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/kKcko4LdeSM
X-YouTube-Client-Version: 1.20220427.01.00
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: CgtXZkJseDVhb01NbyjtlMGTBg%3D%3D
X-YouTube-Ad-Signals: dt=1651526253581&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C675%2C446&vis=1&wgl=true&ca_type=image

Response headers

date: Mon, 02 May 2022 21:17:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Mon, 02 May 2022 21:17:35 GMT

Verdicts & Comments Add Verdict or Comment

53 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: 7tgyFFHGgHM
			.youtube.com/	1970-01-20 07:04:38	Name: VISITOR_INFO1_LIVE Value: WfBlx5aoMMo

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors http://localhost http://ts-craft-cms.test https://jealous-emu-production.cl-eu-west-2.servd.dev https://jealous-emu-staging.cl-eu-west-2.servd.dev
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blog.truesec.com
consent.cookiebot.com
consentcdn.cookiebot.com
fonts.gstatic.com
forms.hsforms.com
googleads.g.doubleclick.net
i.ytimg.com
jnn-pa.googleapis.com
js.hsforms.net
optimise2.assets-servd.host
static.doubleclick.net
www.google.com
www.googletagmanager.com
www.gstatic.com
www.truesec.com
www.youtube.com
yt3.ggpht.com
2606:4700:20::ac43:4bc3
2606:4700::6810:5905
2606:4700::6811:b949
2a00:1450:4001:802::2003
2a00:1450:4001:802::2006
2a00:1450:4001:809::2002
2a00:1450:4001:809::200e
2a00:1450:4001:811::2016
2a00:1450:4001:812::2008
2a00:1450:4001:812::200a
2a00:1450:4001:813::2004
2a00:1450:4001:82b::2001
2a00:1450:4001:82f::2003
2a02:26f0:1700:794::f09
2a02:26f0:7100::687e:25b1
76.76.21.22
080e4e6a3bb5279ae05d16d94e7ff0bf70d9a754bc9595ba104d01cb823bfff0
0b17da62fb36f7470a36919503a56c697359e2958588c16dfb667bc9891318f9
0c863053454caad46a30039b2e37b56adc4037f08752961afff8c8bca195984b
0f3b8f390cb77125fd70f8ceb257315d1ad6b1734feb6ed4424dfef4549a1ec2
20b9d6ea07168a3f04fa08c07013134fa89e5ba2dc89cfda2b33d92e8a52d21f
2619cfaf1454f7c38d096c90d4a58eb668e7c20978b82692b458d1a223e5e61e
273a989952bcaab018a929e31149171f873713cd36caa79a6650a7bdd5b08130
2c10b2241bd7c2dd2327e79ed6e59f2cab8989f7feb45213946b57cc76ee74dc
3b4f6ee96faadb024ed0310b54aa96dc873824444123cc88cc1cb4ffa1d0e3cb
3b54dffddaa2eac539bd5b13d6f80c38da6076ce740db0c587a68e7e4f25c5b6
3b5b1ae65b8c4bff67063af77d9186e254923c375d6b5994abf2d5d539ab62cd
3ddbeaa61005463a17ff6d9903ff1d73a158e04a10db88ede26fe7f6d7ece989
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
41a9b13eb00b9a9e361db7118f4121edce5df098b1f1e8c9d7e68c732c26cfa0
46802a692af6557a560d548bcd048a28966d2b68beb29083974943de82b818a3
48113d6d968a06309e6f0de034ee0a48838b086541626863fb6a1d587eb26758
498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9
5202c7efbe462a95aa34ec4cba8b72b4250884b76e5362ffddc14cec6c82e58e
550dc0229461695101d087dcf20293def298523c25ce89619a9aecf19fd732f0
59630935840a38c5b2a1c7191c2bea389e06888dbaf33946fd80c62474a5e8ae
5b02b64a9d46ea92f6e4e2c6c7a82a38c2c987aaf84c394fedb4d2e0b26f8a6c
5e059d5d50bd7b9859989431b0eb4288e8fddd12d6339e1d919fcae7924e999f
6243f3c77f193612648027475eaab6da009b985f0716acdfc021de263dd6f3c9
668abece3c2145837d1216937d4a95505afb62c397b751fc81b0240adf949297
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
6a7635f073465a506a5a7c252fe6f7a63efa0d4c6d24179b8aca1931653223ab
6f69d70bf8ce1e473f3659ee6c746035ae11ebbe9383c1857783e300458667e0
70139fbcc1972f9d790cc9fb10cd344668feb28bd366da912d62780f4cc2dc18
738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104
784799583085b036d955dcf39bf3a8e99839b6f11a50d7fd9f5b39e0228beefe
7d9beb38d6c65a97167c744dbb59ffefc5480a35225729c28b35edf7dd0a1955
8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979
83f76bcd208d874644bb4292c774f25c1daaecc7ae8a60e50658933ef538eab4
86837e12d82b85a625555ac14b3f0be0123eb7c42171364bf42840f9696f964e
8e89e4c4cbc9f5b62d5cc9939383f42998f58fcd22fa2d0f07a15ebcc11be892
8f03c1a2805c2d799bb9633282859ff375d9a277921447284f6e614520348d26
8f904f7f89ae7a08ba46129aed0780332b1412fda48fdbb0a76e125f2a9bb741
9171a46ea05b0dc4401c5d7977a8e1979425ed485079803c9c602561dbc887bf
9d99e69c4cb11e5f6b41962ae00d7add057c6544d5bba335a11144cc846c5f2b
a463f197a33375cdbbe0b8aaa383f9219afbb4b6caba412fc7a642d146aeb9ef
a50858a686d75d3625d3878ef185cb3962cc595da7f06ff87b3f8c11dda6d87b
a67ca5769dacd3265d686bc86d6e5fe3c1c5eed05c62138023f5b06429abe462
a694204b892369f4801f39ef15a5b87d17e8c52492a08b0dda4d1e65535a1a38
aadb91364d1393a1e6b4bc849eaabb92c4ed68437fb5f0ea95bd9d66ceeee2da
b12368d3c5dba872ff52f51d990122bb48b276fc7e21e4a12bf4bdcd52f33daa
ba2b65836b472334c8abe1133ccdd57f61ccc6ae8c64dfad891735b080475611
be3e54375ffaf51988de61d1e215c13f700351dd573eb16acb0674969c8a2242
c5e896a3f9b16c1ed62fc2874360e9299ce7cfaa2d4cc75877ccd5a46ddd178f
c6fb4966f624e41e295834e559ef024a078fa9122f379fc286d11c329bcec677
c931e84b0d28fb4eaca2ecf8dfb3d1b2b2537c1c916c0999411d755ce92f269c
ca4bb2563b5be6323a5c153e14888dc16d1a0df7e1fbbe84c36330af56663e63
d31e82d89a2f3647e4bd2a50749355fa3d2721bd050dc017f4d0fc3a614cf350
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d8174587545fbfdbf3225419c017ea39b9206ef2e038fe980bd60e4c9a075bfa
db06a0fc7380e6cef435779338f06b7d604312923abc1a14b6b2a708b2aa596e
de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a
e0c4174e61491bcca41b0035a78384a41275762a80217fde843045a58defff6e
e267dca009b76041eabc1050ba4a166c5868c8e255469a1a0bd2167e353cc5fd
e30ce15e8acb6c3db0edadbc7fb54d04a8101efef317c703884a976c90335fe9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9516416d3e2d9a9e3eb3965e0c11fd6cef5a890760c5d508e018e53b9c9dc66
eccab74b9739bef8ec0f81f6e8be004093244e1981268e09ef9fdc413cd7ee19
ee0efafd4d3bf456260c4570c1f5f2ebe67af6ff74fcbaec9d0f871abf4b09e1
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
f1426c9322621378e362570f4ae1a661cf55a46b073bc83c568c2afe67d169e4
f47d2e856e15811898277d3a1f455ab9b15d50920b1f351ada165287518bce68
f837149a0a9a2b92a8d7f152da2ef4e69b30f98ed029cddcfcaa76bf9883ffc1
fb3d845416cd436e09985eaf5686b935db41946dbfe83f598f0e9b1c55e8e177
fd33bbecf9cd62f171950662a1f7fd70377af80b2a8c6710b8b5f26fb379fa0a
fdc59599f522705f74c6d5ed046c42eedbbb14d492c461ca548b05247dd628e1
febc37aac923fba810d8d26c1afa7fc1845701770ebc722d1391e33220830147
ff712ff2b433f78559d51464625a77b60171b9204216640e0073332a18c2a17c

www.truesec.com Open in urlscan Pro 76.76.21.22 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

74 Requests

99 %HTTPS

94 %IPv6

13 Domains

17 Subdomains

17 IPs

2 Countries

2627 kBTransfer

6309 kBSize

2 Cookies

29 Outgoing links

Page URL History

Redirected requests

74 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.truesec.com Open in urlscan Pro
76.76.21.22 Public Scan

Screenshot
Live screenshot

Full Image

74
Requests

99 %
HTTPS

94 %
IPv6

13
Domains

17
Subdomains

17
IPs

2
Countries

2627 kB
Transfer

6309 kB
Size

2
Cookies

74 HTTP transactions
2 data transactions