www.malwarebytes.com Open in urlscan Pro
192.0.66.233 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware
Submission: On November 29 via api (November 29th 2023, 7:05:51 pm UTC) from IN — Scanned from DE

Summary HTTP 71 Redirects Links 38 Behaviour Indicators

Summary

This website contacted 16 IPs in 3 countries across 12 domains to perform 71 HTTP transactions. The main IP is 192.0.66.233, located in San Francisco, United States and belongs to AUTOMATTIC, US. The main domain is www.malwarebytes.com. The Cisco Umbrella rank of the primary domain is 113527.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on October 17th 2023. Valid for: a year.

This is the only time www.malwarebytes.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
18	192.0.66.233 192.0.66.233	2635 (AUTOMATTIC) (AUTOMATTIC)
6	34.96.102.137 34.96.102.137	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
2	2400:52e0:1e0... 2400:52e0:1e00::1080:1	200325 (BUNNYCDN) (BUNNYCDN)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
3	199.232.196.134 199.232.196.134	54113 (FASTLY) (FASTLY)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1	54.156.200.125 54.156.200.125	14618 (AMAZON-AES) (AMAZON-AES)
12	2606:4700::68... 2606:4700::6812:83ec	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	151.101.192.134 151.101.192.134	54113 (FASTLY) (FASTLY)
1	2606:4700:440... 2606:4700:4400::6812:2089	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	2600:9000:20b... 2600:9000:20b4:b400:6:8656:f5c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
1	199.232.192.134 199.232.192.134	54113 (FASTLY) (FASTLY)
71	16

18 192.0.66.233 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

www.malwarebytes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2400:52e0:1e00::1080:1 (Germany)

ASN200325 (BUNNYCDN, SI)

plausible.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 199.232.196.134 (United States)

ASN54113 (FASTLY, US)

malwarebytesunpacked.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.156.200.125 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-200-125.compute-1.amazonaws.com

genesis.malwarebytes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700::6812:83ec (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.192.134 (United States)

ASN54113 (FASTLY, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2600:9000:20b4:b400:6:8656:f5c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.192.134 (United States)

ASN54113 (FASTLY, US)

referrer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	malwarebytes.com www.malwarebytes.com — Cisco Umbrella Rank: 113527 genesis.malwarebytes.com — Cisco Umbrella Rank: 260371	872 KB
15	disquscdn.com c.disquscdn.com — Cisco Umbrella Rank: 5610	334 KB
12	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 342	198 KB
8	disqus.com malwarebytesunpacked.disqus.com — Cisco Umbrella Rank: 763965 disqus.com — Cisco Umbrella Rank: 1282 referrer.disqus.com — Cisco Umbrella Rank: 8050	57 KB
6	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 2958	103 KB
3	gstatic.com fonts.gstatic.com	48 KB
2	wp.com stats.wp.com — Cisco Umbrella Rank: 2855 pixel.wp.com — Cisco Umbrella Rank: 2799	3 KB
2	plausible.io plausible.io — Cisco Umbrella Rank: 10361	2 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	1 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 590	304 B
1	gravatar.com secure.gravatar.com — Cisco Umbrella Rank: 2178	94 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	116 KB
71	12

	Domain	Requested by
18	www.malwarebytes.com	www.malwarebytes.com
15	c.disquscdn.com	disqus.com c.disquscdn.com
12	cdn.cookielaw.org	www.malwarebytes.com cdn.cookielaw.org
6	dev.visualwebsiteoptimizer.com	www.malwarebytes.com dev.visualwebsiteoptimizer.com
4	disqus.com	malwarebytesunpacked.disqus.com c.disquscdn.com
3	fonts.gstatic.com	fonts.googleapis.com
3	malwarebytesunpacked.disqus.com	www.malwarebytes.com malwarebytesunpacked.disqus.com
2	plausible.io	www.malwarebytes.com plausible.io
1	referrer.disqus.com
1	fonts.googleapis.com	client
1	geolocation.onetrust.com	cdn.cookielaw.org
1	pixel.wp.com	www.malwarebytes.com
1	genesis.malwarebytes.com	www.malwarebytes.com
1	stats.wp.com	www.malwarebytes.com
1	secure.gravatar.com	www.malwarebytes.com
1	www.googletagmanager.com	www.malwarebytes.com
71	16

This site contains links to these domains. Also see Links.

Domain
support.malwarebytes.com
service.malwarebytes.com
try.malwarebytes.com
my.malwarebytes.com
cloud.malwarebytes.com
partners.malwarebytes.com
www.threatdown.com
forums.malwarebytes.com
www.youtube.com
www.facebook.com
twitter.com
www.linkedin.com
www.cisa.gov
attack.mitre.org
www.instagram.com
de.malwarebytes.com
es.malwarebytes.com
fr.malwarebytes.com
it.malwarebytes.com
pt.malwarebytes.com
br.malwarebytes.com
nl.malwarebytes.com
pl.malwarebytes.com
ru.malwarebytes.com
www.onetrust.com

Subject Issuer	Validity	Valid
*.malwarebytes.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-17` - `2024-10-04`	a year	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2023-07-06` - `2024-07-06`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
plausible.io R3	`2023-10-30` - `2024-01-28`	3 months	crt.sh
*.gravatar.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-23` - `2023-12-24`	a year	crt.sh
*.disqus.com Sectigo RSA Domain Validation Secure Server CA	`2023-04-13` - `2024-04-20`	a year	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2023-11-28` - `2024-12-28`	a year	crt.sh
malwarebytes.com Amazon RSA 2048 M02	`2023-09-05` - `2024-10-03`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
a.disquscdn.com Amazon RSA 2048 M01	`2023-08-31` - `2024-09-27`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware
Frame ID: F9C9F26F6C4D98BEDD9AD57F8AD8DC87
Requests: 51 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=260825&t_u=https%3A%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2023%2F03%2Fwarning-issued-over-royal-ransomware&t_d=Warning%20issued%20over%20Royal%20ransomware&t_t=Warning%20issued%20over%20Royal%20ransomware&s_o=default
Frame ID: D501AD5B32A1584AB34933DDF03BB2C7
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Warning issued over Royal ransomwarerssBack ButtonSearch IconFilter Icon

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

71
Requests

100 %
HTTPS

53 %
IPv6

12
Domains

16
Subdomains

16
IPs

3
Countries

1828 kB
Transfer

4319 kB
Size

7
Cookies

38 Outgoing links

These are links going to different origins than the main page.

URL: https://support.malwarebytes.com/
Title: Personal Support

Search URL Search Domain Scan URL

URL: https://service.malwarebytes.com/
Title: Business Support

Search URL Search Domain Scan URL

URL: https://try.malwarebytes.com/custom-quote/?ref=NAV
Title: Talk to Sales

Search URL Search Domain Scan URL

URL: https://my.malwarebytes.com/en/login
Title: MyAccount sign in: manage your personal or Teams subscription >

Search URL Search Domain Scan URL

URL: https://cloud.malwarebytes.com/
Title: Cloud Console sign in: manage your cloud business products >

Search URL Search Domain Scan URL

URL: https://partners.malwarebytes.com/English
Title: Partner Portal sign in: management for Resellers and MSPs >

Search URL Search Domain Scan URL

URL: https://my.malwarebytes.com/login
Title: Manage your subscription

Search URL Search Domain Scan URL

URL: https://support.malwarebytes.com/hc/en-us
Title: Visit our support page

Search URL Search Domain Scan URL

URL: https://www.threatdown.com/try-now/
Title: Request Demo

Search URL Search Domain Scan URL

URL: https://try.malwarebytes.com/2023-state-of-malware/?utm_source=website
Title: The State of Malware 2023 Report

Search URL Search Domain Scan URL

URL: https://forums.malwarebytes.com/
Title: Forums

Search URL Search Domain Scan URL

URL: https://support.malwarebytes.com/hc/en-us/articles/360038524154-Report-a-false-positive-to-Malwarebytes-Support
Title: Report a False Positive

Search URL Search Domain Scan URL

URL: https://support.malwarebytes.com/hc/en-us/articles/360046199873-Activate-Malwarebytes-Privacy-on-Windows-device
Title: See Content

Search URL Search Domain Scan URL

URL: https://www.youtube.com/malwarebytes
Title: Product Videos

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Malwarebytes/

Search URL Search Domain Scan URL

URL: https://twitter.com/malwarebytes

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/malwarebytes

Search URL Search Domain Scan URL

URL: https://www.cisa.gov/stopransomware
Title: StopRansomware

Search URL Search Domain Scan URL

URL: https://try.malwarebytes.com/2023-state-of-malware/?utm_source=blog&utm_medium=social&utm_campaign=b2b_ws_global_som_167578574700
Title: Lockbit

Search URL Search Domain Scan URL

URL: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a
Title: CSA

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/versions/v12/techniques/T1190/
Title: Exploiting public-facing applications

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Warning+issued+over+Royal+ransomware+https%3A%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2023%2F03%2Fwarning-issued-over-royal-ransomware&via=Malwarebytes

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware&summary=&source=

Search URL Search Domain Scan URL

URL: https://twitter.com/MetallicaMVP

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Malwarebytes
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/Malwarebytes
Title: Youtube

Search URL Search Domain Scan URL

URL: https://www.instagram.com/malwarebytesofficial
Title: Instagram

Search URL Search Domain Scan URL

URL: https://de.malwarebytes.com/
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://es.malwarebytes.com/
Title: Español

Search URL Search Domain Scan URL

URL: https://fr.malwarebytes.com/
Title: Français

Search URL Search Domain Scan URL

URL: https://it.malwarebytes.com/
Title: Italiano

Search URL Search Domain Scan URL

URL: https://pt.malwarebytes.com/
Title: Português (Portugal)

Search URL Search Domain Scan URL

URL: https://br.malwarebytes.com/
Title: Português (Brasil)

Search URL Search Domain Scan URL

URL: https://nl.malwarebytes.com/
Title: Nederlands

Search URL Search Domain Scan URL

URL: https://pl.malwarebytes.com/
Title: Polski

Search URL Search Domain Scan URL

URL: https://ru.malwarebytes.com/
Title: Pусский

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

71 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request warning-issued-over-royal-ransomware Show response
www.malwarebytes.com/blog/news/2023/03/ 303 KB
67 KB 373ms
309ms Document
text/html 192.0.66.233
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.233 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8a040e3100833da10365385f6b9c9dcc1c1017348ee6ed1bfd8939d99d074c7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
cache-control: max-age=300, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 29 Nov 2023 19:05:45 GMT
host-header: a9130478a60e5f9135f765b23f26593b
link: <https://www.malwarebytes.com/wp-json/>; rel="https://api.w.org/" <https://www.malwarebytes.com/wp-json/wp/v2/posts/72694>; rel="alternate"; type="application/json" <https://www.malwarebytes.com/?p=72694>; rel=shortlink
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: miss
x-content-type-options: nosniff
x-frame-options: DENY
x-pingback: https://www.malwarebytes.com/xmlrpc.php
x-rq: hhn2 96 184 443

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 13 KB
4 KB 93ms
32ms Script
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=622914&u=https%3A%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2023%2F03%2Fwarning-issued-over-royal-ransomware&vn=2
Requested by: Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: c0dabf73d37d25fc527da6690109cc7c37fd54cc22cf708696939c32f69b7abd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:45 GMT
content-encoding: gzip
via: 1.1 google
server: gfra1
etag: W/"1701281604"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, no-cache, must-revalidate
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3 200 tag-911a186936688a9a7988702d00192dd7.js Show response
dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/ 181 KB
50 KB 61ms
35ms Script
text/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-911a186936688a9a7988702d00192dd7.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=622914&u=https%3A%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2023%2F03%2Fwarning-issued-over-royal-ransomware&vn=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 4dc58807c3c1c8164fea8b1d778317c513189e532511b45cf6215c00b6bcd5a4

Request headers

Referer: https://www.malwarebytes.com/
Origin: https://www.malwarebytes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:46 GMT
content-encoding: br
via: 1.1 google
last-modified: Wed, 29 Nov 2023 12:07:10 GMT
server: gfra1
etag: "6567296e-c9a7"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51623

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
151 B 112ms
111ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=622914&d=malwarebytes.com&u=D77A491202ECED84C99BD7ED3125A1E85&h=2ab6ff293ab3c1de00d21be86d1d21c7&t=false

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:46 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
cache-control: public, max-age=43200
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35

GET
H2 200 /
www.malwarebytes.com/_static/ 374 KB
69 KB 21ms
20ms Stylesheet
text/css 192.0.66.233
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/_static/??-eJyNzEEOAiEMBdALCYUxRl0Yz1KwKkoZMi0hc3vRuHThsv//V+jVxLkoFQW9E5MAY+64UFh1HChCKhBaypfRpGKjyAb+UzmFBZcVBoHrmBvsJDOT5R9/uJma2y0VgQdpxfg0frKHD/4Gb3Pmk987Pzl33O5eCJJFvg==

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.233 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

9bdd701c0629752935c98cbdb5a9671cba6af18797867921989b11ccc457e966

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Tue, 28 Nov 2023 19:48:55 GMT
server: nginx
x-rq: hhn2 96 184 443
vary: Accept-Encoding
x-cache: HIT
content-type: text/css;charset=utf-8
cache-control: max-age=31536000

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 380 KB
116 KB 111ms
59ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MKSKW3

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

198fb3dc5f5a79fdc17377620846994c369cf47694e6234a97defca90a506002

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 117896
x-xss-protection: 0
last-modified: Wed, 29 Nov 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 29 Nov 2023 19:05:46 GMT

GET
H2 200 script.js Show response
plausible.io/js/ 1 KB
1 KB 96ms
24ms Script
application/javascript 2400:52e0:1e00::1080:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://plausible.io/js/script.js

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1080 /

Resource Hash

021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:46 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1081
cdn-cachedat: 11/28/2023 20:56:35
cdn-pullzone: 682664
cross-origin-resource-policy: cross-origin
application: 10.0.1.5
alt-svc: h3=":443"; ma=2592000
server: BunnyCDN-DE1-1080
cdn-proxyver: 1.04
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cache-control: public, must-revalidate, max-age=86400
permissions-policy: interest-cohort=()
cdn-requestid: 653e3e5a4665a34d9d639c2cd9ef1bb5
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 asset_upload_file34807_260825.png
www.malwarebytes.com/wp-content/uploads/sites/2/2023/03/ 311 KB
312 KB 822ms
821ms Image
image/webp 192.0.66.233
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.malwarebytes.com/wp-content/uploads/sites/2/2023/03/asset_upload_file34807_260825.png

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.233 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8c3a7d4b4fb498130ed227de3076f314bfd4d47d2be6e8b00f2d9fdb486cb9cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:46 GMT
strict-transport-security: max-age=31536000
x-rq: hhn2 109 83 443
last-modified: Wed, 29 Nov 2023 19:05:46 GMT
server: nginx
etag: "fb9c1714af59ebf7"
vary: Accept
x-cache: MISS
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 318552

GET
H2 200 easset_upload_file74738_260825_e.jpg
www.malwarebytes.com/wp-content/uploads/sites/2/2023/03/ 75 KB
76 KB 117ms
116ms Image
image/jpeg 192.0.66.233
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.malwarebytes.com/wp-content/uploads/sites/2/2023/03/easset_upload_file74738_260825_e.jpg

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.233 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ad433d1795b310fcfd547673efaa7788b3d78b13fc1310aec679494ac68ef2c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:46 GMT
strict-transport-security: max-age=31536000
x-rq: hhn2 109 83 443
last-modified: Wed, 29 Nov 2023 19:05:46 GMT
server: nginx
etag: "8ff6688295ea900f"
vary: Accept
x-cache: MISS
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 77291

GET
H2 200 header-2.png
www.malwarebytes.com/wp-content/uploads/sites/2/2023/11/ 4 KB
4 KB 28ms
27ms Image
image/webp 192.0.66.233
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.malwarebytes.com/wp-content/uploads/sites/2/2023/11/header-2.png?w=150&h=150&crop=1

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.233 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c49fea3a9c46f32011c2204bb253d1eeec5ad457018513335aa01432aea809fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:46 GMT
strict-transport-security: max-age=31536000
x-rq: hhn2 109 86 443
last-modified: Tue, 28 Nov 2023 10:22:51 GMT
server: nginx
etag: "c10074877973858f"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 4036

GET
DATA 200
OK truncated
/ 577 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b556aa0c99a333220bef9718a277f81139f356534c0c707430252f445f769b8b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 436 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 242aa88120783594cb0c56ff247407db601e2a09c4f598f7c7d40b9b2ba6369e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c2bf4235c36480dd023ae5a3161be4b1d3c5f4728c753788d43530cece558812

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 Roboto-Regular.b009a76a.woff2
www.malwarebytes.com/wp-content/themes/malwarebytes/assets/build/fonts/ 15 KB
16 KB 31ms
30ms Font
application/font-woff2 192.0.66.233
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/wp-content/themes/malwarebytes/assets/build/fonts/Roboto-Regular.b009a76a.woff2

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.233 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware
Origin: https://www.malwarebytes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:46 GMT
strict-transport-security: max-age=31536000
x-rq: hhn2 96 184 443
last-modified: Thu, 24 Aug 2023 13:07:30 GMT
server: nginx
etag: "64e75612-3d80"
x-cache: HIT
content-type: application/font-woff2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 15744

GET
H2 200 Graphik-Regular.3fdd19ea.woff2
www.malwarebytes.com/wp-content/themes/malwarebytes/assets/build/fonts/ 38 KB
38 KB 31ms
30ms Font
application/font-woff2 192.0.66.233
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/wp-content/themes/malwarebytes/assets/build/fonts/Graphik-Regular.3fdd19ea.woff2

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.233 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

9e1c5b7f15bcd940814677515f306113aa93921b6e7f0d184a6de904d07b6f43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware
Origin: https://www.malwarebytes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:46 GMT
strict-transport-security: max-age=31536000
x-rq: hhn2 96 185 443
last-modified: Thu, 24 Aug 2023 13:07:30 GMT
server: nginx
etag: "64e75612-97a8"
x-cache: HIT
content-type: application/font-woff2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 38824

GET
H2 200 Graphik-Medium.3ff48deb.woff2
www.malwarebytes.com/wp-content/themes/malwarebytes/assets/build/fonts/ 42 KB
42 KB 32ms
31ms Font
application/font-woff2 192.0.66.233
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/wp-content/themes/malwarebytes/assets/build/fonts/Graphik-Medium.3ff48deb.woff2

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.233 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

fc4c4327594c7559168718f24efe82754660fdd55f62aa796baefee1e9b8d3d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware
Origin: https://www.malwarebytes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:46 GMT
strict-transport-security: max-age=31536000
x-rq: hhn2 96 184 443
last-modified: Thu, 24 Aug 2023 13:07:30 GMT
server: nginx
etag: "64e75612-a738"
x-cache: HIT
content-type: application/font-woff2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 42808

GET
H2 200 Graphik-Semibold.b023d334.woff2
www.malwarebytes.com/wp-content/themes/malwarebytes/assets/build/fonts/ 42 KB
42 KB 32ms
31ms Font
application/font-woff2 192.0.66.233
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/wp-content/themes/malwarebytes/assets/build/fonts/Graphik-Semibold.b023d334.woff2

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.233 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

33441b6e44fb33343a5769858ca65653ce482e5e0c58c6eb1cee0e50aa06ddf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware
Origin: https://www.malwarebytes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:46 GMT
strict-transport-security: max-age=31536000
x-rq: hhn2 96 184 443
last-modified: Thu, 24 Aug 2023 13:07:30 GMT
server: nginx
etag: "64e75612-a63c"
x-cache: HIT
content-type: application/font-woff2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 42556

GET
H2 200 Roboto-Bold.227c9319.woff2
www.malwarebytes.com/wp-content/themes/malwarebytes/assets/build/fonts/ 15 KB
16 KB 32ms
31ms Font
application/font-woff2 192.0.66.233
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/wp-content/themes/malwarebytes/assets/build/fonts/Roboto-Bold.227c9319.woff2

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.233 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware
Origin: https://www.malwarebytes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:46 GMT
strict-transport-security: max-age=31536000
x-rq: hhn2 96 185 443
last-modified: Thu, 24 Aug 2023 13:07:30 GMT
server: nginx
etag: "64e75612-3df4"
x-cache: HIT
content-type: application/font-woff2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 15860

GET
H2 200 Roboto-Medium.f25d774e.woff2
www.malwarebytes.com/wp-content/themes/malwarebytes/assets/build/fonts/ 16 KB
16 KB 32ms
31ms Font
application/font-woff2 192.0.66.233
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/wp-content/themes/malwarebytes/assets/build/fonts/Roboto-Medium.f25d774e.woff2

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.233 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware
Origin: https://www.malwarebytes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:46 GMT
strict-transport-security: max-age=31536000
x-rq: hhn2 96 185 443
last-modified: Thu, 24 Aug 2023 13:07:30 GMT
server: nginx
etag: "64e75612-3e30"
x-cache: HIT
content-type: application/font-woff2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 15920

GET
H2 200 Roboto-Black.2e8becfc.woff2
www.malwarebytes.com/wp-content/themes/malwarebytes/assets/build/fonts/ 15 KB
16 KB 37ms
37ms Font
application/font-woff2 192.0.66.233
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/wp-content/themes/malwarebytes/assets/build/fonts/Roboto-Black.2e8becfc.woff2

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.233 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware
Origin: https://www.malwarebytes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:46 GMT
strict-transport-security: max-age=31536000
x-rq: hhn2 96 184 443
last-modified: Thu, 24 Aug 2023 13:07:30 GMT
server: nginx
etag: "64e75612-3d88"
x-cache: HIT
content-type: application/font-woff2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 15752

GET
H2 200 malwarebytes-state-of-malware-report-2023.jpg
www.malwarebytes.com/wp-content/uploads/sites/2/2023/07/ 72 KB
72 KB 29ms
28ms Image
image/jpeg 192.0.66.233
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.malwarebytes.com/wp-content/uploads/sites/2/2023/07/malwarebytes-state-of-malware-report-2023.jpg

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.233 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

32a0ce8663059aa406b6a9e8d569b840ee324c6af0f97c57d98ec1a6b6286b01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:46 GMT
strict-transport-security: max-age=31536000
x-rq: hhn2 109 32 443
last-modified: Mon, 30 Oct 2023 19:40:32 GMT
server: nginx
etag: "0f1fd79d974f3f8c"
vary: Accept
x-cache: HIT
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 73655

GET
H2 200 4cc4cefdb9f9107d91a645730cdbccaf
secure.gravatar.com/avatar/ 94 KB
94 KB 74ms
19ms Image
image/png 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/4cc4cefdb9f9107d91a645730cdbccaf?s=300&d=identicon&r=g
Requested by: Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 910e6e44783c7b7ec445f7ac917d854886c31505e559826716476a43f2b1d83d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Wed, 29 Nov 2023 19:05:46 GMT
last-modified: Fri, 17 Mar 2017 08:22:46 GMT
server: nginx
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="4cc4cefdb9f9107d91a645730cdbccaf.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/4cc4cefdb9f9107d91a645730cdbccaf?s=300&d=identicon&r=g>; rel="canonical"
content-length: 95967
alt-svc: h3=":443"; ma=86400
expires: Wed, 29 Nov 2023 19:10:46 GMT

GET
H2 200 twitter-blue.svg
www.malwarebytes.com/wp-content/themes/malwarebytes/assets/src/images/ 2 KB
1 KB 36ms
36ms Image
image/svg+xml 192.0.66.233
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.malwarebytes.com/wp-content/themes/malwarebytes/assets/src/images/twitter-blue.svg

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.233 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d88920a91ebe2c0f910ca4d2f87bcca3f24d55194fb8168816afbd4393cd42b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Fri, 06 Oct 2023 14:35:10 GMT
server: nginx
x-rq: hhn2 96 185 443
etag: W/"65201b1e-675"
vary: Accept-Encoding
x-cache: HIT
content-type: image/svg+xml
cache-control: max-age=31536000

GET
H/1.1 200
OK embed.js Show response
malwarebytesunpacked.disqus.com/ 78 KB
25 KB 298ms
187ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://malwarebytesunpacked.disqus.com/embed.js

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

a840e4805c60dac92454db36000f80d3e60a6795b2422f42682bad7eccbe99fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 19:05:46 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=300; includeSubdomains
Server: openresty
Age: 0
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 25553

GET
H2 200 footer-globe.svg
www.malwarebytes.com/wp-content/themes/malwarebytes/assets/src/images/ 4 KB
2 KB 35ms
34ms Image
image/svg+xml 192.0.66.233
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.malwarebytes.com/wp-content/themes/malwarebytes/assets/src/images/footer-globe.svg

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.233 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

17844b6e32a1300ba44a13e98c650fe16e4759364491b8161510e28aa648e79e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 24 Aug 2023 13:07:30 GMT
server: nginx
x-rq: hhn2 96 185 443
etag: W/"64e75612-103f"
vary: Accept-Encoding
x-cache: HIT
content-type: image/svg+xml
cache-control: max-age=31536000

GET
H/1.1 200
OK count.js Show response
malwarebytesunpacked.disqus.com/ 1 KB
2 KB 145ms
35ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://malwarebytesunpacked.disqus.com/count.js

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 19:05:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=300; includeSubdomains
X-Amz-Cf-Pop: DFW3-C1
Age: 178
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 871
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 27 Nov 2023 21:05:08 GMT
Server: nginx
ETag: "65650484-367"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=300
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
X-Amz-Cf-Id: SKO7WjW-c2ImRE78J6OqXFoLsb4BOlg9mxYR7SF8OYVNPCubzCxr4g==

GET
H2 200 jquery.min.js Show response
www.malwarebytes.com/wp-includes/js/jquery/ 85 KB
30 KB 33ms
33ms Script
application/javascript 192.0.66.233
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/wp-includes/js/jquery/jquery.min.js?ver=1.0

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.233 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Tue, 07 Nov 2023 23:27:25 GMT
server: nginx
x-rq: hhn2 96 185 443
etag: W/"654ac7dd-155ba"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
cache-control: max-age=31536000

GET
H2 200 / Show response
www.malwarebytes.com/_static/ 41 KB
12 KB 31ms
30ms Script
application/javascript 192.0.66.233
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/_static/??-eJydyz0OwjAMQOELkVrQqlIHxFnyYyBR7ITYVdTbk4GRATE+PX3Qq/GFFVmh5v0RWeC1O8wHWBFUgSTgC1FhI77FqhNFnpKc4BcZx2/Wayz8zekTCQXI5m4bukNHfLDbYw7j/IHuDdGE0jkXG4a+0fW8btuyzOt8SW/0IFrM

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.233 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

587e48765de56dec92619a63016a586ef631955d11f96bef9caf33a8262d7742

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 08 Nov 2023 11:40:32 GMT
server: nginx
x-rq: hhn2 96 185 443
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
cache-control: max-age=31536000

GET
H2 200 e-202348.js Show response
stats.wp.com/ 7 KB
3 KB 71ms
20ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202348.js
Requested by: Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn
date: Wed, 29 Nov 2023 19:05:46 GMT
content-encoding: br
server: nginx
x-minify: t
etag: W/13576-1684464982353.1523
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Mon, 25 Nov 2024 07:07:17 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 63ccbd40f783b34fe6bc9ef9e971de08e32012b91ee81dd54b325ecf527c1dac

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 tag-1721f91bed6210a5fc1087dc4142c4dd.js Show response
dev.visualwebsiteoptimizer.com/web/djIkYTo0LjA6bm9qcXVlcnksdHI6Ny4w/ 128 KB
32 KB 27ms
26ms Script
text/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/web/djIkYTo0LjA6bm9qcXVlcnksdHI6Ny4w/tag-1721f91bed6210a5fc1087dc4142c4dd.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-911a186936688a9a7988702d00192dd7.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: f59fbc97917b4f1c275b97fbf3802fba4b5ed9c68900a0e19311506c35d455ca

Request headers

Referer: https://www.malwarebytes.com/
Origin: https://www.malwarebytes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:45 GMT
content-encoding: br
via: 1.1 google
last-modified: Wed, 29 Nov 2023 12:07:10 GMT
server: gfra1
etag: "6567296e-80b9"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32953

GET
H2 200 Graphik-Light.8512717f.woff2
www.malwarebytes.com/wp-content/themes/malwarebytes/assets/build/fonts/ 41 KB
41 KB 22ms
22ms Font
application/font-woff2 192.0.66.233
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.malwarebytes.com/wp-content/themes/malwarebytes/assets/build/fonts/Graphik-Light.8512717f.woff2

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.233 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

039bb21133a0657e78917ed224bc151347123282bbd3bf1e0c5da81bccb93da6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware
Origin: https://www.malwarebytes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:46 GMT
strict-transport-security: max-age=31536000
x-rq: hhn2 96 185 443
last-modified: Thu, 24 Aug 2023 13:07:30 GMT
server: nginx
etag: "64e75612-a410"
x-cache: HIT
content-type: application/font-woff2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 42000

GET
H3 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 10 KB
2 KB 25ms
25ms Script
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=622914&settings_type=1&vn=7.0&exc=1|48|3|4|161
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-911a186936688a9a7988702d00192dd7.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: d842cb49abd1b555919d1cd61ef9e1f4764913c725fce00bbea28223062051cb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:45 GMT
content-encoding: gzip
via: 1.1 google
server: gfra1
etag: W/"1701281604"
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H2 202 event Show response
plausible.io/api/ 2 B
501 B 94ms
29ms XHR
text/plain 2400:52e0:1e00::1080:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://plausible.io/api/event
Requested by: Host: plausible.io
URL: https://plausible.io/js/script.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1080 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.malwarebytes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 29 Nov 2023 19:05:46 GMT
cdn-edgestorageid: 1080
cdn-cachedat: 11/29/2023 19:05:46
cdn-pullzone: 682664
application: 10.0.1.5
alt-svc: h3=":443"; ma=2592000
content-length: 2
x-request-id: F5wtdobsJ98GzEokaumG
server: BunnyCDN-DE1-1080
cdn-proxyver: 1.04
cdn-requestpullcode: 202
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cache-control: must-revalidate, max-age=0, private
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
cdn-requestid: 47555ee560282b9f241013a79385491d
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H3 200 worker-70faafffa0475802f5ee03ca5ff74179.js Show response
dev.visualwebsiteoptimizer.com/analysis/ 47 KB
13 KB 27ms
26ms XHR
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/analysis/worker-70faafffa0475802f5ee03ca5ff74179.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/web/djIkdGU6Ny4wOmFzeW5jJWdxdWVyeQ==/tag-911a186936688a9a7988702d00192dd7.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: e916478d94814b1a0c2680424c323db0514f4a022d16835cd7bcc754722308f4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:46 GMT
content-encoding: br
via: 1.1 google
last-modified: Wed, 29 Nov 2023 12:07:09 GMT
server: gfra1
etag: "6567296d-351f"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13599

GET
H2 200 locate Show response
genesis.malwarebytes.com/api/v1/ 410 B
592 B 379ms
125ms XHR
application/json 54.156.200.125
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://genesis.malwarebytes.com/api/v1/locate
Requested by: Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/_static/??-eJydyz0OwjAMQOELkVrQqlIHxFnyYyBR7ITYVdTbk4GRATE+PX3Qq/GFFVmh5v0RWeC1O8wHWBFUgSTgC1FhI77FqhNFnpKc4BcZx2/Wayz8zekTCQXI5m4bukNHfLDbYw7j/IHuDdGE0jkXG4a+0fW8btuyzOt8SW/0IFrM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.156.200.125 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-200-125.compute-1.amazonaws.com
Software: /
Resource Hash: 404a1d3b80cd4177f5c7e50c6215bfcfee093a9e6f65e149e937969ff5f087cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-origin: https://www.malwarebytes.com
date: Wed, 29 Nov 2023 19:05:46 GMT
content-length: 410
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json

GET
H2 200 g.gif
pixel.wp.com/ 50 B
153 B 27ms
22ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=220440156&post=72694&tz=-8&srv=www.malwarebytes.com&hp=vip&j=1%3A12.8.1&host=www.malwarebytes.com&ref=&fcp=695&rand=0.8727890608460307
Requested by: Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 29 Nov 2023 19:05:46 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 82ms
35ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ea1823078c462969eaa59d6ef62623c19d77b72e25a103105b043aefaa0769a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 29 Nov 2023 19:05:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: /EzX6ku1+i8ak28m1WuIrw==
age: 50273
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6841
x-ms-lease-status: unlocked
last-modified: Tue, 28 Nov 2023 21:09:31 GMT
server: cloudflare
etag: 0x8DBF056506E72C6
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f616978d-a01e-0044-7768-22b3bc000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 82dd1fc31d5a1b36-FRA

GET
H/1.1 200
OK count-data.js Show response
malwarebytesunpacked.disqus.com/ 350 B
932 B 132ms
132ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://malwarebytesunpacked.disqus.com/count-data.js?1=97612&1=98796&1=98808&1=98840&1=99186

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/count.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

0bfcb79143e1f95e0d1b14940dd35fdfc2072e55e96789cbe5db732bce05af61

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 19:05:46 GMT
Strict-Transport-Security: max-age=300; includeSubdomains
X-Content-Type-Options: nosniff
Server: nginx
Age: 13
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, max-age=600
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 350
X-XSS-Protection: 1; mode=block

GET
H2 200 82971089-2677-4e1e-8fab-44444f76330b.json Show response
cdn.cookielaw.org/consent/82971089-2677-4e1e-8fab-44444f76330b/ 6 KB
2 KB 91ms
50ms XHR
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/82971089-2677-4e1e-8fab-44444f76330b/82971089-2677-4e1e-8fab-44444f76330b.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

163844c1004fe7f16a32cabbf1fa485c127c185fce968f992cba0baae232eac4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 29 Nov 2023 19:05:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 83261
content-md5: I4eep5WavqwFVcaJf34d6g==
content-length: 1947
x-ms-lease-status: unlocked
last-modified: Tue, 14 Nov 2023 18:51:59 GMT
server: cloudflare
etag: 0x8DBE542C8198A76
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 40340ffa-701e-008c-2f2b-17518d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 82dd1fc39f41365b-FRA
expires: Thu, 30 Nov 2023 19:05:46 GMT

GET
H/1.1 200
OK / Show response
disqus.com/embed/comments/ Frame D501 7 KB
4 KB 229ms
150ms Document
text/html 151.101.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=260825&t_u=https%3A%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2023%2F03%2Fwarning-issued-over-royal-ransomware&t_d=Warning%20issued%20over%20Royal%20ransomware&t_t=Warning%20issued%20over%20Royal%20ransomware&s_o=default

Requested by

Host: malwarebytesunpacked.disqus.com
URL: https://malwarebytesunpacked.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

8346a3389fc57b0f1704c8de11a6a0aa179e946d44022ae8b686cbabc7de4139

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.malwarebytes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Age: 0
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 2947
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Content-Type: text/html; charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 29 Nov 2023 19:05:47 GMT
ETag: W/"lounge:view:9607350965.0aceae4c834db437dd74d5b254a65c15.2"
Last-Modified: Wed, 19 Jul 2023 18:40:30 GMT
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Referrer-Policy: no-referrer-when-downgrade
Server: nginx
Strict-Transport-Security: max-age=300; includeSubdomains
Timing-Allow-Origin: *
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 59 B
304 B 88ms
42ms XHR
application/json 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.malwarebytes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 19:05:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 82dd1fc438d43659-FRA
access-control-allow-headers: Content-Type

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202212.1.0/ 392 KB
94 KB 33ms
33ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202212.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

063a721d5e221c66b0b3b52b66fd39f634d49e9aa16827ac5281666257d84e92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 29 Nov 2023 19:05:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: fVkC4hw/1GZwVOLkH8kBAQ==
age: 46914
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 95639
x-ms-lease-status: unlocked
last-modified: Mon, 13 Feb 2023 03:39:55 GMT
server: cloudflare
etag: 0x8DB0D73F93A8C75
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 7a340feb-e01e-00a1-027c-ebe2fe000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 82dd1fc47f561b36-FRA

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/82971089-2677-4e1e-8fab-44444f76330b/d6fb4b74-ed96-4d02-8ff1-69e7c0b82a9a/ 117 KB
24 KB 42ms
42ms Fetch
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/82971089-2677-4e1e-8fab-44444f76330b/d6fb4b74-ed96-4d02-8ff1-69e7c0b82a9a/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202212.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04cde96c06c1031c6552a6251fccd5edea82f47d79b1b6c0eb968b9808d4f614

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 29 Nov 2023 19:05:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 79031
content-md5: XzR/cEW8sxMM5q5LdGTu5g==
content-length: 24359
x-ms-lease-status: unlocked
last-modified: Tue, 14 Nov 2023 18:52:18 GMT
server: cloudflare
etag: 0x8DBE542D39B1A22
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: f27a52e8-401e-003e-362b-17aefc000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 82dd1fc4e8e3365b-FRA
expires: Thu, 30 Nov 2023 19:05:47 GMT

GET
H2 200 lounge.load.d5a9ab71279657946012542f2a6e0739.js Show response
c.disquscdn.com/next/embed/ Frame D501 1 KB
1 KB 108ms
26ms Script
application/javascript 2600:9000:20b4:b400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.load.d5a9ab71279657946012542f2a6e0739.js

Requested by

Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=260825&t_u=https%3A%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2023%2F03%2Fwarning-issued-over-royal-ransomware&t_d=Warning%20issued%20over%20Royal%20ransomware&t_t=Warning%20issued%20over%20Royal%20ransomware&s_o=default

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20b4:b400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

067ccfafd01d55d3d5ac7d4627ba42f66377457d6ac5732c860d4915b67e6d01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=260825&t_u=https%3A%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2023%2F03%2Fwarning-issued-over-royal-ransomware&t_d=Warning%20issued%20over%20Royal%20ransomware&t_t=Warning%20issued%20over%20Royal%20ransomware&s_o=default
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-cache-hits: 0
date: Tue, 28 Nov 2023 17:51:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 12d69f39c905d1c9441d392eddc25066.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P4
age: 90860
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 630
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 28 Nov 2023 15:53:32 GMT
server: nginx
etag: "65660cfc-276"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: ResvfHKbuIc81W38C-fK44Wb8g-992U_C8jlvkFb1Vgs7tgRu_gygA==
expires: Wed, 27 Nov 2024 17:51:27 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202212.1.0/assets/ 13 KB
3 KB 34ms
34ms Fetch
application/json 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202212.1.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202212.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 29 Nov 2023 19:05:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: zqQbOscO3o5SqFKuQoJ/AA==
age: 43707
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3020
x-ms-lease-status: unlocked
last-modified: Mon, 13 Feb 2023 03:39:48 GMT
server: cloudflare
etag: 0x8DB0D73F514CE73
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 4f59c29b-c01e-007d-0b5e-1448a0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 82dd1fc53954365b-FRA

GET
H2 200 otPcPanel.json Show response
cdn.cookielaw.org/scripttemplates/202212.1.0/assets/v2/ 63 KB
12 KB 32ms
32ms Fetch
application/json 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202212.1.0/assets/v2/otPcPanel.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202212.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e4619d147c3c6754720be1bad7c97cf6b3f9d696fbac16d97f1a9effe40e9dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 29 Nov 2023 19:05:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: /zl861paWmceWHf3SA8vbQ==
age: 55361
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12601
x-ms-lease-status: unlocked
last-modified: Mon, 13 Feb 2023 03:39:51 GMT
server: cloudflare
etag: 0x8DB0D73F67D0625
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: bcc062a7-c01e-001f-3486-0e8a87000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 82dd1fc53957365b-FRA

GET
H2 200 otCookieSettingsButton.json Show response
cdn.cookielaw.org/scripttemplates/202212.1.0/assets/ 5 KB
2 KB 31ms
31ms Fetch
application/json 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202212.1.0/assets/otCookieSettingsButton.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202212.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 29 Nov 2023 19:05:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 7h2gubMR6XYxX8+GVPe5nw==
age: 43594
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1767
x-ms-lease-status: unlocked
last-modified: Mon, 13 Feb 2023 03:39:50 GMT
server: cloudflare
etag: 0x8DB0D73F6218550
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 178d5ef0-401e-0073-7d0c-156110000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 82dd1fc53958365b-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202212.1.0/assets/ 21 KB
4 KB 37ms
36ms Fetch
text/css 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202212.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202212.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 29 Nov 2023 19:05:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
age: 54133
x-ms-lease-status: unlocked
last-modified: Mon, 13 Feb 2023 03:39:59 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 44bb2935-601e-004b-69c3-13c5d0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 82dd1fc5395c365b-FRA

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
623 B 37ms
37ms Image
image/svg+xml 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 29 Nov 2023 19:05:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 50708
x-ms-lease-status: unlocked
last-modified: Wed, 29 Nov 2023 03:58:05 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 4c7243a4-801e-0098-5580-2219e2000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 82dd1fc588801b36-FRA

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
514 B 33ms
32ms Fetch
image/svg+xml 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202212.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 29 Nov 2023 19:05:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 42743
x-ms-lease-status: unlocked
last-modified: Wed, 29 Nov 2023 03:58:04 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 8a1b1aa1-001e-0000-3180-223983000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 82dd1fc59a31365b-FRA

GET
H2 200 MWB_logo_horizontal_RGB.png
cdn.cookielaw.org/logos/4e1c8bc8-2743-413b-8699-aad2216e8616/3be7f101-47f0-48ab-ae22-e34efabb8a62/9b43fe5c-b22b-40eb-9d38-57e36d038e98/ 46 KB
46 KB 33ms
32ms Image
image/png 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/4e1c8bc8-2743-413b-8699-aad2216e8616/3be7f101-47f0-48ab-ae22-e34efabb8a62/9b43fe5c-b22b-40eb-9d38-57e36d038e98/MWB_logo_horizontal_RGB.png

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fdf7a139210ad25e0576a0721d45086e047dee38f88ba2995ce745643212c532

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 29 Nov 2023 19:05:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: g65E4kh32bbdSPqSevAl8Q==
age: 40494
content-length: 47111
x-ms-lease-status: unlocked
last-modified: Fri, 03 Jun 2022 20:09:47 GMT
server: cloudflare
etag: 0x8DA459D0252D23C
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: ef9676d9-a01e-0036-2ff5-11b4f3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 82dd1fc5a8b91b36-FRA

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 36ms
36ms Image
image/svg+xml 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Host: www.malwarebytes.com
URL: https://www.malwarebytes.com/blog/news/2023/03/warning-issued-over-royal-ransomware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.malwarebytes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 29 Nov 2023 19:05:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 84243
x-ms-lease-status: unlocked
last-modified: Tue, 28 Nov 2023 03:33:54 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: c942158c-b01e-003a-13ae-2123fb000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 82dd1fc5a8ba1b36-FRA

GET
H2 200 common.bundle.dee2b49ee90353edb3719f48d95284cd.js Show response
c.disquscdn.com/next/embed/ Frame D501 280 KB
93 KB 81ms
29ms Script
application/javascript 2600:9000:20b4:b400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.dee2b49ee90353edb3719f48d95284cd.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.d5a9ab71279657946012542f2a6e0739.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20b4:b400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

560a509130735e0826b11e67847715f03148528dc363c5dfb59a0abfeef03f05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=260825&t_u=https%3A%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2023%2F03%2Fwarning-issued-over-royal-ransomware&t_d=Warning%20issued%20over%20Royal%20ransomware&t_t=Warning%20issued%20over%20Royal%20ransomware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-cache-hits: 0
date: Tue, 28 Nov 2023 17:51:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 7785d4956cb908a17db2e556c11a4ea4.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P4
age: 90859
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94199
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 28 Nov 2023 15:53:32 GMT
server: nginx
etag: "65660cfc-16ff7"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: K0kLm2d5j8ATjVH2-6gTseSgAlCE_4LRzAyFIbmiG2xeAQf_P0O8HQ==
expires: Wed, 27 Nov 2024 17:51:28 GMT

GET
H2 200 lounge.dbc47866f009f9d6f1556cd58214d9a3.css
c.disquscdn.com/next/embed/styles/ Frame D501 233 KB
33 KB 27ms
27ms Stylesheet
text/css 2600:9000:20b4:b400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.dee2b49ee90353edb3719f48d95284cd.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20b4:b400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

61779c74768b5eb298860ceb7d7cf06f2b228fdc53df72b530490a792a5b8a59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=260825&t_u=https%3A%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2023%2F03%2Fwarning-issued-over-royal-ransomware&t_d=Warning%20issued%20over%20Royal%20ransomware&t_t=Warning%20issued%20over%20Royal%20ransomware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-cache-hits: 0
date: Sat, 22 Jul 2023 16:09:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 7785d4956cb908a17db2e556c11a4ea4.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P4
age: 11242595
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 33282
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Wed, 12 Jul 2023 14:04:56 GMT
server: nginx
etag: "64aeb308-8202"
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: M6C_SmjS6r9iaH2C9UxiuJNHkElOXhqnOV5rR4kzg33i5xlKx9CFcw==
expires: Sun, 21 Jul 2024 16:09:12 GMT

GET
H2 200 lounge.bundle.914359974b527f0f97c1fcffe6572f2f.js Show response
c.disquscdn.com/next/embed/ Frame D501 513 KB
129 KB 29ms
29ms Script
application/javascript 2600:9000:20b4:b400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.914359974b527f0f97c1fcffe6572f2f.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.dee2b49ee90353edb3719f48d95284cd.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20b4:b400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

2b7331e32e23eebe9dd30f184d2f2a4174ac4fbe0bd2e19b0e5b39b46d335f83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=260825&t_u=https%3A%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2023%2F03%2Fwarning-issued-over-royal-ransomware&t_d=Warning%20issued%20over%20Royal%20ransomware&t_t=Warning%20issued%20over%20Royal%20ransomware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-cache-hits: 0
date: Wed, 15 Nov 2023 20:42:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 7785d4956cb908a17db2e556c11a4ea4.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P4
age: 1203780
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 131026
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Wed, 15 Nov 2023 20:36:05 GMT
server: nginx
etag: "65552bb5-1ffd2"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
timing-allow-origin: *
x-amz-cf-id: au4N7UJY_Iwe5o3T0FiO75ufHpUmfwlVKmwJ5J2NPQihKhhdrwT82w==
expires: Thu, 14 Nov 2024 20:42:47 GMT

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ Frame D501 19 KB
19 KB 35ms
35ms Script
application/javascript 151.101.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.dee2b49ee90353edb3719f48d95284cd.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e62400180b207253a19909f3a66dad18d203a7f9df527d05a15e9570426695a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=260825&t_u=https%3A%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2023%2F03%2Fwarning-issued-over-royal-ransomware&t_d=Warning%20issued%20over%20Royal%20ransomware&t_t=Warning%20issued%20over%20Royal%20ransomware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 19:05:47 GMT
Strict-Transport-Security: max-age=300; includeSubdomains
X-Content-Type-Options: nosniff
Server: nginx
Age: 34
X-Frame-Options: SAMEORIGIN
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 19210
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK details Show response
disqus.com/api/3.0/forums/ Frame D501 3 KB
4 KB 135ms
135ms XHR
application/json 151.101.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/forums/details?forum=malwarebytesunpacked&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.dee2b49ee90353edb3719f48d95284cd.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

4ebcb7187dfbf7b7535c28f7140128dbcda2c16a6ca4ad29a121ea330a325de1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=260825&t_u=https%3A%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2023%2F03%2Fwarning-issued-over-royal-ransomware&t_d=Warning%20issued%20over%20Royal%20ransomware&t_t=Warning%20issued%20over%20Royal%20ransomware&s_o=default
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 19:05:47 GMT
Strict-Transport-Security: max-age=300; includeSubdomains
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Vary: Origin, Cookie
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: application/json
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 3269
X-XSS-Protection: 1; mode=block

GET
H2 200 css2
fonts.googleapis.com/ Frame D501 11 KB
1 KB 78ms
28ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4dbc45bd7ed8caf2aeeae8de34e519d874987d5285c79b5b4a93a1d670a929c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=260825&t_u=https%3A%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2023%2F03%2Fwarning-issued-over-royal-ransomware&t_d=Warning%20issued%20over%20Royal%20ransomware&t_t=Warning%20issued%20over%20Royal%20ransomware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 29 Nov 2023 19:05:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 29 Nov 2023 18:24:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Nov 2023 19:05:47 GMT

GET
H/1.1 200
OK loadReactions Show response
disqus.com/api/3.0/threadReactions/ Frame D501 1 KB
2 KB 220ms
146ms XHR
application/json 151.101.192.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/threadReactions/loadReactions?thread=9607350965&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.dee2b49ee90353edb3719f48d95284cd.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

4056636d6da7bec1c88a63236386a851be34f11c121b0e8cf09e90f06e91ddfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=260825&t_u=https%3A%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2023%2F03%2Fwarning-issued-over-royal-ransomware&t_d=Warning%20issued%20over%20Royal%20ransomware&t_t=Warning%20issued%20over%20Royal%20ransomware&s_o=default
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 19:05:47 GMT
Strict-Transport-Security: max-age=300; includeSubdomains
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Vary: Origin, Cookie
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: application/json
Cache-Control: stale-while-revalidate=30, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 1125
X-XSS-Protection: 1; mode=block

GET
H2 200 loader.ba7c86e8b4b6135bb668d05223f8f127.gif
c.disquscdn.com/next/embed/assets/img/ Frame D501 3 KB
3 KB 27ms
26ms Image
image/gif 2600:9000:20b4:b400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20b4:b400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-cache-hits: 0
date: Sun, 20 Aug 2023 12:05:10 GMT
via: 1.1 7785d4956cb908a17db2e556c11a4ea4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: AMS58-P4
age: 8751637
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 2971
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Wed, 02 Aug 2023 23:18:56 GMT
server: nginx
etag: "64cae460-b9b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: ouGQa85MME_-PuRKcptw8nlr2qg2iNKKzxSGshh3-9D42M61pSbzvQ==
expires: Mon, 19 Aug 2024 12:05:10 GMT

GET
H2 200 email.727e30eb9b6c1e85cb010b9c8eb04c7e.svg
c.disquscdn.com/next/embed/assets/img/ Frame D501 840 B
1 KB 28ms
27ms Image
image/svg+xml 2600:9000:20b4:b400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/email.727e30eb9b6c1e85cb010b9c8eb04c7e.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20b4:b400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

0589c5845288117448d7aa710af60618b151d78efd1a2653f89a0b57f7eb3de8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-cache-hits: 0
date: Tue, 18 Jul 2023 06:46:45 GMT
via: 1.1 7785d4956cb908a17db2e556c11a4ea4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: AMS58-P4
age: 11621942
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 840
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Wed, 12 Jul 2023 14:04:56 GMT
server: nginx
etag: "64aeb308-348"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 7PpiNu40Pt__se686W9JuZJMFwz0sjrAuZLIvFS6rGW8udO62ZMCMQ==
expires: Wed, 17 Jul 2024 06:46:45 GMT

GET
H2 200 privacy.8c96be6b50de1c3fab838c5f050e0be5.svg
c.disquscdn.com/next/embed/assets/img/ Frame D501 891 B
1 KB 29ms
28ms Image
image/svg+xml 2600:9000:20b4:b400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/privacy.8c96be6b50de1c3fab838c5f050e0be5.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20b4:b400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

068753b8f09b32ad8a3283199c7252090d0076a56924df724dda72828ae31b95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-cache-hits: 0
date: Wed, 26 Jul 2023 18:48:11 GMT
via: 1.1 7785d4956cb908a17db2e556c11a4ea4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: AMS58-P4
age: 10887456
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 891
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Wed, 26 Jul 2023 16:31:55 GMT
server: nginx
etag: "64c14a7b-37b"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: UEZ7huKJaz2C0A5VqiFTq2uOl3XzYgR04NzOpWq1Phsvq8FQQRegTw==
expires: Thu, 25 Jul 2024 18:48:11 GMT

GET
H2 200 warning.3bc0b4bff6c268a4ceaf404014b9be42.svg
c.disquscdn.com/next/embed/assets/img/ Frame D501 605 B
1 KB 30ms
29ms Image
image/svg+xml 2600:9000:20b4:b400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/warning.3bc0b4bff6c268a4ceaf404014b9be42.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20b4:b400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

a657bedd3bc0c106f7cfa5fe6556a0b7e175870d33bd7da9ef67ffcffbafda69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-cache-hits: 0
date: Sat, 19 Aug 2023 03:55:20 GMT
via: 1.1 7785d4956cb908a17db2e556c11a4ea4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: AMS58-P4
age: 8867427
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 605
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Wed, 02 Aug 2023 23:18:56 GMT
server: nginx
etag: "64cae460-25d"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: cVS0bWlXN9EBjS-pVfImrCzqW5l_e0_ypINKQpgKbuNuMVXCGNkl-Q==
expires: Sun, 18 Aug 2024 03:55:20 GMT

GET
H2 200 sprite.ad630a07080a45451f139a7487853ff8.png
c.disquscdn.com/next/embed/assets/img/ Frame D501 2 KB
2 KB 31ms
30ms Image
image/png 2600:9000:20b4:b400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/sprite.ad630a07080a45451f139a7487853ff8.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20b4:b400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-cache-hits: 0
date: Mon, 24 Jul 2023 12:53:27 GMT
via: 1.1 7785d4956cb908a17db2e556c11a4ea4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: AMS58-P4
age: 11081540
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 1763
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Wed, 12 Jul 2023 14:04:56 GMT
server: nginx
etag: "64aeb308-6e3"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 0NZOU9rD2eKMRhWH9iphBlFiIToArkkJbbKHxHtjIZmcf7-Ce3T-sg==
expires: Tue, 23 Jul 2024 12:53:27 GMT

GET
H2 200 icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
c.disquscdn.com/next/embed/assets/font/ Frame D501 8 KB
8 KB 32ms
31ms Font
application/octet-stream 2600:9000:20b4:b400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/assets/font/icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20b4:b400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-cache-hits: 0
date: Sat, 22 Jul 2023 02:00:22 GMT
via: 1.1 12d69f39c905d1c9441d392eddc25066.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: AMS58-P4
age: 11293525
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 7900
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Wed, 12 Jul 2023 14:04:56 GMT
server: nginx
etag: "64aeb308-1edc"
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: LST3k8llg09pDN99EWqq3dI-wQW7PyYqb4wej2JVAxnon5-ZrpD6tQ==
expires: Sun, 21 Jul 2024 02:00:22 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame D501 15 KB
16 KB 69ms
19ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 16:39:21 GMT
x-content-type-options: nosniff
age: 440786
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 16:39:21 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame D501 15 KB
15 KB 74ms
25ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 13:37:09 GMT
x-content-type-options: nosniff
age: 365318
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 13:37:09 GMT

GET
H2 200 KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2
fonts.gstatic.com/s/roboto/v30/ Frame D501 17 KB
17 KB 88ms
41ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6be97ca17228a69c406231d89c003194c3dfba7401eaa9fe9e9ed0ef1c18dc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://disqus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 09:21:37 GMT
x-content-type-options: nosniff
age: 380650
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17032
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 09:21:37 GMT

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ Frame D501 43 B
339 B 206ms
132ms Image
image/gif 199.232.192.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&load_time=200&event=init_embed&thread=9607350965&forum=malwarebytesunpacked&forum_id=3107640&imp=14rem7i2k6h5hj&thread_slug=warning_issued_over_royal_ransomware&user_type=anon&referrer=https%3A%2F%2Fwww.malwarebytes.com%2F&theme=next&dnt=0&tracking_enabled=0&experiment=prebidbidisrequired_hidden&variant=active&service=dynamic&promoted_enabled=false&max_enabled=false

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.192.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=260825&t_u=https%3A%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2023%2F03%2Fwarning-issued-over-royal-ransomware&t_d=Warning%20issued%20over%20Royal%20ransomware&t_t=Warning%20issued%20over%20Royal%20ransomware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 19:05:47 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H2 200 upvote-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame D501 8 KB
8 KB 26ms
25ms Image
image/png 2600:9000:20b4:b400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/upvote-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20b4:b400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ddc6aec4144b67f0a2a12d687f3c4b8a9faf7c445847d0e25dcb5bd1a9ba9018

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=260825&t_u=https%3A%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2023%2F03%2Fwarning-issued-over-royal-ransomware&t_d=Warning%20issued%20over%20Royal%20ransomware&t_t=Warning%20issued%20over%20Royal%20ransomware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-cache-hits: 0
date: Wed, 29 Nov 2023 19:04:54 GMT
via: 1.1 7785d4956cb908a17db2e556c11a4ea4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: AMS58-P4
age: 53
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8170
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Tue, 28 Nov 2023 15:53:32 GMT
server: nginx
etag: "65660cfc-1fea"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300, public
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 7ONoVYD5PrVs2oFxLqdoSj2NbgLKTlRCsaoy8Y-lCl68yWzHzpZCWw==
expires: Wed, 29 Nov 2023 19:09:54 GMT

GET
H2 200 funny-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame D501 9 KB
9 KB 27ms
26ms Image
image/png 2600:9000:20b4:b400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/funny-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20b4:b400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

20a91bd509668238b6af8e16475c5e2611bcd2861d0eec2e0d4f6815e81449bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=260825&t_u=https%3A%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2023%2F03%2Fwarning-issued-over-royal-ransomware&t_d=Warning%20issued%20over%20Royal%20ransomware&t_t=Warning%20issued%20over%20Royal%20ransomware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-cache-hits: 0
date: Wed, 29 Nov 2023 19:02:37 GMT
via: 1.1 7785d4956cb908a17db2e556c11a4ea4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: AMS58-P4
age: 191
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8883
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Tue, 28 Nov 2023 15:53:32 GMT
server: nginx
etag: "65660cfc-22b3"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300, public
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: XhJ6UcuzjhIOnFpsE1aPMIjktlheDcOUJidDiEgdYDBY3y0Ic9UQLA==
expires: Wed, 29 Nov 2023 19:07:36 GMT

GET
H2 200 love-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame D501 12 KB
12 KB 28ms
27ms Image
image/png 2600:9000:20b4:b400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/love-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20b4:b400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e422b07ca1550e55cd90a518e910fd3cfb4d9337ea6092357f9761aa77ac9e33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=260825&t_u=https%3A%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2023%2F03%2Fwarning-issued-over-royal-ransomware&t_d=Warning%20issued%20over%20Royal%20ransomware&t_t=Warning%20issued%20over%20Royal%20ransomware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-cache-hits: 0
date: Wed, 29 Nov 2023 19:04:20 GMT
via: 1.1 7785d4956cb908a17db2e556c11a4ea4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: AMS58-P4
age: 87
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 11910
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Tue, 28 Nov 2023 15:53:32 GMT
server: nginx
etag: "65660cfc-2e86"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300, public
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: EHlYYcAjMict_mPWaK6TIJ5hV-SPIJ8P9eBGEexreyPYOmeoIpPlTg==
expires: Wed, 29 Nov 2023 19:09:20 GMT

GET
H2 200 angry-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame D501 20 KB
21 KB 29ms
28ms Image
image/png 2600:9000:20b4:b400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/angry-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20b4:b400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

db865c8f3642f3485829c0ee0008fe04a32cc66af70867b39f60395a7fed3984

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=260825&t_u=https%3A%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2023%2F03%2Fwarning-issued-over-royal-ransomware&t_d=Warning%20issued%20over%20Royal%20ransomware&t_t=Warning%20issued%20over%20Royal%20ransomware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-cache-hits: 0
date: Wed, 29 Nov 2023 19:02:42 GMT
via: 1.1 7785d4956cb908a17db2e556c11a4ea4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: AMS58-P4
age: 185
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 20675
x-xss-protection: 1; mode=block
x-served-by: static-web-1
last-modified: Tue, 28 Nov 2023 15:53:32 GMT
server: nginx
etag: "65660cfc-50c3"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300, public
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: vH4jV2oX_l-qIjaXZkSPM_83BoKmMkQUnlhmqyi6rwvqvkKhjlR-nQ==
expires: Wed, 29 Nov 2023 19:07:42 GMT

GET
H2 200 sad-512x512.png
c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/ Frame D501 9 KB
9 KB 29ms
29ms Image
image/png 2600:9000:20b4:b400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/current/publisher-admin/assets/img/emoji/sad-512x512.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20b4:b400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

11c401a81e32b086bea3798c033009907b429fb601411da6ffc266b78184898a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=malwarebytesunpacked&t_i=260825&t_u=https%3A%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2023%2F03%2Fwarning-issued-over-royal-ransomware&t_d=Warning%20issued%20over%20Royal%20ransomware&t_t=Warning%20issued%20over%20Royal%20ransomware&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-cache-hits: 0
date: Wed, 29 Nov 2023 19:01:42 GMT
via: 1.1 7785d4956cb908a17db2e556c11a4ea4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: AMS58-P4
age: 245
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8986
x-xss-protection: 1; mode=block
x-served-by: static-web-2
last-modified: Tue, 28 Nov 2023 15:53:32 GMT
server: nginx
etag: "65660cfc-231a"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=300, public
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: sakr_DNy2WCvyw-E7mm__mG9-XVITAtNF0OVfTG_wrUUB-_x1BWewQ==
expires: Wed, 29 Nov 2023 19:06:42 GMT

Verdicts & Comments Add Verdict or Comment

112 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.malwarebytes.com/	1970-01-21 01:21:47	Name: _vwo_uuid_v2 Value: D77A491202ECED84C99BD7ED3125A1E85\|2ab6ff293ab3c1de00d21be86d1d21c7
.malwarebytes.com/	1970-01-20 18:58:44	Name: _vis_opt_s Value: 1%7C
.malwarebytes.com/	1969-12-31 23:59:59	Name: _vis_opt_test_cookie Value: 1
.malwarebytes.com/	1970-01-21 02:10:44	Name: _vwo_uuid Value: D77A491202ECED84C99BD7ED3125A1E85
.malwarebytes.com/	1970-01-20 16:34:46	Name: _vwo_sn Value: 0%3A1
.malwarebytes.com/	1970-01-20 18:44:20	Name: _vwo_ds Value: 3%3Aa_0%2Ct_0%3A0%241701284745%3A86.02470373%3A%3A19_0%2C1_0%3A4_0%2C3_0%3A0
.malwarebytes.com/	1970-01-20 20:53:56	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Wed+Nov+29+2023+20%3A05%3A47+GMT%2B0100+(Central+European+Standard+Time)&version=202212.1.0&isIABGlobal=false&hosts=&consentId=e82fa0c2-8102-43a0-9d0d-e089d9266c62&interactionCount=0&landingPath=https%3A%2F%2Fwww.malwarebytes.com%2Fblog%2Fnews%2F2023%2F03%2Fwarning-issued-over-royal-ransomware&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.disquscdn.com
cdn.cookielaw.org
dev.visualwebsiteoptimizer.com
disqus.com
fonts.googleapis.com
fonts.gstatic.com
genesis.malwarebytes.com
geolocation.onetrust.com
malwarebytesunpacked.disqus.com
pixel.wp.com
plausible.io
referrer.disqus.com
secure.gravatar.com
stats.wp.com
www.googletagmanager.com
www.malwarebytes.com
151.101.192.134
192.0.66.233
192.0.76.3
199.232.192.134
199.232.196.134
2400:52e0:1e00::1080:1
2600:9000:20b4:b400:6:8656:f5c0:93a1
2606:4700:4400::6812:2089
2606:4700::6812:83ec
2a00:1450:4001:808::2008
2a00:1450:4001:813::2003
2a00:1450:4001:82a::200a
2a04:fa87:fffe::c000:4902
34.96.102.137
54.156.200.125
021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94
039bb21133a0657e78917ed224bc151347123282bbd3bf1e0c5da81bccb93da6
04cde96c06c1031c6552a6251fccd5edea82f47d79b1b6c0eb968b9808d4f614
0589c5845288117448d7aa710af60618b151d78efd1a2653f89a0b57f7eb3de8
063a721d5e221c66b0b3b52b66fd39f634d49e9aa16827ac5281666257d84e92
067ccfafd01d55d3d5ac7d4627ba42f66377457d6ac5732c860d4915b67e6d01
068753b8f09b32ad8a3283199c7252090d0076a56924df724dda72828ae31b95
0bfcb79143e1f95e0d1b14940dd35fdfc2072e55e96789cbe5db732bce05af61
11c401a81e32b086bea3798c033009907b429fb601411da6ffc266b78184898a
163844c1004fe7f16a32cabbf1fa485c127c185fce968f992cba0baae232eac4
17844b6e32a1300ba44a13e98c650fe16e4759364491b8161510e28aa648e79e
198fb3dc5f5a79fdc17377620846994c369cf47694e6234a97defca90a506002
1df323c03e742ff217794c8ace2c647f3f0cf868c91d4396c166262ca1075acc
20a91bd509668238b6af8e16475c5e2611bcd2861d0eec2e0d4f6815e81449bd
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
242aa88120783594cb0c56ff247407db601e2a09c4f598f7c7d40b9b2ba6369e
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2b7331e32e23eebe9dd30f184d2f2a4174ac4fbe0bd2e19b0e5b39b46d335f83
32a0ce8663059aa406b6a9e8d569b840ee324c6af0f97c57d98ec1a6b6286b01
33441b6e44fb33343a5769858ca65653ce482e5e0c58c6eb1cee0e50aa06ddf6
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
404a1d3b80cd4177f5c7e50c6215bfcfee093a9e6f65e149e937969ff5f087cf
4056636d6da7bec1c88a63236386a851be34f11c121b0e8cf09e90f06e91ddfc
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
4dbc45bd7ed8caf2aeeae8de34e519d874987d5285c79b5b4a93a1d670a929c4
4dc58807c3c1c8164fea8b1d778317c513189e532511b45cf6215c00b6bcd5a4
4ebcb7187dfbf7b7535c28f7140128dbcda2c16a6ca4ad29a121ea330a325de1
560a509130735e0826b11e67847715f03148528dc363c5dfb59a0abfeef03f05
587e48765de56dec92619a63016a586ef631955d11f96bef9caf33a8262d7742
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
61779c74768b5eb298860ceb7d7cf06f2b228fdc53df72b530490a792a5b8a59
63ccbd40f783b34fe6bc9ef9e971de08e32012b91ee81dd54b325ecf527c1dac
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6be97ca17228a69c406231d89c003194c3dfba7401eaa9fe9e9ed0ef1c18dc38
7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e
7e4619d147c3c6754720be1bad7c97cf6b3f9d696fbac16d97f1a9effe40e9dd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8346a3389fc57b0f1704c8de11a6a0aa179e946d44022ae8b686cbabc7de4139
8a040e3100833da10365385f6b9c9dcc1c1017348ee6ed1bfd8939d99d074c7d
8c3a7d4b4fb498130ed227de3076f314bfd4d47d2be6e8b00f2d9fdb486cb9cf
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
910e6e44783c7b7ec445f7ac917d854886c31505e559826716476a43f2b1d83d
930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3
9bdd701c0629752935c98cbdb5a9671cba6af18797867921989b11ccc457e966
9e1c5b7f15bcd940814677515f306113aa93921b6e7f0d184a6de904d07b6f43
9ea1823078c462969eaa59d6ef62623c19d77b72e25a103105b043aefaa0769a
a09d0f89e99cf5a081315ff701187632005dabd23f3ca116a75790003faa7e8f
a657bedd3bc0c106f7cfa5fe6556a0b7e175870d33bd7da9ef67ffcffbafda69
a840e4805c60dac92454db36000f80d3e60a6795b2422f42682bad7eccbe99fd
ad433d1795b310fcfd547673efaa7788b3d78b13fc1310aec679494ac68ef2c8
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b556aa0c99a333220bef9718a277f81139f356534c0c707430252f445f769b8b
c0dabf73d37d25fc527da6690109cc7c37fd54cc22cf708696939c32f69b7abd
c2bf4235c36480dd023ae5a3161be4b1d3c5f4728c753788d43530cece558812
c49fea3a9c46f32011c2204bb253d1eeec5ad457018513335aa01432aea809fb
ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d842cb49abd1b555919d1cd61ef9e1f4764913c725fce00bbea28223062051cb
d88920a91ebe2c0f910ca4d2f87bcca3f24d55194fb8168816afbd4393cd42b6
db865c8f3642f3485829c0ee0008fe04a32cc66af70867b39f60395a7fed3984
ddc6aec4144b67f0a2a12d687f3c4b8a9faf7c445847d0e25dcb5bd1a9ba9018
e422b07ca1550e55cd90a518e910fd3cfb4d9337ea6092357f9761aa77ac9e33
e62400180b207253a19909f3a66dad18d203a7f9df527d05a15e9570426695a1
e916478d94814b1a0c2680424c323db0514f4a022d16835cd7bcc754722308f4
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f59fbc97917b4f1c275b97fbf3802fba4b5ed9c68900a0e19311506c35d455ca
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
fc4c4327594c7559168718f24efe82754660fdd55f62aa796baefee1e9b8d3d3
fdf7a139210ad25e0576a0721d45086e047dee38f88ba2995ce745643212c532

www.malwarebytes.com Open in urlscan Pro 192.0.66.233 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

71 Requests

100 %HTTPS

53 %IPv6

12 Domains

16 Subdomains

16 IPs

3 Countries

1828 kBTransfer

4319 kBSize

7 Cookies

38 Outgoing links

Redirected requests

71 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.malwarebytes.com Open in urlscan Pro
192.0.66.233 Public Scan

Screenshot
Live screenshot

Full Image

71
Requests

100 %
HTTPS

53 %
IPv6

12
Domains

16
Subdomains

16
IPs

3
Countries

1828 kB
Transfer

4319 kB
Size

7
Cookies

71 HTTP transactions
4 data transactions