URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Submission: On October 14 via api from IN — Scanned from US

Summary

This website contacted 25 IPs in 3 countries across 17 domains to perform 146 HTTP transactions. The main IP is 2a04:4e42:200::645, located in United States and belongs to FASTLY, US. The main domain is www.sangfor.com. The Cisco Umbrella rank of the primary domain is 947920.
TLS certificate: Issued by Certainly Intermediate R1 on September 27th 2024. Valid for: a month.
This is the only time www.sangfor.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
76 2a04:4e42:200... 54113 (FASTLY)
2 2600:141b:1c0... 20940 (AKAMAI-ASN1)
11 2607:f8b0:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
6 142.251.40.132 15169 (GOOGLE)
2 23.207.6.152 16625 (AKAMAI-AS)
1 2607:3f40:ff0... 54994 (ML-1432-5...)
1 142.250.72.99 15169 (GOOGLE)
2 192.29.201.57 31898 (ORACLE-BM...)
1 2600:141b:1c0... 20940 (AKAMAI-ASN1)
2 2600:141b:1c0... 20940 (AKAMAI-ASN1)
4 2607:f8b0:400... 15169 (GOOGLE)
5 31.13.71.7 32934 (FACEBOOK)
2 2600:141b:1c0... 20940 (AKAMAI-ASN1)
4 142.250.80.66 15169 (GOOGLE)
4 2607:f8b0:400... 15169 (GOOGLE)
2 2001:4860:480... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
4 6 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
2 2a03:2880:f11... 32934 (FACEBOOK)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 23.33.40.142 20940 (AKAMAI-ASN1)
5 69.164.193.241 63949 (AKAMAI-LI...)
146 25
Apex Domain
Subdomains
Transfer
77 sangfor.com
www.sangfor.com — Cisco Umbrella Rank: 947920
images.sangfor.com
2 MB
11 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
588 KB
10 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 42
td.doubleclick.net — Cisco Umbrella Rank: 192 Failed
stats.g.doubleclick.net — Cisco Umbrella Rank: 136
10 KB
8 google.com
www.google.com — Cisco Umbrella Rank: 3
analytics.google.com — Cisco Umbrella Rank: 147
1 KB
7 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 321
www.linkedin.com — Cisco Umbrella Rank: 646
px4.ads.linkedin.com — Cisco Umbrella Rank: 6828
5 KB
5 arounddeal.com
wa.arounddeal.com
2 KB
5 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 180
73 KB
5 cookiebot.com
consent.cookiebot.com — Cisco Umbrella Rank: 4618
consentcdn.cookiebot.com — Cisco Umbrella Rank: 5320
imgsct.cookiebot.com — Cisco Umbrella Rank: 5372
139 KB
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 34
21 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 113
3 KB
2 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 784
14 KB
2 eloqua.com
s757079.t.eloqua.com
2 KB
2 en25.com
img06.en25.com — Cisco Umbrella Rank: 66886
28 KB
1 ipapi.co
ipapi.co — Cisco Umbrella Rank: 16407
943 B
1 gstatic.com
www.gstatic.com
216 KB
1 sangfor.com.cn
download.sangfor.com.cn — Cisco Umbrella Rank: 957441
10 KB
1 unpkg.com
unpkg.com — Cisco Umbrella Rank: 797
3 KB
146 17
Domain Requested by
76 www.sangfor.com www.sangfor.com
consent.cookiebot.com
11 www.googletagmanager.com www.sangfor.com
www.googletagmanager.com
consent.cookiebot.com
6 www.google.com www.sangfor.com
www.gstatic.com
consent.cookiebot.com
5 wa.arounddeal.com www.sangfor.com
wa.arounddeal.com
5 px.ads.linkedin.com 3 redirects snap.licdn.com
5 connect.facebook.net www.sangfor.com
connect.facebook.net
consent.cookiebot.com
4 td.doubleclick.net www.googletagmanager.com
consent.cookiebot.com
4 googleads.g.doubleclick.net www.googletagmanager.com
consent.cookiebot.com
4 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
consent.cookiebot.com
2 www.facebook.com www.sangfor.com
2 stats.g.doubleclick.net www.googletagmanager.com
2 analytics.google.com www.googletagmanager.com
2 snap.licdn.com www.sangfor.com
2 consentcdn.cookiebot.com consent.cookiebot.com
2 s757079.t.eloqua.com www.sangfor.com
2 img06.en25.com www.sangfor.com
2 consent.cookiebot.com www.sangfor.com
consent.cookiebot.com
1 images.sangfor.com www.sangfor.com
1 ipapi.co www.sangfor.com
1 imgsct.cookiebot.com
1 px4.ads.linkedin.com www.sangfor.com
1 www.linkedin.com 1 redirects
1 www.gstatic.com www.google.com
1 download.sangfor.com.cn www.sangfor.com
1 unpkg.com www.sangfor.com
146 25
Subject Issuer Validity Valid
*.sangfor.com
Certainly Intermediate R1
2024-09-27 -
2024-10-27
a month crt.sh
consent.cookiebot.com
DigiCert TLS RSA SHA256 2020 CA1
2024-02-28 -
2025-02-27
a year crt.sh
*.google-analytics.com
WR2
2024-09-24 -
2024-12-17
3 months crt.sh
unpkg.com
WE1
2024-09-25 -
2024-12-24
3 months crt.sh
*.google.com
WR2
2024-09-24 -
2024-12-17
3 months crt.sh
*.en25.com
DigiCert TLS RSA SHA256 2020 CA1
2024-07-30 -
2025-07-29
a year crt.sh
*.sangfor.com.cn
GeoTrust CN RSA CA G1
2024-01-24 -
2025-02-23
a year crt.sh
*.gstatic.com
WR2
2024-09-24 -
2024-12-17
3 months crt.sh
*.t.eloqua.com
DigiCert TLS RSA SHA256 2020 CA1
2024-03-26 -
2025-04-10
a year crt.sh
*.cookiebot.com
DigiCert TLS RSA SHA256 2020 CA1
2024-02-26 -
2025-02-26
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2024-07-23 -
2024-10-21
3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2023-12-13 -
2024-12-12
a year crt.sh
*.g.doubleclick.net
WR2
2024-09-24 -
2024-12-17
3 months crt.sh
*.doubleclick.net
WR2
2024-09-24 -
2024-12-17
3 months crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA
2024-09-11 -
2025-03-11
6 months crt.sh
ipapi.co
WE1
2024-09-02 -
2024-12-01
3 months crt.sh
images.sangfor.com
Go Daddy Secure Certificate Authority - G2
2024-04-23 -
2025-05-21
a year crt.sh
wa.arounddeal.com
E6
2024-10-08 -
2025-01-06
3 months crt.sh

This page contains 7 frames:

Primary Page: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Frame ID: 403511AB20CE99F82138F7C78963FDD3
Requests: 136 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: DEB1B46DA67339F107A1C6E7270600B4
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/11481739312?random=1728887829032&cv=11&fst=1728887829032&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9176098020za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&did=dMDhkMT&gdid=dMDhkMT&npa=0&us_privacy=1YNY&pscdl=noapi&auid=964798882.1728887829&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config%3Bpage_placeholder%3DPLACEHOLDER_page_location
Frame ID: 5BCBBFF972580BE0A08412C762476A25
Requests: 2 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/658559639?random=1728887829118&cv=11&fst=1728887829118&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v888876710z8834067541za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&npa=0&us_privacy=1YNY&pscdl=noapi&auid=964798882.1728887829&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: D66857D70F781D96048C47E0E46864FB
Requests: 2 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-SS797RGCZV&gacid=1741506203.1728887829&gtm=45be4a90v888876710z8834067541za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101671035~101686685&z=127457894
Frame ID: 5BB62C6EF6B96E82737C4CAE96D5F06C
Requests: 2 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-21N5DLV7PF&gacid=1741506203.1728887829&gtm=45je4a90v894187644za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101533421~101671035~101686685&z=923673192
Frame ID: FB7FED5FA07350788E060A140AA461CF
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LczTogeAAAAAA5eA9bXICZ0-6LDyr2C5kFjBakY&co=aHR0cHM6Ly93d3cuc2FuZ2Zvci5jb206NDQz&hl=en&v=aR-zv8WjtWx4lAw-tRCA-zca&size=invisible&cb=u6hbh8eat97
Frame ID: CF03BB9E7E1CE1FD54713BE6D76213E7
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

New RCRU64 Ransomware Variant Discovered by Sangfor FarSight Labs | Sangfor

Detected technologies

Overall confidence: 100%
Detected patterns
  • /alpine(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • consent\.cookiebot\.com

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

146
Requests

95 %
HTTPS

63 %
IPv6

17
Domains

25
Subdomains

25
IPs

3
Countries

2660 kB
Transfer

7800 kB
Size

15
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 104
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728887829383&li_adsId=aca9b566-f68e-4990-860c-64b044210f30&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728887829383&li_adsId=aca9b566-f68e-4990-860c-64b044210f30&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D701411%26time%3D1728887829383%26li_adsId%3Daca9b566-f68e-4990-860c-64b044210f30%26url%3Dhttps%253A%252F%252Fwww.sangfor.com%252Ffarsight-labs-threat-intelligence%252Fcybersecurity%252Fnew-rcru64-ransomware-variant%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728887829383&li_adsId=aca9b566-f68e-4990-860c-64b044210f30&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&cookiesTest=true&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728887829383&li_adsId=aca9b566-f68e-4990-860c-64b044210f30&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&cookiesTest=true&liSync=true&e_ipv6=AQLkol25KKSWrwAAAZKJvrYsty2EakynS_Gr8pR3pKJj8FSc6JJUykPy8Dt6ASCXBZnCeg

146 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request new-rcru64-ransomware-variant
www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/
281 KB
53 KB
Document
General
Full URL
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
1419f43d240049ef0b962f7d84526f0b41e4fd3c5376f21e75fc195895a203d4
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
1249
cache-control
max-age=21600, public
content-encoding
gzip
content-language
en
content-length
53525
content-type
text/html; charset=UTF-8
date
Mon, 14 Oct 2024 06:37:07 GMT
etag
W/"1728886577"
expires
Sun, 19 Nov 1978 05:00:00 GMT
last-modified
Mon, 14 Oct 2024 06:16:17 GMT
link
<https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant>; rel="canonical"
permissions-policy
interest-cohort=()
server
nginx
strict-transport-security
max-age=300
vary
Accept-Encoding, Cookie, Cookie, Cookie
via
1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache
HIT, MISS, MISS
x-cache-hits
6, 0, 0
x-content-type-options
nosniff
x-drupal-cache
MISS
x-drupal-dynamic-cache
MISS
x-frame-options
SAMEORIGIN
x-generator
Drupal 9 (https://www.drupal.org)
x-pantheon-styx-hostname
styx-fe1fe2-d-5c8cd649cb-j2fs9
x-served-by
cache-ams21062-AMS, cache-lax-kwhp1940116-LAX, cache-lax-kwhp1940035-LAX
x-styx-req-id
d2d652e3-89f3-11ef-b947-c6e297b52812
x-timer
S1728887827.493464,VS0,VE154
x-ua-compatible
IE=edge
uc.js
consent.cookiebot.com/
110 KB
34 KB
Script
General
Full URL
https://consent.cookiebot.com/uc.js
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:16::17c4:309 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b30b70e2067e407e427ac15a978091acb030d9b2db360ea2a3ce3eec6ef474e5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

access-control-expose-headers
Request-Context
cache-control
public, max-age=170
content-encoding
gzip
etag
"42d4c62e8219db1:0"
cross-origin-resource-policy
cross-origin
request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
expires
Mon, 14 Oct 2024 06:39:58 GMT
accept-ranges
bytes
content-length
34533
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/javascript
last-modified
Tue, 08 Oct 2024 13:01:25 GMT
vary
Accept-Encoding
js
www.googletagmanager.com/gtag/
208 KB
76 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-15510522-1
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0f1a313da6a88cb8813fb2f0e5b214586baeff74f032fe1c151d6c2a705cba96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Mon, 14 Oct 2024 06:37:08 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
76634
x-xss-protection
0
server
Google Tag Manager
css_9m8-tA3IQf8ThlLQYTTZUyEweCvyR908Tg0XCbKYOfY.css
www.sangfor.com/sites/default/files/css/
7 KB
2 KB
Stylesheet
General
Full URL
https://www.sangfor.com/sites/default/files/css/css_9m8-tA3IQf8ThlLQYTTZUyEweCvyR908Tg0XCbKYOfY.css
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f66f3eb40dc841ff138652d06134d9532130782bf247dd3c4e0d1709b29839f6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-59f96d5596-thd5g
content-encoding
gzip
etag
W/"66e3ad6f-1b00"
age
174098
expires
Tue, 23 Sep 2025 00:47:15 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:07 GMT
content-type
text/css
last-modified
Fri, 13 Sep 2024 03:11:43 GMT
x-served-by
cache-ams21040-AMS, cache-lax-kwhp1940098-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
34, 0, 0
vary
Accept-Encoding
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.732209,VS0,VE10
x-styx-req-id
363489ad-787c-11ef-9be8-dad7acecdb5d
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
2153
server
nginx
css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css
www.sangfor.com/sites/default/files/css/
254 KB
45 KB
Stylesheet
General
Full URL
https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
36ca976922a5bc02835846fc4b6243e2f110320afe24279c3dc022d4df3c24a6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5644f9474c-t5trq
content-encoding
gzip
etag
W/"66f56a4e-3f7a5"
age
174135
expires
Sat, 27 Sep 2025 14:06:07 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:07 GMT
content-type
text/css
last-modified
Thu, 26 Sep 2024 14:06:06 GMT
x-served-by
cache-ams21022-AMS, cache-lax-kwhp1940034-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
55, 0, 0
vary
Accept-Encoding
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.732196,VS0,VE8
x-styx-req-id
799712e0-7c10-11ef-ae48-9e12fbb5ed48
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
46063
server
nginx
js_DnvkTEg3ZbpAvbj7eRQvcDWT9BHsE4-MJYsCXEbFg8A.js
www.sangfor.com/sites/default/files/js/
9 KB
3 KB
Script
General
Full URL
https://www.sangfor.com/sites/default/files/js/js_DnvkTEg3ZbpAvbj7eRQvcDWT9BHsE4-MJYsCXEbFg8A.js
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0e7be44c483765ba40bdb8fb79142f703593f411ec138f8c258b025c46c583c0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-86bbdf8544-5szxp
content-encoding
gzip
etag
W/"66f0ca9b-259c"
age
111588
expires
Sat, 27 Sep 2025 01:12:22 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:07 GMT
content-type
application/x-javascript
last-modified
Mon, 23 Sep 2024 01:55:39 GMT
x-served-by
cache-ams2100091-AMS, cache-lax-kwhp1940020-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
3, 0, 0
vary
Accept-Encoding
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.732478,VS0,VE7
x-styx-req-id
6215a1cf-7ba4-11ef-8987-c21f800a9ee7
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
3185
server
nginx
min.js
unpkg.com/@ungap/url-search-params@0.2.2/
4 KB
3 KB
Script
General
Full URL
https://unpkg.com/@ungap/url-search-params@0.2.2/min.js
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f9cb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
65caebd5a0a65049f5509277b50ec0b57e5b087c08ca8ba7c65e2a4643f7a08a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"112b-YrUV36eppRXZgpD0iI7NtWvmFK0"
age
18094337
x-content-type-options
nosniff
date
Mon, 14 Oct 2024 06:37:07 GMT
content-type
application/javascript; charset=utf-8
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01HS9KSZWFYDYKXGS1S5NSY842-lax
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000
via
1.1 fly.io
cf-ray
8d258f1c3ca12ebb-LAX
access-control-allow-origin
*
server
cloudflare
js_yBWa1rtNCgnUGgvuctTEhrLMfO_6qC-cCY7JJAoD2ig.js
www.sangfor.com/sites/default/files/js/
2 KB
946 B
Script
General
Full URL
https://www.sangfor.com/sites/default/files/js/js_yBWa1rtNCgnUGgvuctTEhrLMfO_6qC-cCY7JJAoD2ig.js
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c8159ad6bb4d0a09d41a0bee72d4c486b2cc7ceffaa82f9c098ec9240a03da28
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-c65c4c55-9tcfg
content-encoding
gzip
etag
W/"66f0ca9b-721"
age
174098
expires
Thu, 25 Sep 2025 06:43:54 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:07 GMT
content-type
application/x-javascript
last-modified
Mon, 23 Sep 2024 01:55:39 GMT
x-served-by
cache-ams21070-AMS, cache-lax-kwhp1940145-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 0
vary
Accept-Encoding
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.732456,VS0,VE8
x-styx-req-id
5e2ca6cd-7a40-11ef-927a-1a02874bc4b6
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
711
server
nginx
languages.png
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/
168 B
628 B
Image
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/languages.png
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
19ba61e585dc696f1222273bb4dea2f9ea0475e7e587fc41f09a9f6a5d0100e6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-796985df48-m7flh
fastly-io-info
ifsz=341 idim=16x16 ifmt=png ofsz=168 odim=16x16 ofmt=webp
etag
"Orb1dmJDFtP/N6yT675aKKOa6zcmdgPShBSZpcNIYOo"
age
2308742
expires
Sun, 07 Sep 2025 19:36:18 GMT
x-cache
MISS, MISS, HIT, HIT
date
Mon, 14 Oct 2024 06:37:07 GMT
content-type
image/webp
x-served-by
cache-ams2100109-AMS, cache-chi-klot8100067-CHI, cache-chi-kigq8000104-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 971, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.732447,VS0,VE1
x-styx-req-id
497a19d6-6c87-11ef-bc6c-0ab8f0a9d395
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
168
fastly-io-served-by
vpop-kiad7010210
server
nginx
languages-sticky.png
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/
216 B
586 B
Image
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/languages-sticky.png
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
284aa1609b16851463de01ab149eb88b09375632c13713e662e0830abddf8bec
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-5f576dcdd9-cw48b
fastly-io-info
ifsz=496 idim=16x16 ifmt=png ofsz=216 odim=16x16 ofmt=webp
etag
"dO9oA19TM1eYAGDkkCUlSCnaB/KGW6gs2NTNH83AEaw"
age
3236450
expires
Sun, 07 Sep 2025 19:32:29 GMT
x-cache
HIT, MISS, HIT, HIT
date
Mon, 14 Oct 2024 06:37:07 GMT
content-type
image/webp
x-served-by
cache-ams2100089-AMS, cache-chi-kigq8000084-CHI, cache-chi-klot8100097-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 506, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.732435,VS0,VE1
x-styx-req-id
c0f43d7f-6c86-11ef-b380-c656f0ebc924
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
216
fastly-io-served-by
vpop-kiad7010211
server
nginx
gtm.js
www.googletagmanager.com/
345 KB
111 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MCTHSDB
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e567bae5c224611444ca52690cb055113b4faf0395b38e565c846cf0f20b4d9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Mon, 14 Oct 2024 06:37:08 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Mon, 14 Oct 2024 06:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
113630
x-xss-protection
0
server
Google Tag Manager
New%20RCRU64%20Ransomware%20Variant4074.jpg
www.sangfor.com/sites/default/files/inline-images/
39 KB
39 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant4074.jpg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
8c861ea0c6c43eb8839b5dcbb171bc584c342268fcb203ab9c45d339fd7f400e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-5f576dcdd9-xxc59
fastly-io-info
ifsz=74401 idim=830x512 ifmt=jpeg ofsz=39704 odim=830x512 ofmt=webp
etag
"vPRJY3tyG0wUr0caBLNxjgQn8TjEXxhY9SyEHv8aZaw"
age
1008804
expires
Fri, 15 Aug 2025 13:09:01 GMT
x-cache
MISS, HIT, HIT, HIT
date
Mon, 14 Oct 2024 06:37:07 GMT
content-type
image/webp
x-served-by
cache-ams21070-AMS, cache-chi-klot8100129-CHI, cache-chi-kigq8000130-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 5, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.815921,VS0,VE2
x-styx-req-id
5fcecb27-5a3e-11ef-8652-da0a288f74ff
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
39704
fastly-io-served-by
vpop-kiad7010211
server
nginx
New%20RCRU64%20Ransomware%20Variant4134.jpg
www.sangfor.com/sites/default/files/inline-images/
25 KB
25 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant4134.jpg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
30b0f26470c915ef09c50d127690c860685641df1f66409f0aec3d260186d388
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-5f576dcdd9-kc686
fastly-io-info
ifsz=54446 idim=831x431 ifmt=jpeg ofsz=25392 odim=831x431 ofmt=webp
etag
"P7QTR8TyVfDk+j1pWwH7J1BlajfY/wzSoGkOQ+g33io"
age
1802550
expires
Tue, 26 Aug 2025 03:57:06 GMT
x-cache
MISS, HIT, HIT, HIT
date
Mon, 14 Oct 2024 06:37:07 GMT
content-type
image/webp
x-served-by
cache-ams21060-AMS, cache-chi-klot8100068-CHI, cache-chi-klot8100068-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 8, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.991710,VS0,VE2
x-styx-req-id
1894c842-6296-11ef-a932-3a5fb9dd45f7
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
25392
fastly-io-served-by
vpop-kiad7010217
server
nginx
New%20RCRU64%20Ransomware%20Variant4171.jpg
www.sangfor.com/sites/default/files/inline-images/
33 KB
33 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant4171.jpg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
43a82cd8f2c063b414db0ad551d1c7a2ec384f4347d300609e5b490b4c8c40a1
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-86bbdf8544-w54cj
fastly-io-info
ifsz=62172 idim=831x242 ifmt=jpeg ofsz=33796 odim=831x242 ofmt=webp
etag
"c2G0NlxLVy/fGyp2Obg7AYzArew1O0MAJyU7C4OvAwI"
age
1217072
expires
Wed, 01 Oct 2025 04:32:35 GMT
x-cache
HIT, MISS, HIT, HIT
date
Mon, 14 Oct 2024 06:37:07 GMT
content-type
image/webp
x-served-by
cache-ams2100108-AMS, cache-chi-klot8100120-CHI, cache-chi-klot8100090-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 3, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.991683,VS0,VE3
x-styx-req-id
042829b3-7ee5-11ef-980d-c25078f00740
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
33796
fastly-io-served-by
vpop-kiad7010249
server
nginx
New%20RCRU64%20Ransomware%20Variant4571.jpg
www.sangfor.com/sites/default/files/inline-images/
40 KB
41 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant4571.jpg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cc639c62a725f411cbfa123171585ae887e67acbfc7cec1aadb033eeb4c998a1
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-c65c4c55-lpzvk
fastly-io-info
ifsz=81306 idim=831x484 ifmt=jpeg ofsz=41406 odim=831x484 ofmt=webp
etag
"GGEwZRoISTnJoPukjMTxcNlZHt9u4oZ6/SHfmJyIsqw"
age
577716
expires
Sun, 14 Sep 2025 18:39:14 GMT
x-cache
MISS, HIT, HIT, HIT
date
Mon, 14 Oct 2024 06:37:07 GMT
content-type
image/webp
x-served-by
cache-ams21042-AMS, cache-chi-kigq8000114-CHI, cache-chi-klot8100153-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 3, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.991631,VS0,VE1
x-styx-req-id
798aeb40-71ff-11ef-9e40-5a355862b94c
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
41406
fastly-io-served-by
img06-us-east4
server
nginx
New%20RCRU64%20Ransomware%20Variant4798.jpg
www.sangfor.com/sites/default/files/inline-images/
12 KB
12 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant4798.jpg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c7e56b6438ce7b0803d9c06b7ee1c8ce6db280dac58e0f8f56490336c2bec194
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-84d775db57-6h676
fastly-io-info
ifsz=24948 idim=830x200 ifmt=jpeg ofsz=12140 odim=830x200 ofmt=webp
etag
"C09xH7m9zhhbkyAVmMrUt++pwRn0MxhMLt4I+a7V7Js"
age
577716
expires
Wed, 08 Oct 2025 14:08:31 GMT
x-cache
MISS, MISS, HIT, HIT
date
Mon, 14 Oct 2024 06:37:07 GMT
content-type
image/webp
x-served-by
cache-ams21082-AMS, cache-chi-kigq8000041-CHI, cache-chi-klot8100051-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 2, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.991600,VS0,VE1
x-styx-req-id
a25f22bf-84b5-11ef-918d-de3234677e8a
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
12140
fastly-io-served-by
vpop-kiad7010229
server
nginx
New%20RCRU64%20Ransomware%20Variant4881.jpg
www.sangfor.com/sites/default/files/inline-images/
23 KB
23 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant4881.jpg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
1dae51845d58e1f038ca809955fa1f4a3b2114a05d9071a06ffe5f3e2d2dc816
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-5f576dcdd9-7thdz
fastly-io-info
ifsz=46360 idim=731x499 ifmt=jpeg ofsz=23552 odim=731x499 ofmt=webp
etag
"OibGN3fOnaBskhGe1Byo3OdrqTiuP1PF1dLfdykJOgQ"
age
1802550
expires
Fri, 15 Aug 2025 13:09:01 GMT
x-cache
MISS, MISS, HIT, HIT
date
Mon, 14 Oct 2024 06:37:07 GMT
content-type
image/webp
x-served-by
cache-ams21048-AMS, cache-chi-kigq8000101-CHI, cache-chi-kigq8000164-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 9, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.991580,VS0,VE1
x-styx-req-id
5fea3c14-5a3e-11ef-8bfb-8e36a993e3a1
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
23552
fastly-io-served-by
vpop-kiad7010215
server
nginx
New%20RCRU64%20Ransomware%20Variant5081.jpg
www.sangfor.com/sites/default/files/inline-images/
12 KB
13 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant5081.jpg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
1ab18b6349502e2ff94ae18400f17f3e453a7f14dd3ba45f88751e78ddc47a0b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5644f9474c-2sw7v
fastly-io-info
ifsz=21824 idim=820x94 ifmt=jpeg ofsz=12388 odim=820x94 ofmt=webp
etag
"jrQJMi5d8tKYSCSSfmbam95QUrEjXBhlzSIj3xLhajM"
age
1217072
expires
Wed, 01 Oct 2025 04:32:35 GMT
x-cache
HIT, MISS, HIT, HIT
date
Mon, 14 Oct 2024 06:37:07 GMT
content-type
image/webp
x-served-by
cache-ams2100105-AMS, cache-chi-klot8100148-CHI, cache-chi-klot8100127-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 3, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.991534,VS0,VE1
x-styx-req-id
0427de6f-7ee5-11ef-8cee-12ad23927ad3
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
12388
fastly-io-served-by
vpop-kiad7010231
server
nginx
New%20RCRU64%20Ransomware%20Variant5263.jpg
www.sangfor.com/sites/default/files/inline-images/
30 KB
30 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant5263.jpg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
6e8ea35cfdff4770e3e0d3c98e9e78f8818f4c5f44561274dca027fd1e3fe41b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-c65c4c55-z6qqz
fastly-io-info
ifsz=55526 idim=831x286 ifmt=jpeg ofsz=30618 odim=831x286 ofmt=webp
etag
"Io2bOiL68s5uO9ipMHXRrlv2V3UJ2LcQUeubzpjH7i0"
age
1802550
expires
Wed, 17 Sep 2025 08:25:56 GMT
x-cache
HIT, HIT, HIT, HIT
date
Mon, 14 Oct 2024 06:37:07 GMT
content-type
image/webp
x-served-by
cache-ams21031-AMS, cache-chi-kigq8000048-CHI, cache-chi-kigq8000048-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 8, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.992997,VS0,VE1
x-styx-req-id
4bcb0056-7405-11ef-88a4-6237ede9c4d6
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
30618
fastly-io-served-by
vpop-kiad7010213
server
nginx
New%20RCRU64%20Ransomware%20Variant5647.jpg
www.sangfor.com/sites/default/files/inline-images/
43 KB
44 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant5647.jpg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
acc56b2df173f77e03fbd422205fa16c2067e01f996313c37d301146f12d67cf
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-796985df48-p55wm
fastly-io-info
ifsz=79416 idim=831x397 ifmt=jpeg ofsz=44428 odim=831x397 ofmt=webp
etag
"iOZqCxWV7xxYn+vnL5F/Yfq8hwWrvZUg1h/U+4if7jU"
age
1802550
expires
Wed, 03 Sep 2025 03:59:38 GMT
x-cache
MISS, MISS, HIT, HIT
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
image/webp
x-served-by
cache-ams21063-AMS, cache-chi-klot8100161-CHI, cache-chi-kigq8000164-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 10, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.992918,VS0,VE13
x-styx-req-id
c6856691-68df-11ef-8016-76ae21b829dd
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
44428
fastly-io-served-by
vpop-kiad7010214
server
nginx
New%20RCRU64%20Ransomware%20Variant5977.jpg
www.sangfor.com/sites/default/files/inline-images/
14 KB
15 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant5977.jpg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
76383787d84ba9588f39fa845cfd80b0d645719f3f9ac32be4fc92b18b1d148c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5b9775c78-49rqw
fastly-io-info
ifsz=23076 idim=830x64 ifmt=jpeg ofsz=14556 odim=830x64 ofmt=webp
etag
"Zexde0HuUaT2CwLLb7LdM3qMjjkQ8BcwCCLpy5PZ4gE"
age
577716
expires
Wed, 08 Oct 2025 14:08:32 GMT
x-cache
MISS, MISS, HIT, HIT
date
Mon, 14 Oct 2024 06:37:07 GMT
content-type
image/webp
x-served-by
cache-ams2100097-AMS, cache-chi-klot8100111-CHI, cache-chi-kigq8000020-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 2, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.992913,VS0,VE1
x-styx-req-id
a260db97-84b5-11ef-991b-de16ede6e430
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
14556
fastly-io-served-by
vpop-kiad7010250
server
nginx
New%20RCRU64%20Ransomware%20Variant6104.jpg
www.sangfor.com/sites/default/files/inline-images/
31 KB
31 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant6104.jpg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9e337c7f8bc51113fb2f0eb2585f03a7b3b0588f3661a2f51c4025d4b17d2a40
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5644f9474c-2sw7v
fastly-io-info
ifsz=56532 idim=831x316 ifmt=jpeg ofsz=31590 odim=831x316 ofmt=webp
etag
"ke4re1m6hv/HbPouLNvhu1imkl737YF0ZGemlLz7TVU"
age
1217072
expires
Wed, 01 Oct 2025 04:32:35 GMT
x-cache
HIT, MISS, HIT, HIT
date
Mon, 14 Oct 2024 06:37:07 GMT
content-type
image/webp
x-served-by
cache-ams21075-AMS, cache-chi-klot8100062-CHI, cache-chi-klot8100147-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 2, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.993922,VS0,VE3
x-styx-req-id
0427f13c-7ee5-11ef-8cee-12ad23927ad3
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
31590
fastly-io-served-by
vpop-kiad7010212
server
nginx
New%20RCRU64%20Ransomware%20Variant6371.jpg
www.sangfor.com/sites/default/files/inline-images/
13 KB
13 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant6371.jpg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
6fbbf1e444fd365c5c0d4c96461eee486e5a33784b3f199d92fe69567e932770
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-796985df48-m7flh
fastly-io-info
ifsz=29122 idim=830x180 ifmt=jpeg ofsz=12948 odim=830x180 ofmt=webp
etag
"Qeby48NyJPPXHAxu5JE2sRFoEgoQYlbscAIciKOJBgg"
age
1802550
expires
Mon, 01 Sep 2025 21:56:56 GMT
x-cache
MISS, MISS, HIT, HIT
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
image/webp
x-served-by
cache-ams2100145-AMS, cache-chi-klot8100153-CHI, cache-chi-kigq8000148-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 10, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.082667,VS0,VE2
x-styx-req-id
f072e77a-67e3-11ef-bc6c-0ab8f0a9d395
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
12948
fastly-io-served-by
vpop-kiad7010250
server
nginx
New%20RCRU64%20Ransomware%20Variant6539.jpg
www.sangfor.com/sites/default/files/inline-images/
11 KB
12 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant6539.jpg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3c3b0fdb91418f8c6538ec2a686c6d49b619494effc576611c2ccdb1440e7b2b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-c65c4c55-9tcfg
fastly-io-info
ifsz=24600 idim=831x124 ifmt=jpeg ofsz=11728 odim=831x124 ofmt=webp
etag
"FcRwIJhQo/stYvJ8o0FIOctQlq63PyuC/+0xLvM8CWY"
age
577716
expires
Sun, 14 Sep 2025 18:39:14 GMT
x-cache
MISS, HIT, HIT, HIT
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
image/webp
x-served-by
cache-ams2100105-AMS, cache-chi-kigq8000119-CHI, cache-chi-kigq8000093-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 2, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.082772,VS0,VE8
x-styx-req-id
799847db-71ff-11ef-927a-1a02874bc4b6
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
11728
fastly-io-served-by
vpop-kiad7010214
server
nginx
New%20RCRU64%20Ransomware%20Variant7581.jpg
www.sangfor.com/sites/default/files/inline-images/
23 KB
23 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant7581.jpg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
dd33484b1c193c68f5616a406865d1754ca67353899a46ce65400470a7dd084c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-c65c4c55-7skd9
fastly-io-info
ifsz=36874 idim=830x169 ifmt=jpeg ofsz=23290 odim=830x169 ofmt=webp
etag
"Lt8vLYHkDb4MjZ51SnSuHZFBL5TCVoSpT4YaWIkZoqU"
age
1802550
expires
Wed, 17 Sep 2025 08:25:57 GMT
x-cache
HIT, HIT, HIT, HIT
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
image/webp
x-served-by
cache-ams2100087-AMS, cache-chi-kigq8000104-CHI, cache-chi-kigq8000104-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 8, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.083230,VS0,VE3
x-styx-req-id
4c21346c-7405-11ef-aa69-a6bd2d28ddea
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
23290
fastly-io-served-by
vpop-kiad7010247
server
nginx
New%20RCRU64%20Ransomware%20Variant7855.jpg
www.sangfor.com/sites/default/files/inline-images/
46 KB
46 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant7855.jpg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a8342a4c16e3fddd19edb61bdf17e984a875a520d408e9ff24f989d8ee4b4021
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5b9775c78-s5hrd
fastly-io-info
ifsz=72346 idim=830x246 ifmt=jpeg ofsz=46668 odim=830x246 ofmt=webp
etag
"Q2FYjyjc1deswf5p73lKHRQPeCqY8ptIylcg4v7IC9k"
age
864711
expires
Sun, 05 Oct 2025 06:25:17 GMT
x-cache
MISS, MISS, HIT, HIT
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
image/webp
x-served-by
cache-ams2100147-AMS, cache-chi-kigq8000136-CHI, cache-chi-klot8100153-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 2, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.083124,VS0,VE6
x-styx-req-id
6c2c45c0-8219-11ef-af2b-0af51c2c7f7c
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
46668
fastly-io-served-by
vpop-kiad7010231
server
nginx
New%20RCRU64%20Ransomware%20Variant8022.jpg
www.sangfor.com/sites/default/files/inline-images/
19 KB
19 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant8022.jpg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5b63874935b493559810133aff35028591cd64ce758994e710d8347a4b0d401d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5644f9474c-h4wt2
fastly-io-info
ifsz=35298 idim=830x240 ifmt=jpeg ofsz=19248 odim=830x240 ofmt=webp
etag
"8muIL594oCMAqUuUyQ/82J6BPDxkKi0Qout42YRZV5s"
age
1217072
expires
Wed, 01 Oct 2025 04:32:35 GMT
x-cache
HIT, MISS, HIT, HIT
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
image/webp
x-served-by
cache-ams21067-AMS, cache-chi-klot8100046-CHI, cache-chi-kigq8000155-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 3, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.083184,VS0,VE3
x-styx-req-id
04278146-7ee5-11ef-9df6-bef268001cb5
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
19248
fastly-io-served-by
vpop-kiad7010213
server
nginx
New%20RCRU64%20Ransomware%20Variant8432.jpg
www.sangfor.com/sites/default/files/inline-images/
15 KB
15 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant8432.jpg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5b34b175179a2b7207902dfb82f3bd5ddcecffed15372771abc7ac81941a89a6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-59f96d5596-qrghr
fastly-io-info
ifsz=28264 idim=831x232 ifmt=jpeg ofsz=15324 odim=831x232 ofmt=webp
etag
"lIuWvobaZIDyAC5buxJLShklxVLXTMVp55hqZSNrM3E"
age
1007747
expires
Sun, 14 Sep 2025 18:39:14 GMT
x-cache
HIT, MISS, HIT, HIT
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
image/webp
x-served-by
cache-ams2100109-AMS, cache-chi-klot8100022-CHI, cache-chi-kigq8000083-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 3, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.083954,VS0,VE1
x-styx-req-id
799a2be2-71ff-11ef-9d35-86258012481b
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
15324
fastly-io-served-by
vpop-kiad7010248
server
nginx
image%201_0_0.png
www.sangfor.com/sites/default/files/inline-images/
120 KB
120 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/inline-images/image%201_0_0.png
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ebaccbb59ffac8f54448f61dae2a3cca80036be36348f2e116d25056d83a7e76
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-7d6684fc85-mvp8s
fastly-io-info
ifsz=133580 idim=723x785 ifmt=png ofsz=122622 odim=723x785 ofmt=webp
etag
"gDqVcMmzx4aBADq1m1o8KL+mIEKwUJzf0J5x5V6FMLg"
age
1007747
expires
Fri, 03 Oct 2025 14:41:20 GMT
x-cache
MISS, MISS, HIT, HIT
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
image/webp
x-served-by
cache-ams21045-AMS, cache-chi-klot8100099-CHI, cache-chi-klot8100118-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 3, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.083948,VS0,VE2
x-styx-req-id
63955fb0-80cc-11ef-876a-32120c29c299
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
122622
fastly-io-served-by
vpop-kiad7010217
server
nginx
New%20RCRU64%20Ransomware%20Variant15503.jpg
www.sangfor.com/sites/default/files/inline-images/
27 KB
27 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant15503.jpg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
42fcc2e1fa91f2656f4fe39ab0ce936e6358d9ea1a3847baa4abaeb30fc6340e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-6995bc9c6b-vbkmq
fastly-io-info
ifsz=51293 idim=807x663 ifmt=jpeg ofsz=27248 odim=807x663 ofmt=webp
etag
"7oYqFKix13JQrRx6N1tLlMUjUgeU4mkX2nn7pJMAOmo"
age
1802550
expires
Thu, 07 Aug 2025 11:12:57 GMT
x-cache
MISS, MISS, HIT, HIT
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
image/webp
x-served-by
cache-ams2100093-AMS, cache-chi-klot8100045-CHI, cache-chi-kigq8000092-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 9, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.083989,VS0,VE2
x-styx-req-id
d5938363-53e4-11ef-aca7-42e95ec37499
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
27248
fastly-io-served-by
vpop-kiad7010211
server
nginx
New%20RCRU64%20Ransomware%20Variant16236_1.jpg
www.sangfor.com/sites/default/files/inline-images/
44 KB
44 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant16236_1.jpg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4ef8764b15fc01e7dab43f9b379996e763ecee58df1115f69142d4db17194cbd
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-5f576dcdd9-zz8fm
fastly-io-info
ifsz=83145 idim=831x924 ifmt=jpeg ofsz=44732 odim=831x924 ofmt=webp
etag
"tTpGMS/2xK9gWgck5klJhzw2BvYTtt8cBeInq86lOh4"
age
1008804
expires
Fri, 05 Sep 2025 14:37:03 GMT
x-cache
MISS, HIT, HIT, HIT
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
image/webp
x-served-by
cache-ams2100141-AMS, cache-chi-klot8100049-CHI, cache-chi-klot8100058-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 4, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.084035,VS0,VE1
x-styx-req-id
270040e7-6acb-11ef-bcc9-e60246f3375c
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
44732
fastly-io-served-by
vpop-kiad7010229
server
nginx
New%20RCRU64%20Ransomware%20Variant16834.jpg
www.sangfor.com/sites/default/files/inline-images/
85 KB
85 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant16834.jpg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a9794eb161a19e97283a6b27ad43932837f5638f85a3cf08cec9ef6a9cd9c721
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-c65c4c55-z6qqz
fastly-io-info
ifsz=141119 idim=830x600 ifmt=jpeg ofsz=86580 odim=830x600 ofmt=webp
etag
"x9tzINiSFzkUDyQK2HpStDcz4U6ZE17j80w23GmY8Cg"
age
2412668
expires
Wed, 17 Sep 2025 08:25:58 GMT
x-cache
HIT, MISS, HIT, HIT
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
image/webp
x-served-by
cache-ams2100091-AMS, cache-chi-klot8100154-CHI, cache-chi-klot8100089-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 7, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.084049,VS0,VE2
x-styx-req-id
4cef31c4-7405-11ef-88a4-6237ede9c4d6
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
86580
fastly-io-served-by
vpop-kiad7010214
server
nginx
New%20RCRU64%20Ransomware%20Variant16895.jpg
www.sangfor.com/sites/default/files/inline-images/
72 KB
73 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant16895.jpg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cedb71958c703923a2df24aff20e6250b7d506e60c5f8931f5f4a82ff3f8cef4
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-59f96d5596-5kz6f
fastly-io-info
ifsz=128436 idim=830x1006 ifmt=jpeg ofsz=73896 odim=830x1006 ofmt=webp
etag
"+hFf3vdZnXdr57/p5mLpKZ7/RofFj06bn9/MLZ7KbjE"
age
1007747
expires
Wed, 24 Sep 2025 09:54:37 GMT
x-cache
MISS, HIT, HIT, HIT
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
image/webp
x-served-by
cache-ams2100103-AMS, cache-chi-klot8100153-CHI, cache-chi-klot8100114-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 3, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.084054,VS0,VE2
x-styx-req-id
d8577c20-7991-11ef-904b-2a95c218e6a7
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
73896
fastly-io-served-by
vpop-kiad7010217
server
nginx
New%20RCRU64%20Ransomware%20Variant18132.jpg
www.sangfor.com/sites/default/files/inline-images/
67 KB
67 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant18132.jpg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
eafbdcc4eab9ccd535cebb16f2f960eecc341496cc3edede446bf5d90321660b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-59f96d5596-qrghr
fastly-io-info
ifsz=110828 idim=831x355 ifmt=jpeg ofsz=68464 odim=831x355 ofmt=webp
etag
"jCs1QW0BsNX9awyoU5s8yLfnIGSxvWr/qlWl4SWlAXo"
age
1098226
expires
Wed, 24 Sep 2025 09:54:37 GMT
x-cache
MISS, HIT, HIT, HIT
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
image/webp
x-served-by
cache-ams2100117-AMS, cache-chi-klot8100155-CHI, cache-chi-kigq8000160-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 4, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.084075,VS0,VE2
x-styx-req-id
d857f080-7991-11ef-9d35-86258012481b
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
68464
fastly-io-served-by
vpop-kiad7010210
server
nginx
2.4%20Sangfor%20Solution.jpg
www.sangfor.com/sites/default/files/inline-images/
91 KB
92 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/inline-images/2.4%20Sangfor%20Solution.jpg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ec1637554b155c6bec0d5c076d76866f2e584c17d2dbd4c55f7cc13c6477b210
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-c65c4c55-9tcfg
fastly-io-info
ifsz=101788 idim=1000x903 ifmt=jpeg ofsz=93364 odim=1000x903 ofmt=webp
etag
"PEHlSlbLdB49DZRbsrcpOFMDCeLSmyeT7shOibnnM/Y"
age
1098226
expires
Wed, 24 Sep 2025 09:54:37 GMT
x-cache
MISS, HIT, HIT, HIT
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
image/webp
x-served-by
cache-ams2100085-AMS, cache-chi-klot8100056-CHI, cache-chi-kigq8000094-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 5, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.084401,VS0,VE2
x-styx-req-id
d856ab5d-7991-11ef-927a-1a02874bc4b6
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
93364
fastly-io-served-by
vpop-kiad7010212
server
nginx
sangfor_building.jpg.webp
www.sangfor.com/sites/default/files/styles/webp/public/2022-10/
48 KB
49 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/styles/webp/public/2022-10/sangfor_building.jpg.webp?itok=Wz2JzIYx
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
d19d0a77d9895780fe41eb1b9bc0e086f513cbec51c97a3d74fd245be5d2ea68
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-c9497cf79-g7j5s
fastly-io-info
ifsz=49628 idim=757x800 ifmt=webp ofsz=49628 odim=757x800 ofmt=webp
etag
"l+6GahIm93mxoyxrHnvXlULT+bg+3EP2/Flk1jo1GkM"
age
2228445
expires
Wed, 16 Jul 2025 19:19:25 GMT
x-cache
MISS, MISS, HIT, HIT
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
image/webp
x-served-by
cache-ams2100134-AMS, cache-chi-kigq8000162-CHI, cache-chi-kigq8000128-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 209, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
fastly-io-warning
Failed to shrink image
x-timer
S1728887828.084162,VS0,VE4
x-styx-req-id
26083df3-42df-11ef-a67c-923788c6f370
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
49628
fastly-io-served-by
vpop-kiad7010214
server
nginx
logo-fb.svg
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/
397 B
494 B
Image
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/logo-fb.svg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
aac00b0dd1b83a91bb40a96104b60a1a76bbf7887ecdc78f824a751533f8d9f6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5c8cd649cb-mqsgn
content-encoding
gzip
etag
W/"67091a90-18d"
age
173878
expires
Mon, 13 Oct 2025 06:19:09 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
image/svg+xml
last-modified
Fri, 11 Oct 2024 12:31:12 GMT
x-served-by
cache-ams2100125-AMS, cache-lax-kwhp1940032-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 0
vary
Accept-Encoding
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.084192,VS0,VE7
x-styx-req-id
e4325a13-8861-11ef-bce7-5a768933f673
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
275
server
nginx
logo-twitter.svg
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/
596 B
637 B
Image
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/logo-twitter.svg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fbb8fad500a2857ce80ec8fb10d2d9bcf96becf86d9cbafad061aceae07c2f53
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5c8cd649cb-j2fs9
content-encoding
gzip
etag
W/"6709c64a-254"
age
173878
expires
Mon, 13 Oct 2025 06:19:09 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
image/svg+xml
last-modified
Sat, 12 Oct 2024 00:43:54 GMT
x-served-by
cache-ams21025-AMS, cache-lax-kwhp1940131-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 0
vary
Accept-Encoding
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.084893,VS0,VE7
x-styx-req-id
e432833e-8861-11ef-b947-c6e297b52812
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
387
server
nginx
logo-linkedin.svg
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/
683 B
689 B
Image
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/logo-linkedin.svg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5a399207c12d45df8892cffc11528a6666e85d182999f90c97f654c1f7b4d5b5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-fcdfb5d99-rkcnz
content-encoding
gzip
etag
W/"6709a3e0-2ab"
age
174135
expires
Mon, 13 Oct 2025 06:14:53 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
image/svg+xml
last-modified
Fri, 11 Oct 2024 22:17:04 GMT
x-served-by
cache-ams21029-AMS, cache-lax-kwhp1940038-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 0
vary
Accept-Encoding
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.084873,VS0,VE56
x-styx-req-id
4bb4137d-8861-11ef-b957-86ae226cd428
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
368
server
nginx
icon-youtube-author.svg
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/
925 B
820 B
Image
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/icon-youtube-author.svg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
818f9cbde752ad72e51413c9230dd1526c1f6ea916c034d597d551ce979f831f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5c8cd649cb-wzbxl
content-encoding
gzip
etag
W/"6709c64a-39d"
age
173878
expires
Mon, 13 Oct 2025 06:19:09 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
image/svg+xml
last-modified
Sat, 12 Oct 2024 00:43:54 GMT
x-served-by
cache-ams21067-AMS, cache-lax-kwhp1940074-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 0
vary
Accept-Encoding
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.084886,VS0,VE9
x-styx-req-id
e432d694-8861-11ef-b87b-7eaec3dbcd23
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
506
server
nginx
logo-ig-author.svg
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/
2 KB
1 KB
Image
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/logo-ig-author.svg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
83bd6fedd1fe68e130019dcc9ac407bc349c9f6f36874716c7e73be94dc9e462
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-fcdfb5d99-rkcnz
content-encoding
gzip
etag
W/"67093249-7e7"
age
173878
expires
Mon, 13 Oct 2025 06:19:09 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
image/svg+xml
last-modified
Fri, 11 Oct 2024 14:12:25 GMT
x-served-by
cache-ams2100126-AMS, cache-lax-kwhp1940041-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 0
vary
Accept-Encoding
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.084899,VS0,VE8
x-styx-req-id
e4329573-8861-11ef-b957-86ae226cd428
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
1017
server
nginx
api.js
www.google.com/recaptcha/
1 KB
995 B
Script
General
Full URL
https://www.google.com/recaptcha/api.js?render=6LczTogeAAAAAA5eA9bXICZ0-6LDyr2C5kFjBakY
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.132 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f4.1e100.net
Software
ESF /
Resource Hash
2ef14706d7ea03c01ea58bc28980cd3c345b2814e38d9fa9051d3cccf245bbd8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

cache-control
private, max-age=300
content-encoding
gzip
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options
nosniff
expires
Mon, 14 Oct 2024 06:37:08 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date
Mon, 14 Oct 2024 06:37:08 GMT
x-xss-protection
0
content-type
text/javascript; charset=utf-8
server
ESF
x-frame-options
SAMEORIGIN
livevalidation_standalone.compressed.js
img06.en25.com/i/
13 KB
14 KB
Script
General
Full URL
https://img06.en25.com/i/livevalidation_standalone.compressed.js
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.207.6.152 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-207-6-152.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
36ef1cf6246ce3d596a572d7b0e947a7088eefb1af6373f1a0669c9189a6728e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Robots-Tag
noindex, nofollow
Cache-Control
no-store
Pragma
no-cache
ETag
"32e442741dd4da1:0"
Connection
keep-alive
X-Content-Type-Options
nosniff
Expires
Mon, 14 Oct 2024 06:37:08 GMT
Accept-Ranges
bytes
P3P
CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Length
13723
X-XSS-Protection
1; mode=block
Date
Mon, 14 Oct 2024 06:37:08 GMT
Content-Type
application/x-javascript
Last-Modified
Fri, 12 Jul 2024 05:36:33 GMT
c19159723c724342a4382da50f1f4b57.gif
download.sangfor.com.cn/
9 KB
10 KB
Image
General
Full URL
https://download.sangfor.com.cn/c19159723c724342a4382da50f1f4b57.gif?la=zh-CN&rev=a25ec929e048423290e67e4d0fc251ac&hash=D70C6C0954BDC063F85CC911025BBEF0
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2607:3f40:ff03::7ff , Canada, ASN54994 (ML-1432-54994, CA),
Reverse DNS
Software
WS-web-server /
Resource Hash
6879f6200421154baabd4682320d1a1ff600830520ff73697f61c1c8759a6a3f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

X-Reqid
202126410028724620240126085349sgXMnhVpsampled
x-ws-request-id
670cbc15_PS-BOS-01z1435_4898-15250
x-via
1.1 dianxun187:6 (Cdn Cache Server V2.0), 1.1 PS-JFK-01s8o183:3 (Cdn Cache Server V2.0), 1.1 PS-BOS-01z1435:13 (Cdn Cache Server V2.0)
ETag
"Fvo1Tz1ZcS0MNBtuJBgE-dYZksmL"
Age
124500
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
9481
Date
Mon, 14 Oct 2024 06:37:09 GMT
Content-Type
image/gif;charset=UTF-8
Last-Modified
Wed, 31 Aug 2022 03:37:37 GMT
Server
WS-web-server
eloqua.js
www.sangfor.com/themes/custom/sangfor/front-end/eloqua_js/
5 KB
2 KB
Script
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/eloqua_js/eloqua.js
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
6fe067bf4e83889b5dc2d32f88835854a7e5ee95fec799ba1558a20cfb5e6f3a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-fcdfb5d99-rkcnz
content-encoding
gzip
etag
W/"67091a90-1539"
age
174098
expires
Mon, 13 Oct 2025 06:15:29 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript
last-modified
Fri, 11 Oct 2024 12:31:12 GMT
x-served-by
cache-ams21033-AMS, cache-lax-kwhp1940064-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
57, 0, 0
vary
Accept-Encoding
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.085203,VS0,VE7
x-styx-req-id
60f0c3e7-8861-11ef-b957-86ae226cd428
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
1856
server
nginx
HeroBanner.js
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/widgets/
1 KB
866 B
Script
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/widgets/HeroBanner.js?v=2.7
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7434fc40a30edaa357cb3873be0c68e0e6ac7bce734c4b3a458368d0865d9205
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-fcdfb5d99-hh9nd
content-encoding
gzip
etag
W/"6709a3e0-435"
age
174098
expires
Mon, 13 Oct 2025 06:15:29 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript
last-modified
Fri, 11 Oct 2024 22:17:04 GMT
x-served-by
cache-ams21076-AMS, cache-lax-kwhp1940124-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
58, 0, 0
vary
Accept-Encoding
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.084954,VS0,VE8
x-styx-req-id
60f0b52d-8861-11ef-8218-3208fd4d7f88
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
580
server
nginx
header.js
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/pages/
5 KB
2 KB
Script
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/pages/header.js?v=2.7
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
098fc51c00b27479bf9564ff913f642e836ac863b346c43819f09a80936ec0a5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5c8cd649cb-hhx26
content-encoding
gzip
etag
W/"67091a90-141f"
age
174098
expires
Mon, 13 Oct 2025 06:13:28 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript
last-modified
Fri, 11 Oct 2024 12:31:12 GMT
x-served-by
cache-ams21026-AMS, cache-lax-kwhp1940055-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
1, 0, 0
vary
Accept-Encoding
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.085063,VS0,VE7
x-styx-req-id
18d5b9ac-8861-11ef-848d-ee31b65f8c59
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
1521
server
nginx
runtime.js
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/
3 KB
2 KB
Script
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/runtime.js?v=2.7
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
41a49f5e2794f7440f5a4cca9a3384eeec0505922b2f21b6dfd1299bc275ef95
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-fcdfb5d99-m7f6g
content-encoding
gzip
etag
W/"6709a3e0-cec"
age
174138
expires
Mon, 13 Oct 2025 06:14:50 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript
last-modified
Fri, 11 Oct 2024 22:17:04 GMT
x-served-by
cache-ams21081-AMS, cache-lax-kwhp1940100-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
61, 0, 0
vary
Accept-Encoding
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.085037,VS0,VE7
x-styx-req-id
49d8dfba-8861-11ef-9a09-52e503d7f733
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
1750
server
nginx
main.js
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/
3 KB
1 KB
Script
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/main.js?v=2.7
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
873798cf5a9cc4cd81e7fc20017683455be4e1bbf14553aa56182e1f05a6bfd5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5c8cd649cb-j2fs9
content-encoding
gzip
etag
W/"67091a90-b65"
age
174098
expires
Mon, 13 Oct 2025 06:15:29 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript
last-modified
Fri, 11 Oct 2024 12:31:12 GMT
x-served-by
cache-ams2100147-AMS, cache-lax-kwhp1940129-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
57, 0, 0
vary
Accept-Encoding
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.085360,VS0,VE66
x-styx-req-id
60f1849a-8861-11ef-b947-c6e297b52812
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
1010
server
nginx
vendor-main.js
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/
418 KB
145 KB
Script
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/vendor-main.js?v=2.7
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
125917e83a2fdc404792d691b5f572c72408a1fbc6bea8c8c5ea76efc952f8b5
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5c8cd649cb-j2fs9
content-encoding
gzip
etag
W/"67093249-689f2"
age
174099
expires
Mon, 13 Oct 2025 06:15:29 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript
last-modified
Fri, 11 Oct 2024 14:12:25 GMT
x-served-by
cache-ams21079-AMS, cache-lax-kwhp1940136-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 0
vary
Accept-Encoding
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.085396,VS0,VE6
x-styx-req-id
60f1bea2-8861-11ef-b947-c6e297b52812
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
148414
server
nginx
footer.js
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/pages/
12 KB
5 KB
Script
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/pages/footer.js?v=2.7
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5e6e5066c2153c8e15f1bb3051b8dfd7dfd1e5b947a80e0ec16c266b5ab50369
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-fcdfb5d99-rkcnz
content-encoding
gzip
etag
W/"67093249-2f05"
age
174138
expires
Mon, 13 Oct 2025 06:14:50 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript
last-modified
Fri, 11 Oct 2024 14:12:25 GMT
x-served-by
cache-ams2100104-AMS, cache-lax-kwhp1940076-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
61, 0, 0
vary
Accept-Encoding
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.085817,VS0,VE8
x-styx-req-id
49db7348-8861-11ef-b957-86ae226cd428
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
4485
server
nginx
article.js
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/widgets/
17 KB
6 KB
Script
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/widgets/article.js?v=2.7
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
14054a79120f273f1fe554b4d62296e779e36fa70da6f9a159919b533b808443
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5c8cd649cb-wzbxl
content-encoding
gzip
etag
W/"6709c64a-42c0"
age
174098
expires
Mon, 13 Oct 2025 06:15:29 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript
last-modified
Sat, 12 Oct 2024 00:43:54 GMT
x-served-by
cache-ams21060-AMS, cache-lax-kwhp1940100-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
57, 0, 0
vary
Accept-Encoding
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.085967,VS0,VE6
x-styx-req-id
60f1b2ab-8861-11ef-b87b-7eaec3dbcd23
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
5707
server
nginx
js_2KlXA4Z5El1IQFVPxDN1aX5mIoMSFWGv3vwsP77K9yk.js
www.sangfor.com/sites/default/files/js/
2 B
273 B
Script
General
Full URL
https://www.sangfor.com/sites/default/files/js/js_2KlXA4Z5El1IQFVPxDN1aX5mIoMSFWGv3vwsP77K9yk.js
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
d8a957038679125d4840554fc43375697e662283121561afdefc2c3fbecaf729
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-86bbdf8544-ld56d
content-encoding
gzip
etag
"66e3ad6a-2"
age
174099
expires
Sat, 27 Sep 2025 01:12:22 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript
last-modified
Fri, 13 Sep 2024 03:11:38 GMT
x-served-by
cache-ams21052-AMS, cache-lax-kwhp1940114-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 0
vary
Accept-Encoding
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.990561,VS0,VE28
x-styx-req-id
622f74ce-7ba4-11ef-acde-3a7638cbe1f7
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
22
server
nginx
alpine.js
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/vendor/
38 KB
16 KB
Script
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/vendor/alpine.js?v=2.7
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
01b80650d5df17eac7605ba1d5feac89fdba2a6496ceedf58ba0eb3ee5d8dbe9
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-fcdfb5d99-rkcnz
content-encoding
gzip
etag
W/"67091a90-9658"
age
174098
expires
Mon, 13 Oct 2025 06:13:28 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript
last-modified
Fri, 11 Oct 2024 12:31:12 GMT
x-served-by
cache-ams21077-AMS, cache-lax-kwhp1940027-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
1, 0, 0
vary
Accept-Encoding
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.085837,VS0,VE8
x-styx-req-id
1924e4de-8861-11ef-b957-86ae226cd428
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
16064
server
nginx
js_bzB0iLngivU62X37QpI6Gpz7k3EkyXaTOnQh7orgZbo.js
www.sangfor.com/sites/default/files/js/
96 KB
38 KB
Script
General
Full URL
https://www.sangfor.com/sites/default/files/js/js_bzB0iLngivU62X37QpI6Gpz7k3EkyXaTOnQh7orgZbo.js
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
6f307488b9e08af53ad97dfb42923a1a9cfb937124c976933a7421ee8ae065ba
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5644f9474c-6xpb6
content-encoding
gzip
etag
W/"66f56a4c-17ec1"
age
174099
expires
Sat, 27 Sep 2025 14:06:05 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript
last-modified
Thu, 26 Sep 2024 14:06:04 GMT
x-served-by
cache-ams2100114-AMS, cache-lax-kwhp1940127-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
45, 0, 0
vary
Accept-Encoding
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.990519,VS0,VE39
x-styx-req-id
785ad187-7c10-11ef-82ce-3a60d385be04
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
38682
server
nginx
unsplash_BfrQnKBulYQ.png.webp
www.sangfor.com/sites/default/files/styles/webp/public/2022-02/
52 KB
52 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/styles/webp/public/2022-02/unsplash_BfrQnKBulYQ.png.webp?itok=wmrgQS0X
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fe32d73e471032dfa34593cc106238ecbf6b7bd859eb13256fd00bacb32da0dc
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-59f96d5596-qrghr
fastly-io-info
ifsz=53422 idim=1440x560 ifmt=webp ofsz=52952 odim=1440x560 ofmt=webp
etag
"4Mkqjlll4hmGleu1KZjzE/3DbK58irON6grL4oDEmMg"
age
2235053
expires
Fri, 19 Sep 2025 09:46:15 GMT
x-cache
MISS, MISS, HIT, HIT
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
image/webp
x-served-by
cache-ams2100118-AMS, cache-chi-kigq8000118-CHI, cache-chi-kigq8000068-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 96, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.085968,VS0,VE1
x-styx-req-id
d8d0d9bd-75a2-11ef-9d35-86258012481b
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
52952
fastly-io-served-by
vpop-kiad7010249
server
nginx
truncated
/
231 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
90473a1a619e183dde264afd0632ecbaa69a98ce8a4ed8be947417e47a666670

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
rectangle_956_0.png.webp
www.sangfor.com/sites/default/files/styles/webp/public/2022-10/
5 KB
5 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/styles/webp/public/2022-10/rectangle_956_0.png.webp?itok=LvndLHnT
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
bc58caa4613d0c671ee8347e5925bcf6022f662ac917a845f1227e46c5fb6979
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-bd959c788-7ph88
fastly-io-info
ifsz=5346 idim=1440x625 ifmt=webp ofsz=5022 odim=1440x625 ofmt=webp
etag
"Jc6VQcQRm2fdh7duoRPY6jAJ39g0R1AjY3HneUhl7ac"
age
3001085
expires
Mon, 11 Aug 2025 14:59:42 GMT
x-cache
MISS, HIT, HIT, HIT
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
image/webp
x-served-by
cache-ams21046-AMS, cache-chi-klot8100115-CHI, cache-chi-klot8100115-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 359, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.085930,VS0,VE1
x-styx-req-id
2c9510c3-5729-11ef-8b3c-26d717ceb0e3
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
5022
fastly-io-served-by
vpop-kiad7010227
server
nginx
RedHatDisplay-SemiBold.woff2
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/
19 KB
20 KB
Font
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/RedHatDisplay-SemiBold.woff2
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
effa68298eeabf7434140c33108e997e9ac91a3d03d81398cdf471172ee50a7c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.sangfor.com
Referer
https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5c8cd649cb-hhx26
etag
"6709a3df-4d10"
age
174099
expires
Mon, 13 Oct 2025 06:15:29 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
font/woff2
last-modified
Fri, 11 Oct 2024 22:17:03 GMT
x-served-by
cache-ams2100139-AMS, cache-lax-kwhp1940045-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
61, 0, 0
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.086602,VS0,VE7
x-styx-req-id
612bb387-8861-11ef-848d-ee31b65f8c59
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
19728
server
nginx
RedHatDisplay-Bold.woff2
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/
19 KB
20 KB
Font
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/RedHatDisplay-Bold.woff2
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2632350150729e5432013ca98c01588c89c707f4dcf359076ce8b90cbf369dc3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.sangfor.com
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5c8cd649cb-hhx26
etag
"67091a90-4ce8"
age
174135
expires
Mon, 13 Oct 2025 06:14:53 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
font/woff2
last-modified
Fri, 11 Oct 2024 12:31:12 GMT
x-served-by
cache-ams2100136-AMS, cache-lax-kwhp1940059-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
62, 0, 0
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.086589,VS0,VE6
x-styx-req-id
4b67a845-8861-11ef-848d-ee31b65f8c59
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
19688
server
nginx
flaticon.ttf
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/
16 KB
10 KB
Font
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/flaticon.ttf
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
1c04a80bf1f07f432ebf3f677b015e854b58efd124649588ea04f136e3eb3554
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.sangfor.com
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5c8cd649cb-hhx26
content-encoding
gzip
etag
W/"6709a3df-3ecc"
age
174135
expires
Mon, 13 Oct 2025 06:14:53 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-font-ttf
last-modified
Fri, 11 Oct 2024 22:17:03 GMT
x-served-by
cache-ams2100116-AMS, cache-lax-kwhp1940034-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
63, 0, 0
vary
Accept-Encoding
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.086601,VS0,VE9
x-styx-req-id
4b67b9bd-8861-11ef-848d-ee31b65f8c59
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
9927
server
nginx
RedHatDisplay-Medium.woff2
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/
19 KB
20 KB
Font
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/RedHatDisplay-Medium.woff2
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
82254875473203cbd5e10c02ca9677baf7ab978a518f6b1cc6acc7a8b1872b63
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.sangfor.com
Referer
https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5c8cd649cb-wzbxl
etag
"67091a90-4d20"
age
174134
expires
Mon, 13 Oct 2025 06:14:53 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
font/woff2
last-modified
Fri, 11 Oct 2024 12:31:12 GMT
x-served-by
cache-ams2100091-AMS, cache-lax-kwhp1940118-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
61, 0, 0
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.086655,VS0,VE7
x-styx-req-id
4bbcba8e-8861-11ef-b87b-7eaec3dbcd23
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
19744
server
nginx
RedHatDisplay-ExtraBold.woff2
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/
19 KB
20 KB
Font
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/RedHatDisplay-ExtraBold.woff2
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
300e0a19f0415d8cbbb83d10272bc792632f48175d9be777937bee14825e419b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.sangfor.com
Referer
https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5c8cd649cb-mqsgn
etag
"67093249-4d68"
age
174136
expires
Mon, 13 Oct 2025 06:14:53 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
font/woff2
last-modified
Fri, 11 Oct 2024 14:12:25 GMT
x-served-by
cache-ams21076-AMS, cache-lax-kwhp1940119-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
61, 0, 0
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.086834,VS0,VE6
x-styx-req-id
4b690d46-8861-11ef-bce7-5a768933f673
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
19816
server
nginx
RedHatDisplay-Black.woff2
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/
18 KB
19 KB
Font
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/RedHatDisplay-Black.woff2
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
221f8c9253e16004a0fc662867a8c9ca2f8626ee34643314be21511b500fd35d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.sangfor.com
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5c8cd649cb-j2fs9
etag
"67091a90-4910"
age
174135
expires
Sun, 12 Oct 2025 12:40:58 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
font/woff2
last-modified
Fri, 11 Oct 2024 12:31:12 GMT
x-served-by
cache-ams2100147-AMS, cache-lax-kwhp1940041-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
44, 0, 0
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.086850,VS0,VE10
x-styx-req-id
10d0c351-87ce-11ef-b947-c6e297b52812
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
18704
server
nginx
RedHatDisplay-Regular.woff2
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/
19 KB
19 KB
Font
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/fonts/RedHatDisplay-Regular.woff2
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
60df6999405b8e3907c141cf4fb76812e272d0890b9e759ea66d1343cfaa20dd
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.sangfor.com
Referer
https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5c8cd649cb-mqsgn
etag
"67093249-4a50"
age
174135
expires
Mon, 13 Oct 2025 06:13:53 GMT
x-cache
MISS, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
font/woff2
last-modified
Fri, 11 Oct 2024 14:12:25 GMT
x-served-by
cache-ams21028-AMS, cache-lax-kwhp1940050-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 0
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.087287,VS0,VE7
x-styx-req-id
27dae32b-8861-11ef-bce7-5a768933f673
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
19024
server
nginx
Primary%20Sangfor%20Logo.png
www.sangfor.com/sites/default/files/
4 KB
4 KB
Image
General
Full URL
https://www.sangfor.com/sites/default/files/Primary%20Sangfor%20Logo.png
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
71c4d85ab6e7bd8471cb0bed91b04311f338dddd2aa3827f0c4790e8b7b53d0e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-796985df48-kjk68
fastly-io-info
ifsz=4968 idim=430x144 ifmt=png ofsz=4176 odim=430x144 ofmt=webp
etag
"a01RxrnGV3D32I/tbK92cRx2QOijheMXOlAUlG4zUTc"
age
1702693
expires
Thu, 28 Aug 2025 15:47:07 GMT
x-cache
MISS, MISS, HIT, HIT
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
image/webp
x-served-by
cache-ams21073-AMS, cache-chi-kigq8000040-CHI, cache-chi-klot8100121-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 93, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.087317,VS0,VE1
x-styx-req-id
9d14a6a7-648b-11ef-8c75-9e049ca68b1f
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
4176
fastly-io-served-by
vpop-kiad7010231
server
nginx
recaptcha__en.js
www.gstatic.com/recaptcha/releases/aR-zv8WjtWx4lAw-tRCA-zca/
546 KB
216 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/aR-zv8WjtWx4lAw-tRCA-zca/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LczTogeAAAAAA5eA9bXICZ0-6LDyr2C5kFjBakY
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.99 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f3.1e100.net
Software
sffe /
Resource Hash
5f75bfbfbf0c7cac2c87d6ca5de0661aedc188b0900b6cef5efbaea134b53302
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.sangfor.com
Referer
https://www.sangfor.com/

Response headers

content-encoding
gzip
age
56349
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options
nosniff
expires
Mon, 13 Oct 2025 14:57:59 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 13 Oct 2024 14:57:59 GMT
last-modified
Mon, 07 Oct 2024 04:02:51 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=31536000
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges
bytes
access-control-allow-origin
*
content-length
220951
x-xss-protection
0
server
sffe
formsubmittoken
s757079.t.eloqua.com/e/
703 B
1 KB
XHR
General
Full URL
https://s757079.t.eloqua.com/e/formsubmittoken?elqSiteID=757079
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
192.29.201.57 Amsterdam, Netherlands, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
/
Resource Hash
3b781230055b26f1e594711cde4d1633bd22ad32ac912a815ae58793a8c75069
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Robots-Tag
noindex, nofollow
Cache-Control
no-store
Content-Encoding
gzip
Pragma
no-cache
X-Content-Type-Options
nosniff
Expires
-1
Access-Control-Allow-Origin
*
P3P
CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Length
577
X-Xss-Protection
1; mode=block
Date
Mon, 14 Oct 2024 06:37:08 GMT
Content-Type
text/html; charset=utf-8
Vary
Accept-Encoding
languages-sticky.png
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/
216 B
0
Image
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/languages-sticky.png
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
284aa1609b16851463de01ab149eb88b09375632c13713e662e0830abddf8bec

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-5f576dcdd9-cw48b
fastly-io-info
ifsz=496 idim=16x16 ifmt=png ofsz=216 odim=16x16 ofmt=webp
etag
"dO9oA19TM1eYAGDkkCUlSCnaB/KGW6gs2NTNH83AEaw"
age
3236450
expires
Sun, 07 Sep 2025 19:32:29 GMT
x-cache
HIT, MISS, HIT, HIT
date
Mon, 14 Oct 2024 06:37:07 GMT
content-type
image/webp
x-served-by
cache-ams2100089-AMS, cache-chi-kigq8000084-CHI, cache-chi-klot8100097-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 506, 0
vary
Accept
fastly-stats
io=1
cache-control
max-age=31622400
x-timer
S1728887828.732435,VS0,VE1
x-styx-req-id
c0f43d7f-6c86-11ef-b380-c656f0ebc924
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
216
fastly-io-served-by
vpop-kiad7010211
server
nginx
livevalidation_standalone.compressed.js
img06.en25.com/i/
13 KB
14 KB
Script
General
Full URL
https://img06.en25.com/i/livevalidation_standalone.compressed.js
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.207.6.152 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-207-6-152.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
36ef1cf6246ce3d596a572d7b0e947a7088eefb1af6373f1a0669c9189a6728e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Robots-Tag
noindex, nofollow
Cache-Control
no-store
Pragma
no-cache
ETag
"32e442741dd4da1:0"
Connection
keep-alive
X-Content-Type-Options
nosniff
Expires
Mon, 14 Oct 2024 06:37:08 GMT
Accept-Ranges
bytes
P3P
CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Length
13723
X-XSS-Protection
1; mode=block
Date
Mon, 14 Oct 2024 06:37:08 GMT
Content-Type
application/x-javascript
Last-Modified
Fri, 12 Jul 2024 05:36:33 GMT
twitter-alt.svg
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images-optimize/
910 B
782 B
Image
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images-optimize/twitter-alt.svg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c0db478481c2f2dd767a0b11d2407e6466f3a833c14b219bc1311089b5e51ac9
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5c8cd649cb-hhx26
content-encoding
gzip
etag
W/"6709a3df-38e"
age
174128
expires
Mon, 13 Oct 2025 06:14:59 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
image/svg+xml
last-modified
Fri, 11 Oct 2024 22:17:03 GMT
x-served-by
cache-ams21025-AMS, cache-lax-kwhp1940036-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
59, 0, 0
vary
Accept-Encoding
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887828.271463,VS0,VE7
x-styx-req-id
4f326379-8861-11ef-848d-ee31b65f8c59
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
509
server
nginx
bc-v4.min.html
consentcdn.cookiebot.com/sdk/ Frame DEB1
0
0
Document
General
Full URL
https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2588::f09 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash

Request headers

Referer
https://www.sangfor.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
max-age=29820378
content-encoding
gzip
content-length
392
content-type
text/html
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 14 Oct 2024 06:37:08 GMT
etag
"3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163"
expires
Wed, 24 Sep 2025 10:03:26 GMT
last-modified
Mon, 04 Apr 2022 07:23:49 GMT
server
AkamaiNetStorage
server-timing
cdn-cache; desc=HIT edge; dur=1 ak_p; desc="1728887828614_399550060_1719336485_11_462_133_137_255";dur=1
vary
Accept-Encoding
x-akamai-transformed
9 - 0 pmb=mRUM,1
configuration.js
consentcdn.cookiebot.com/consentconfig/7029b9e8-6353-4e6a-a7ff-84ac8be1e142/sangfor.com/
4 KB
1 KB
Script
General
Full URL
https://consentcdn.cookiebot.com/consentconfig/7029b9e8-6353-4e6a-a7ff-84ac8be1e142/sangfor.com/configuration.js
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:258b::f09 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
23e4d60cfac088ba6eb24b76c0726eec2077c2f164c17f4e9906f43c3ac4d4ca

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

cache-control
max-age=73154
content-encoding
gzip
etag
"0d91b97de9e543541bad1f34cf1169a1:1727103406.542376"
cross-origin-resource-policy
cross-origin
expires
Tue, 15 Oct 2024 02:56:22 GMT
accept-ranges
bytes
server-timing
cdn-cache; desc=HIT, edge; dur=4, origin; dur=0, ak_p; desc="1728887828616_399550063_141906911_393_421_134_137_146";dur=1
content-length
980
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript
last-modified
Mon, 23 Sep 2024 14:56:46 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
cc.js
consent.cookiebot.com/7029b9e8-6353-4e6a-a7ff-84ac8be1e142/
359 KB
103 KB
Script
General
Full URL
https://consent.cookiebot.com/7029b9e8-6353-4e6a-a7ff-84ac8be1e142/cc.js?renew=false&referer=www.sangfor.com&dnt=false&init=false&culture=EN
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:16::17c4:309 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
ee4fab2ab809e4d56d1d103ec66b27ef7a8668139eb428620a2c816a9d7ccef6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

cache-control
private, max-age=1200
access-control-expose-headers
Request-Context
content-encoding
gzip
cross-origin-resource-policy
cross-origin
request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript; charset=utf-8
last-modified
Mon, 14 Oct 2024 06:37:08 GMT
vary
Accept-Encoding
js
www.googletagmanager.com/gtag/
241 KB
87 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-SS797RGCZV&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-15510522-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
dab07d9602e567920b7dffb7c0903e16674cb502594342b7240ecad7bb0027c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Mon, 14 Oct 2024 06:37:08 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Mon, 14 Oct 2024 06:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
89019
x-xss-protection
0
server
Google Tag Manager
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-15510522-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

content-encoding
gzip
age
1864
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options
nosniff
expires
Mon, 14 Oct 2024 08:06:04 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 14 Oct 2024 06:06:04 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
content-type
text/javascript
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
20994
server
Golfe2
js
www.googletagmanager.com/gtag/
249 KB
88 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-11481739312&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-15510522-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a23be5f9c9deae65e75b7d0c546c2a5be5c0b55ccad42eb43a341acbfc74fd2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Mon, 14 Oct 2024 06:37:08 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Mon, 14 Oct 2024 06:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
90052
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/
371 KB
121 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-658559639&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-15510522-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5d133963887abdf2441256145edf463224b54d7457a231a291bfd6e29a0e6f09
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Mon, 14 Oct 2024 06:37:08 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
123537
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/
309 KB
105 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-21N5DLV7PF&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-15510522-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
bf0ea76b9a9f65fd58137769faf6b921b44767ab99b325c9fb842fed339f80d4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Mon, 14 Oct 2024 06:37:08 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
107037
x-xss-protection
0
server
Google Tag Manager
td
www.googletagmanager.com/
0
341 B
Image
General
Full URL
https://www.googletagmanager.com/td?id=UA-15510522-1&v=3&t=t&pid=1114769992&dl=www.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&tdp=UA-15510522-1;;0;0;0&frm=0&z=0
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgtc:59:0"}],}
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgtc:59:0
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
text/plain
server
Golfe2
fbevents.js
connect.facebook.net/en_US/
226 KB
58 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.71.7 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-lga3.fbcdn.net
Software
/
Resource Hash
48ba1993011db4834882d81b2153753437607292f704a6543d4466c0f6d1372a
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
GOOD; q=0.7, rtt=133, rtx=0, c=24, mss=1232, tbw=8163, tp=13, tpl=0, uplat=2, ullat=-1
pragma
public
x-fb-debug
3aOtRpe5xy7s+GOsLS2M5AmUbwwZRQpY43iBLqTR1oixE7As1bghnSlvvP+T2PTH0Acuu3pUCgIhxtInJuZsaw==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
59131
x-xss-protection
0
origin-agent-cluster
?1
insight.min.js
snap.licdn.com/li.lms-analytics/
40 KB
14 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:6::17df:d105 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

cache-control
max-age=28007
content-encoding
gzip
x-cdn
AKAM
x-content-type-options
nosniff
accept-ranges
bytes
content-length
14628
date
Mon, 14 Oct 2024 06:37:09 GMT
last-modified
Thu, 22 Aug 2024 11:06:54 GMT
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
x-amz-server-side-encryption
AES256
sangfor-logo.png
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/
34 KB
34 KB
Image
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/images/sangfor-logo.png
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
6737f2f0ac1fb89f6a3f645062d8f504cd5f78fefff2be86ae82bc544de8fa24
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/sites/default/files/css/css_NsqXaSKlvAKDWEb8S2JD4vEQMgr-JCecPcAi1N88JKY.css

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-7968478984-xqlzx
fastly-io-info
ifsz=44278 idim=1250x1250 ifmt=png ofsz=34436 odim=1250x1250 ofmt=webp
etag
"t575pKpQ3B2dYvYBYiXmVCPQ5KEwON8GgT6CMF4eyh8"
age
1771602
expires
Fri, 02 May 2025 12:03:04 GMT
x-cache
HIT, MISS, HIT, HIT
date
Mon, 14 Oct 2024 06:37:09 GMT
content-type
image/webp
x-served-by
cache-ams12763-AMS, cache-chi-klot8100140-CHI, cache-chi-kigq8000169-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 269, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887829.017268,VS0,VE2
x-styx-req-id
c43c6b4a-07b2-11ef-ab86-b648d5ad88f3
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
34436
fastly-io-served-by
vpop-kiad7010228
server
nginx
truncated
/
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e96f4f4298c7d1a94f2fd78ad214ecc6bdfbc7632c1e4927e8c32b29914fdaed

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/
293 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/11481739312/
5 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11481739312/?random=1728887829032&cv=11&fst=1728887829032&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9176098020za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&did=dMDhkMT&gdid=dMDhkMT&npa=0&us_privacy=1YNY&pscdl=noapi&auid=964798882.1728887829&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config%3Bpage_placeholder%3DPLACEHOLDER_page_location&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-11481739312&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.66 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s35-in-f2.1e100.net
Software
cafe /
Resource Hash
1119831ac0d66497778edfd50e1c4454c369a9e215974b22748512f5f94ea5b4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
2459
date
Mon, 14 Oct 2024 06:37:09 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
11481739312
td.doubleclick.net/td/rul/ Frame 5BCB
0
0

11481739312
td.doubleclick.net/td/rul/ Frame 5BCB
0
0
Document
General
Full URL
https://td.doubleclick.net/td/rul/11481739312?random=1728887829032&cv=11&fst=1728887829032&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9176098020za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&did=dMDhkMT&gdid=dMDhkMT&npa=0&us_privacy=1YNY&pscdl=noapi&auid=964798882.1728887829&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config%3Bpage_placeholder%3DPLACEHOLDER_page_location
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.sangfor.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 14 Oct 2024 06:37:09 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/658559639/
5 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/658559639/?random=1728887829118&cv=11&fst=1728887829118&bg=ffffff&guid=ON&async=1&gtm=45be4a90v888876710z8834067541za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&npa=0&us_privacy=1YNY&pscdl=noapi&auid=964798882.1728887829&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-658559639&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.66 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s35-in-f2.1e100.net
Software
cafe /
Resource Hash
fe4cb9cdf002e1c523e75d6f15bd558ac573ee06af67ec43aadbb1a9e4348a36
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
2417
date
Mon, 14 Oct 2024 06:37:09 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
658559639
td.doubleclick.net/td/rul/ Frame D668
0
0

collect
analytics.google.com/g/
0
0
Fetch
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-SS797RGCZV&gtm=45be4a90v888876710z8834067541za200&_p=1728887827716&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101671035~101686685&cid=1741506203.1728887829&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1728887829&sct=1&seg=0&dl=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&dt=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2443
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-658559639&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.sangfor.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 14 Oct 2024 06:37:09 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/
0
57 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-SS797RGCZV&cid=1741506203.1728887829&gtm=45be4a90v888876710z8834067541za200&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101671035~101686685
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-658559639&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c19::9a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.sangfor.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 14 Oct 2024 06:37:09 GMT
content-type
text/plain
server
Golfe2
rul
td.doubleclick.net/td/ga/ Frame 5BB6
0
0

collect
www.google-analytics.com/g/
0
0
Fetch
General
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-NP5KMJMZXN&gtm=45be4a90v888876710z8834067541za200&_p=1728887827716&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101671035~101686685&cid=1741506203.1728887829&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1728887829&sct=1&seg=0&dl=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&dt=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&en=page_view&_fv=1&_ss=1&tfd=2452
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-658559639&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.sangfor.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 14 Oct 2024 06:37:09 GMT
content-type
text/plain
server
Golfe2
658559639
td.doubleclick.net/td/rul/ Frame D668
0
0
Document
General
Full URL
https://td.doubleclick.net/td/rul/658559639?random=1728887829118&cv=11&fst=1728887829118&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v888876710z8834067541za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&npa=0&us_privacy=1YNY&pscdl=noapi&auid=964798882.1728887829&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.sangfor.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 14 Oct 2024 06:37:09 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
rul
td.doubleclick.net/td/ga/ Frame 5BB6
0
0
Document
General
Full URL
https://td.doubleclick.net/td/ga/rul?tid=G-SS797RGCZV&gacid=1741506203.1728887829&gtm=45be4a90v888876710z8834067541za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101671035~101686685&z=127457894
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.sangfor.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 14 Oct 2024 06:37:09 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
collect
analytics.google.com/g/
0
0
Fetch
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-21N5DLV7PF&gtm=45je4a90v894187644za200&_p=1728887827716&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101533421~101671035~101686685&gdid=dMDhkMT&cid=1741506203.1728887829&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1728887829&sct=1&seg=0&dl=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&dt=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&en=page_view&_fv=1&_ss=1&_ee=1&ep.page_placeholder=PLACEHOLDER_page_location&tfd=2489
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-21N5DLV7PF&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.sangfor.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 14 Oct 2024 06:37:09 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/
0
554 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-21N5DLV7PF&cid=1741506203.1728887829&gtm=45je4a90v894187644za200&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101533421~101671035~101686685
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-21N5DLV7PF&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c19::9a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.sangfor.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 14 Oct 2024 06:37:09 GMT
content-type
text/plain
server
Golfe2
rul
td.doubleclick.net/td/ga/ Frame FB7F
0
0

rul
td.doubleclick.net/td/ga/ Frame FB7F
0
0
Document
General
Full URL
https://td.doubleclick.net/td/ga/rul?tid=G-21N5DLV7PF&gacid=1741506203.1728887829&gtm=45je4a90v894187644za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101533421~101671035~101686685&z=923673192
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.sangfor.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 14 Oct 2024 06:37:09 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
anchor
www.google.com/recaptcha/api2/ Frame CF03
0
0

anchor
www.google.com/recaptcha/api2/ Frame CF03
0
0
Document
General
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LczTogeAAAAAA5eA9bXICZ0-6LDyr2C5kFjBakY&co=aHR0cHM6Ly93d3cuc2FuZ2Zvci5jb206NDQz&hl=en&v=aR-zv8WjtWx4lAw-tRCA-zca&size=invisible&cb=u6hbh8eat97
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.132 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f4.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Zmw8BY6lyFFBtR6Gb3Bb_A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.sangfor.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-Zmw8BY6lyFFBtR6Gb3Bb_A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Mon, 14 Oct 2024 06:37:09 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
422012601626408
connect.facebook.net/signals/config/
74 KB
15 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/422012601626408?v=2.9.170&r=stable&domain=www.sangfor.com&hme=d82868061a8c707cd31395a3055e7449daa03bd520872727258c39e6af34523e&ex_m=70%2C120%2C106%2C110%2C61%2C4%2C99%2C69%2C16%2C96%2C88%2C51%2C54%2C171%2C174%2C186%2C182%2C183%2C185%2C29%2C100%2C53%2C77%2C184%2C166%2C169%2C179%2C180%2C187%2C130%2C41%2C34%2C142%2C15%2C50%2C193%2C192%2C132%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C92%2C17%2C14%2C95%2C91%2C90%2C107%2C52%2C109%2C39%2C108%2C30%2C93%2C26%2C167%2C170%2C139%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C101%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C103%2C102%2C104%2C97%2C10%2C20%2C3%2C38%2C74%2C19%2C85%2C56%2C83%2C33%2C73%2C0%2C94%2C32%2C82%2C87%2C47%2C46%2C86%2C37%2C5%2C89%2C81%2C44%2C35%2C84%2C2%2C36%2C63%2C42%2C105%2C45%2C79%2C68%2C111%2C60%2C59%2C31%2C98%2C58%2C55%2C49%2C78%2C72%2C24%2C112
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.71.7 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-lga3.fbcdn.net
Software
/
Resource Hash
049a620eeb9f38870ebbf2d23745063622e976a29ba6a9d0b5b94e1198116a31
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'unsafe-inline' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Mon, 14 Oct 2024 06:37:09 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'unsafe-inline' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
GOOD; q=0.7, rtt=133, rtx=0, c=77, mss=1232, tbw=71079, tp=68, tpl=0, uplat=127, ullat=1
pragma
public
x-fb-debug
7ikzSjBASjqig0ZUiVZX5EvrhhEs6xwxFUDFQK3H6BN+A6Hbure19/AfC3+ZaCI35fb1YfrIi7ucLT3tuAAjmg==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
collect
www.google-analytics.com/j/
1 B
304 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=1511346899&t=pageview&_s=1&dl=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&ul=en-us&de=UTF-8&dt=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1994247921&gjid=1571391714&cid=1741506203.1728887829&tid=UA-15510522-1&_gid=1410896035.1728887829&_r=1&gtm=457e4a90za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529665~101671035~101686685~101794736&did=dMDhkMT&gdid=dMDhkMT&jsscut=1&z=2086529816
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://www.sangfor.com/

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 14 Oct 2024 06:37:09 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin
https://www.sangfor.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
1
server
Golfe2
attribution_trigger
px.ads.linkedin.com/
2 B
765 B
XHR
General
Full URL
https://px.ads.linkedin.com/attribution_trigger?pid=701411&time=1728887829383&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
*
Referer
https://www.sangfor.com/

Response headers

x-li-pop
afd-prod-ltx1-x
content-encoding
gzip
x-fs-uuid
0006246a10f1066727c7208b03c9f23e
x-msedge-ref
Ref A: AFBEBCACCF6F4FA497B80EA2EDE40A4E Ref B: LAX311000115023 Ref C: 2024-10-14T06:37:09Z
x-li-fabric
prod-ltx1
x-restli-protocol-version
1.0.0
access-control-allow-methods
GET, OPTIONS
x-li-uuid
AAYkahDxBmcnxyCLA8nyPg==
x-li-proto
http/2
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
date
Mon, 14 Oct 2024 06:37:09 GMT
content-type
application/json
access-control-allow-headers
*
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728887829383&li_adsId=aca9b566-f68e-4990-860c-64b044210f30&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcy...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728887829383&li_adsId=aca9b566-f68e-4990-860c-64b044210f30&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcy...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D701411%26time%3D1728887829383%26li_adsId%3Daca9b566-f68e-4990-860c-64b044210f30%2...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728887829383&li_adsId=aca9b566-f68e-4990-860c-64b044210f30&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcy...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728887829383&li_adsId=aca9b566-f68e-4990-860c-64b044210f30&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fc...
0
701 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728887829383&li_adsId=aca9b566-f68e-4990-860c-64b044210f30&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&cookiesTest=true&liSync=true&e_ipv6=AQLkol25KKSWrwAAAZKJvrYsty2EakynS_Gr8pR3pKJj8FSc6JJUykPy8Dt6ASCXBZnCeg
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

linkedin-action
1
x-li-pop
afd-prod-ltx1-x
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-msedge-ref
Ref A: 1088614747A343B1939B92FB1ABF49A1 Ref B: LAXEDGE1512 Ref C: 2024-10-14T06:37:10Z
x-li-fabric
prod-ltx1
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-uuid
AAYkahD8AGA4lyC/pzfftQ==
x-li-proto
http/2
x-cache
CONFIG_NOCACHE
content-length
0
date
Mon, 14 Oct 2024 06:37:09 GMT
content-type
application/javascript

Redirect headers

linkedin-action
1
x-li-pop
afd-prod-ltx1-x
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=701411&time=1728887829383&li_adsId=aca9b566-f68e-4990-860c-64b044210f30&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&cookiesTest=true&liSync=true&e_ipv6=AQLkol25KKSWrwAAAZKJvrYsty2EakynS_Gr8pR3pKJj8FSc6JJUykPy8Dt6ASCXBZnCeg
x-msedge-ref
Ref A: B8975060FD4340D497062FE11D9AA44A Ref B: LAX311000114023 Ref C: 2024-10-14T06:37:10Z
x-li-fabric
prod-ltx1
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-uuid
AAYkahD3g8h9O0axMJUIUA==
x-li-proto
http/2
x-cache
CONFIG_NOCACHE
content-length
0
date
Mon, 14 Oct 2024 06:37:09 GMT
/
www.google.com/pagead/1p-user-list/11481739312/
42 B
64 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/11481739312/?random=1728887829032&cv=11&fst=1728885600000&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9176098020za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&did=dMDhkMT&gdid=dMDhkMT&npa=0&us_privacy=1YNY&pscdl=noapi&auid=964798882.1728887829&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config%3Bpage_placeholder%3DPLACEHOLDER_page_location&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnf7QuwQH1K4LnHy---SxKoM6ASs8kNeg&random=3239031296&rmt_tld=0&ipr=y
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.132 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Mon, 14 Oct 2024 06:37:09 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
/
www.google.com/pagead/1p-user-list/658559639/
42 B
64 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/658559639/?random=1728887829118&cv=11&fst=1728885600000&bg=ffffff&guid=ON&async=1&gtm=45be4a90v888876710z8834067541za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&npa=0&us_privacy=1YNY&pscdl=noapi&auid=964798882.1728887829&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfKgrA1i3b8Y3pwPnS6TVoJsXLVlICwg&random=409308392&rmt_tld=0&ipr=y
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.132 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Mon, 14 Oct 2024 06:37:09 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
/
www.facebook.com/tr/
0
270 B
Image
General
Full URL
https://www.facebook.com/tr/?id=422012601626408&ev=PageView&dl=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&rl=&if=false&ts=1728887829661&sw=1600&sh=1200&v=2.9.170&r=stable&ec=0&o=12318&fbp=fb.1.1728887829658.775522544398908509&cs_est=true&ler=empty&cdl=API_unavailable&it=1728887829372&coo=false&rqm=GET
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
GOOD; q=0.7, rtt=132, rtx=0, c=10, mss=1297, tbw=2946, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Mon, 14 Oct 2024 06:37:10 GMT
content-type
text/plain
server
proxygen-bolt
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
67 B
3 KB
Image
General
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=422012601626408&ev=PageView&dl=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&rl=&if=false&ts=1728887829661&sw=1600&sh=1200&v=2.9.170&r=stable&ec=0&o=12318&fbp=fb.1.1728887829658.775522544398908509&cs_est=true&ler=empty&cdl=API_unavailable&it=1728887829372&coo=false&rqm=FGET
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7425516688841066728"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Mon, 14 Oct 2024 06:37:10 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
O17M/UTODOgkGXbjrdvBByHxhASZsM7JbbgoDNWLt45tQo/oIj+56pIWF5yUZ47aSPtVOFvxppeDFE8abi9LrQ==
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7425516688841066728", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
GOOD; q=0.7, rtt=132, rtx=0, c=10, mss=1297, tbw=3260, tp=-1, tpl=-1, uplat=73, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
cross-origin-opener-policy-report-only
restrict-properties;report-to="coop_report"
x-xss-protection
0
origin-agent-cluster
?0
/
px.ads.linkedin.com/wa/
0
284 B
XHR
General
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.sangfor.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
*
Content-Type
text/plain;charset=UTF-8

Response headers

linkedin-action
1
x-li-pop
afd-prod-ltx1-x
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-msedge-ref
Ref A: EB73C0BE1B044359B8F3B7E2C33E2998 Ref B: LAX311000114023 Ref C: 2024-10-14T06:37:10Z
x-li-fabric
prod-ltx1
access-control-allow-credentials
true
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-uuid
AAYkahD+RWEXjYQTr06Ouw==
x-li-proto
http/2
access-control-allow-origin
https://www.sangfor.com
x-cache
CONFIG_NOCACHE
date
Mon, 14 Oct 2024 06:37:09 GMT
vary
Origin
js
www.googletagmanager.com/gtag/
241 KB
0
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-SS797RGCZV&l=dataLayer&cx=c
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
dab07d9602e567920b7dffb7c0903e16674cb502594342b7240ecad7bb0027c4
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Mon, 14 Oct 2024 06:37:08 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Mon, 14 Oct 2024 06:00:00 GMT
access-control-allow-headers
Cache-Control
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
89019
x-xss-protection
0
server
Google Tag Manager
1.gif
imgsct.cookiebot.com/
35 B
481 B
Image
General
Full URL
https://imgsct.cookiebot.com/1.gif?dgi=7029b9e8-6353-4e6a-a7ff-84ac8be1e142
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:258b::f09 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
*
x-goog-hash
crc32c=rX4K2g==, md5=whlt6LpBLGDCKrSRr3sUCQ==
etag
"c2196de8ba412c60c22ab491af7b1409"
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
35
date
Mon, 14 Oct 2024 06:37:11 GMT
last-modified
Mon, 23 Oct 2023 11:39:32 GMT
content-type
image/gif
x-guploader-uploadid
AHmUCY1CfZkNeK6OmDEHePk2lPLGkW5NV9Jodgr4eEMLjj_WXthQFzmTxkg38-SQHYCxQTl2ddfvQQUMDw
cache-control
public,max-age=1800
x-goog-storage-class
STANDARD
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1698061172769999
content-length
35
server
UploadServer
favicon-32x32_0.png
www.sangfor.com/sites/default/files/
1 KB
1 KB
Other
General
Full URL
https://www.sangfor.com/sites/default/files/favicon-32x32_0.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c30e4b76b88aba11e97e78e219d797b895179efbc93b99dc9d6c440c0511b505
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-75d6d4fb59-s9h46
fastly-io-info
ifsz=1320 idim=32x32 ifmt=png ofsz=1140 odim=32x32 ofmt=webp
etag
"jWAmTR2Ap7vCgaD2O9sKUfv5CW7fzlmW4/aPmY5PIB4"
age
3481999
expires
Mon, 30 Jun 2025 05:09:01 GMT
x-cache
MISS, MISS, HIT, HIT
date
Mon, 14 Oct 2024 06:37:11 GMT
content-type
image/webp
x-served-by
cache-ams21079-AMS, cache-chi-kigq8000085-CHI, cache-chi-kigq8000110-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 3, 0
vary
Accept
fastly-stats
io=1
strict-transport-security
max-age=300
cache-control
max-age=31622400
x-timer
S1728887831.160307,VS0,VE1
x-styx-req-id
b2d36b57-35d5-11ef-92be-3697a1d76678
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
1140
fastly-io-served-by
vpop-kiad7010250
server
nginx
analytics.js
www.google-analytics.com/
52 KB
0
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

content-encoding
gzip
age
1864
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options
nosniff
expires
Mon, 14 Oct 2024 08:06:04 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 14 Oct 2024 06:06:04 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
20994
server
Golfe2
js
www.googletagmanager.com/gtag/
249 KB
0
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-11481739312&l=dataLayer&cx=c
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a23be5f9c9deae65e75b7d0c546c2a5be5c0b55ccad42eb43a341acbfc74fd2e
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Mon, 14 Oct 2024 06:37:08 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Mon, 14 Oct 2024 06:00:00 GMT
access-control-allow-headers
Cache-Control
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
90052
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/
371 KB
0
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-658559639&l=dataLayer&cx=c
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5d133963887abdf2441256145edf463224b54d7457a231a291bfd6e29a0e6f09
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Mon, 14 Oct 2024 06:37:08 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
123537
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/
309 KB
0
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-21N5DLV7PF&l=dataLayer&cx=c
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
bf0ea76b9a9f65fd58137769faf6b921b44767ab99b325c9fb842fed339f80d4
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Mon, 14 Oct 2024 06:37:08 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
107037
x-xss-protection
0
server
Google Tag Manager
fbevents.js
connect.facebook.net/en_US/
226 KB
0
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.71.7 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-lga3.fbcdn.net
Software
/
Resource Hash
48ba1993011db4834882d81b2153753437607292f704a6543d4466c0f6d1372a
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
GOOD; q=0.7, rtt=133, rtx=0, c=24, mss=1232, tbw=8163, tp=13, tpl=0, uplat=2, ullat=-1
pragma
public
x-fb-debug
3aOtRpe5xy7s+GOsLS2M5AmUbwwZRQpY43iBLqTR1oixE7As1bghnSlvvP+T2PTH0Acuu3pUCgIhxtInJuZsaw==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
59131
x-xss-protection
0
origin-agent-cluster
?1
error
connect.facebook.net//log/
67 B
178 B
Image
General
Full URL
https://connect.facebook.net//log/error?p=pixel&v=2.9.170&e=Error%3A%20Duplicate%20Pixel%20ID%3A%20422012601626408.&s=Error%3A%20Duplicate%20Pixel%20ID%3A%20422012601626408.%0A%20%20%20%20at%20E%20(https%3A%2F%2Fconnect.facebook.net%2Fen_US%2Ffbevents.js%3A134%3A5094)%0A%20%20%20%20at%20Function.Z%20%5Bas%20init%5D%20(https%3A%2F%2Fconnect.facebook.net%2Fen_US%2Ffbevents.js%3A307%3A7740)%0A%20%20%20%20at%20Function.Y%20%5Bas%20callMethod%5D%20(https%3A%2F%2Fconnect.facebook.net%2Fen_US%2Ffbevents.js%3A307%3A2519)%0A%20%20%20%20at%20b.fbq.b.fbq%20(%3Canonymous%3E%3A1%3A79)%0A%20%20%20%20at%20%3Canonymous%3E%3A1%3A369%0A%20%20%20%20at%20dequeueNonAsyncScripts%20(https%3A%2F%2Fconsent.cookiebot.com%2Fuc.js%3A2%3A30055)%0A%20%20%20%20at%20window.CookieControl.Cookie.dequeueNonAsyncScripts%20(https%3A%2F%2Fconsent.cookiebot.com%2Fuc.js%3A2%3A107739)%0A%20%20%20%20at%20dequeueNonAsyncScripts%20(https%3A%2F%2Fconsent.cookiebot.com%2Fuc.js%3A2%3A30151)%0A%20%20%20%20at%20window.CookieControl.Cookie.dequeueNonAsyncScripts%20(https%3A%2F%2Fconsent.cookiebot.com%2Fuc.js%3A2%3A107739)%0A%20%20%20%20at%20dequeueNonAsyncScripts%20(https%3A%2F%2Fconsent.cookiebot.com%2Fuc.js%3A2%3A30151)&ue=1&rs=stable&rqm=FGET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.71.7 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-lga3.fbcdn.net
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'unsafe-inline' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Mon, 14 Oct 2024 06:37:11 GMT
content-type
image/png
x-fb-debug
XAxFDu3UdnPhs8skLuwPf86QEpjqV0rDhR6YKIeT/SY3fdqFSRrnYKRvb7HXG9zQ7ejgoPlkCiK2FZYPb2mhVg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0"
content-security-policy
default-src 'self' data: blob: *;script-src 'unsafe-inline' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
private, no-cache, no-store, must-revalidate
x-fb-connection-quality
GOOD; q=0.7, rtt=134, rtx=0, c=90, mss=1232, tbw=86871, tp=83, tpl=0, uplat=27, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
content-length
67
x-xss-protection
0
insight.min.js
snap.licdn.com/li.lms-analytics/
40 KB
0
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:6::17df:d105 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

cache-control
max-age=28007
content-encoding
gzip
x-cdn
AKAM
x-content-type-options
nosniff
accept-ranges
bytes
content-length
14628
date
Mon, 14 Oct 2024 06:37:09 GMT
last-modified
Thu, 22 Aug 2024 11:06:54 GMT
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
x-amz-server-side-encryption
AES256
eloqua.js
www.sangfor.com/themes/custom/sangfor/front-end/eloqua_js/
5 KB
0
Script
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/eloqua_js/eloqua.js
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
6fe067bf4e83889b5dc2d32f88835854a7e5ee95fec799ba1558a20cfb5e6f3a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-fcdfb5d99-rkcnz
content-encoding
gzip
etag
W/"67091a90-1539"
age
174098
expires
Mon, 13 Oct 2025 06:15:29 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript
last-modified
Fri, 11 Oct 2024 12:31:12 GMT
x-cache-hits
57, 0, 0
x-served-by
cache-ams21033-AMS, cache-lax-kwhp1940064-LAX, cache-lax-kwhp1940035-LAX
vary
Accept-Encoding
cache-control
max-age=31622400
x-timer
S1728887828.085203,VS0,VE7
x-styx-req-id
60f0c3e7-8861-11ef-b957-86ae226cd428
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
1856
server
nginx
formsubmittoken
s757079.t.eloqua.com/e/
703 B
1 KB
XHR
General
Full URL
https://s757079.t.eloqua.com/e/formsubmittoken?elqSiteID=757079
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/themes/custom/sangfor/front-end/eloqua_js/eloqua.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
192.29.201.57 Amsterdam, Netherlands, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
/
Resource Hash
0ff2232dd16ddb2e39fd85d6dd9f4571e0d6e5770c510e3946200772ccea1c12
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Robots-Tag
noindex, nofollow
Cache-Control
no-store
Content-Encoding
gzip
Pragma
no-cache
X-Content-Type-Options
nosniff
Expires
-1
Access-Control-Allow-Origin
*
P3P
CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Content-Length
577
X-Xss-Protection
1; mode=block
Date
Mon, 14 Oct 2024 06:37:10 GMT
Content-Type
text/html; charset=utf-8
Vary
Accept-Encoding
HeroBanner.js
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/widgets/
1 KB
0
Script
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/widgets/HeroBanner.js?v=2.7
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7434fc40a30edaa357cb3873be0c68e0e6ac7bce734c4b3a458368d0865d9205

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-fcdfb5d99-hh9nd
content-encoding
gzip
etag
W/"6709a3e0-435"
age
174098
expires
Mon, 13 Oct 2025 06:15:29 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript
last-modified
Fri, 11 Oct 2024 22:17:04 GMT
x-cache-hits
58, 0, 0
x-served-by
cache-ams21076-AMS, cache-lax-kwhp1940124-LAX, cache-lax-kwhp1940035-LAX
vary
Accept-Encoding
cache-control
max-age=31622400
x-timer
S1728887828.084954,VS0,VE8
x-styx-req-id
60f0b52d-8861-11ef-8218-3208fd4d7f88
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
580
server
nginx
header.js
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/pages/
5 KB
0
Script
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/pages/header.js?v=2.7
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
098fc51c00b27479bf9564ff913f642e836ac863b346c43819f09a80936ec0a5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5c8cd649cb-hhx26
content-encoding
gzip
etag
W/"67091a90-141f"
age
174098
expires
Mon, 13 Oct 2025 06:13:28 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript
last-modified
Fri, 11 Oct 2024 12:31:12 GMT
x-cache-hits
1, 0, 0
x-served-by
cache-ams21026-AMS, cache-lax-kwhp1940055-LAX, cache-lax-kwhp1940035-LAX
vary
Accept-Encoding
cache-control
max-age=31622400
x-timer
S1728887828.085063,VS0,VE7
x-styx-req-id
18d5b9ac-8861-11ef-848d-ee31b65f8c59
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
1521
server
nginx
js_2KlXA4Z5El1IQFVPxDN1aX5mIoMSFWGv3vwsP77K9yk.js
www.sangfor.com/sites/default/files/js/
2 B
0
Script
General
Full URL
https://www.sangfor.com/sites/default/files/js/js_2KlXA4Z5El1IQFVPxDN1aX5mIoMSFWGv3vwsP77K9yk.js
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
d8a957038679125d4840554fc43375697e662283121561afdefc2c3fbecaf729

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-86bbdf8544-ld56d
content-encoding
gzip
etag
"66e3ad6a-2"
age
174099
expires
Sat, 27 Sep 2025 01:12:22 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript
last-modified
Fri, 13 Sep 2024 03:11:38 GMT
x-cache-hits
0, 0, 0
x-served-by
cache-ams21052-AMS, cache-lax-kwhp1940114-LAX, cache-lax-kwhp1940035-LAX
vary
Accept-Encoding
cache-control
max-age=31622400
x-timer
S1728887828.990561,VS0,VE28
x-styx-req-id
622f74ce-7ba4-11ef-acde-3a7638cbe1f7
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
22
server
nginx
js_bzB0iLngivU62X37QpI6Gpz7k3EkyXaTOnQh7orgZbo.js
www.sangfor.com/sites/default/files/js/
96 KB
0
Script
General
Full URL
https://www.sangfor.com/sites/default/files/js/js_bzB0iLngivU62X37QpI6Gpz7k3EkyXaTOnQh7orgZbo.js
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
6f307488b9e08af53ad97dfb42923a1a9cfb937124c976933a7421ee8ae065ba

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5644f9474c-6xpb6
content-encoding
gzip
etag
W/"66f56a4c-17ec1"
age
174099
expires
Sat, 27 Sep 2025 14:06:05 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript
last-modified
Thu, 26 Sep 2024 14:06:04 GMT
x-cache-hits
45, 0, 0
x-served-by
cache-ams2100114-AMS, cache-lax-kwhp1940127-LAX, cache-lax-kwhp1940035-LAX
vary
Accept-Encoding
cache-control
max-age=31622400
x-timer
S1728887828.990519,VS0,VE39
x-styx-req-id
785ad187-7c10-11ef-82ce-3a60d385be04
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
38682
server
nginx
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/11481739312/
5 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11481739312/?random=1728887829032&cv=11&fst=1728887829032&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9176098020za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&did=dMDhkMT&gdid=dMDhkMT&npa=0&us_privacy=1YNY&pscdl=noapi&auid=964798882.1728887829&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config%3Bpage_placeholder%3DPLACEHOLDER_page_location&rfmt=3&fmt=4
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.66 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s35-in-f2.1e100.net
Software
cafe /
Resource Hash
0bbdc93be13aed296857de8ce67b8a4875b191a6aa5e0c4f7efe2e531b9267d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
2475
date
Mon, 14 Oct 2024 06:37:11 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
/
www.google.com/pagead/1p-user-list/11481739312/
42 B
64 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/11481739312/?random=1728887829032&cv=11&fst=1728885600000&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9176098020za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&did=dMDhkMT&gdid=dMDhkMT&npa=0&us_privacy=1YNY&pscdl=noapi&auid=964798882.1728887829&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config%3Bpage_placeholder%3DPLACEHOLDER_page_location&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnf2ELcpFSpoNtynM4SKUcnb8tL4o3BAp7R9xrQe8gZH-Nn21Di&random=3788627485&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.132 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Mon, 14 Oct 2024 06:37:11 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/658559639/
5 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/658559639/?random=1728887829118&cv=11&fst=1728887829118&bg=ffffff&guid=ON&async=1&gtm=45be4a90v888876710z8834067541za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&npa=0&us_privacy=1YNY&pscdl=noapi&auid=964798882.1728887829&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.66 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s35-in-f2.1e100.net
Software
cafe /
Resource Hash
a4a56097c13b4b80ccc5209678fd00cbc77c981fa14f42b357ab82568624aba4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
2436
date
Mon, 14 Oct 2024 06:37:11 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
/
www.google.com/pagead/1p-user-list/658559639/
42 B
64 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/658559639/?random=1728887829118&cv=11&fst=1728885600000&bg=ffffff&guid=ON&async=1&gtm=45be4a90v888876710z8834067541za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&npa=0&us_privacy=1YNY&pscdl=noapi&auid=964798882.1728887829&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnflSlOmnTdOVLtJZgBgJ3VZ-a0xgZYS69DWoDomhZDQAOZoPaW&random=357868062&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.132 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Mon, 14 Oct 2024 06:37:11 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
422012601626408
connect.facebook.net/signals/config/
74 KB
0
Script
General
Full URL
https://connect.facebook.net/signals/config/422012601626408?v=2.9.170&r=stable&domain=www.sangfor.com&hme=d82868061a8c707cd31395a3055e7449daa03bd520872727258c39e6af34523e&ex_m=70%2C120%2C106%2C110%2C61%2C4%2C99%2C69%2C16%2C96%2C88%2C51%2C54%2C171%2C174%2C186%2C182%2C183%2C185%2C29%2C100%2C53%2C77%2C184%2C166%2C169%2C179%2C180%2C187%2C130%2C41%2C34%2C142%2C15%2C50%2C193%2C192%2C132%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C92%2C17%2C14%2C95%2C91%2C90%2C107%2C52%2C109%2C39%2C108%2C30%2C93%2C26%2C167%2C170%2C139%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C101%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C103%2C102%2C104%2C97%2C10%2C20%2C3%2C38%2C74%2C19%2C85%2C56%2C83%2C33%2C73%2C0%2C94%2C32%2C82%2C87%2C47%2C46%2C86%2C37%2C5%2C89%2C81%2C44%2C35%2C84%2C2%2C36%2C63%2C42%2C105%2C45%2C79%2C68%2C111%2C60%2C59%2C31%2C98%2C58%2C55%2C49%2C78%2C72%2C24%2C112
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.71.7 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-lga3.fbcdn.net
Software
/
Resource Hash
049a620eeb9f38870ebbf2d23745063622e976a29ba6a9d0b5b94e1198116a31
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'unsafe-inline' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Mon, 14 Oct 2024 06:37:09 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'unsafe-inline' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
GOOD; q=0.7, rtt=133, rtx=0, c=77, mss=1232, tbw=71079, tp=68, tpl=0, uplat=127, ullat=1
pragma
public
x-fb-debug
7ikzSjBASjqig0ZUiVZX5EvrhhEs6xwxFUDFQK3H6BN+A6Hbure19/AfC3+ZaCI35fb1YfrIi7ucLT3tuAAjmg==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
runtime.js
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/
3 KB
0
Script
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/runtime.js?v=2.7
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
41a49f5e2794f7440f5a4cca9a3384eeec0505922b2f21b6dfd1299bc275ef95

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-fcdfb5d99-m7f6g
content-encoding
gzip
etag
W/"6709a3e0-cec"
age
174138
expires
Mon, 13 Oct 2025 06:14:50 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript
last-modified
Fri, 11 Oct 2024 22:17:04 GMT
x-cache-hits
61, 0, 0
x-served-by
cache-ams21081-AMS, cache-lax-kwhp1940100-LAX, cache-lax-kwhp1940035-LAX
vary
Accept-Encoding
cache-control
max-age=31622400
x-timer
S1728887828.085037,VS0,VE7
x-styx-req-id
49d8dfba-8861-11ef-9a09-52e503d7f733
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
1750
server
nginx
main.js
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/
3 KB
0
Script
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/main.js?v=2.7
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
873798cf5a9cc4cd81e7fc20017683455be4e1bbf14553aa56182e1f05a6bfd5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5c8cd649cb-j2fs9
content-encoding
gzip
etag
W/"67091a90-b65"
age
174098
expires
Mon, 13 Oct 2025 06:15:29 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript
last-modified
Fri, 11 Oct 2024 12:31:12 GMT
x-cache-hits
57, 0, 0
x-served-by
cache-ams2100147-AMS, cache-lax-kwhp1940129-LAX, cache-lax-kwhp1940035-LAX
vary
Accept-Encoding
cache-control
max-age=31622400
x-timer
S1728887828.085360,VS0,VE66
x-styx-req-id
60f1849a-8861-11ef-b947-c6e297b52812
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
1010
server
nginx
vendor-main.js
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/
418 KB
0
Script
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/vendor-main.js?v=2.7
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
125917e83a2fdc404792d691b5f572c72408a1fbc6bea8c8c5ea76efc952f8b5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5c8cd649cb-j2fs9
content-encoding
gzip
etag
W/"67093249-689f2"
age
174099
expires
Mon, 13 Oct 2025 06:15:29 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript
last-modified
Fri, 11 Oct 2024 14:12:25 GMT
x-cache-hits
0, 0, 0
x-served-by
cache-ams21079-AMS, cache-lax-kwhp1940136-LAX, cache-lax-kwhp1940035-LAX
vary
Accept-Encoding
cache-control
max-age=31622400
x-timer
S1728887828.085396,VS0,VE6
x-styx-req-id
60f1bea2-8861-11ef-b947-c6e297b52812
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
148414
server
nginx
footer.js
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/pages/
12 KB
0
Script
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/pages/footer.js?v=2.7
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
5e6e5066c2153c8e15f1bb3051b8dfd7dfd1e5b947a80e0ec16c266b5ab50369

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-fcdfb5d99-rkcnz
content-encoding
gzip
etag
W/"67093249-2f05"
age
174138
expires
Mon, 13 Oct 2025 06:14:50 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript
last-modified
Fri, 11 Oct 2024 14:12:25 GMT
x-cache-hits
61, 0, 0
x-served-by
cache-ams2100104-AMS, cache-lax-kwhp1940076-LAX, cache-lax-kwhp1940035-LAX
vary
Accept-Encoding
cache-control
max-age=31622400
x-timer
S1728887828.085817,VS0,VE8
x-styx-req-id
49db7348-8861-11ef-b957-86ae226cd428
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
4485
server
nginx
/
ipapi.co/json/
781 B
943 B
Fetch
General
Full URL
https://ipapi.co/json/
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/pages/footer.js?v=2.7
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:20::681a:92c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a69b4fc935fdcdf89fedafbdf69d22213a923ae6adc9af0e7f19b079cc43ada0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy
same-origin
cf-cache-status
DYNAMIC
content-encoding
br
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HQeGVmR9%2Bkn%2BSYWHX23mnmNXJVPUpXLPAqZbQVIheSvy%2BTZAzg9QK5JLsG8kz7VlR079vERX6qnhIvPOYxCVgScITkl5O8GhcTAo1PKzOULQYYfAJoN5efdSCNNzVj36%2FUUbfnT%2B"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
allow
OPTIONS, GET, OPTIONS, HEAD, POST
cf-ray
8d258f35186769b7-LAX
referrer-policy
same-origin
access-control-allow-origin
https://www.sangfor.com
date
Mon, 14 Oct 2024 06:37:11 GMT
content-type
application/json
vary
Host, origin
server
cloudflare
x-frame-options
DENY
article.js
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/widgets/
17 KB
0
Script
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/widgets/article.js?v=2.7
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
14054a79120f273f1fe554b4d62296e779e36fa70da6f9a159919b533b808443

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5c8cd649cb-wzbxl
content-encoding
gzip
etag
W/"6709c64a-42c0"
age
174098
expires
Mon, 13 Oct 2025 06:15:29 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript
last-modified
Sat, 12 Oct 2024 00:43:54 GMT
x-cache-hits
57, 0, 0
x-served-by
cache-ams21060-AMS, cache-lax-kwhp1940100-LAX, cache-lax-kwhp1940035-LAX
vary
Accept-Encoding
cache-control
max-age=31622400
x-timer
S1728887828.085967,VS0,VE6
x-styx-req-id
60f1b2ab-8861-11ef-b87b-7eaec3dbcd23
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
5707
server
nginx
New%20RCRU64%20Ransomware%20Variant18132.jpg
www.sangfor.com/sites/default/files/inline-images/
67 KB
0
Image
General
Full URL
https://www.sangfor.com/sites/default/files/inline-images/New%20RCRU64%20Ransomware%20Variant18132.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
eafbdcc4eab9ccd535cebb16f2f960eecc341496cc3edede446bf5d90321660b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-59f96d5596-qrghr
fastly-io-info
ifsz=110828 idim=831x355 ifmt=jpeg ofsz=68464 odim=831x355 ofmt=webp
etag
"jCs1QW0BsNX9awyoU5s8yLfnIGSxvWr/qlWl4SWlAXo"
age
1098226
expires
Wed, 24 Sep 2025 09:54:37 GMT
x-cache
MISS, HIT, HIT, HIT
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
image/webp
x-served-by
cache-ams2100117-AMS, cache-chi-klot8100155-CHI, cache-chi-kigq8000160-CHI, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 4, 0
vary
Accept
fastly-stats
io=1
cache-control
max-age=31622400
x-timer
S1728887828.084075,VS0,VE2
x-styx-req-id
d857f080-7991-11ef-9d35-86258012481b
via
1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
68464
fastly-io-served-by
vpop-kiad7010210
server
nginx
alpine.js
www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/vendor/
38 KB
0
Script
General
Full URL
https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/vendor/alpine.js?v=2.7
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
01b80650d5df17eac7605ba1d5feac89fdba2a6496ceedf58ba0eb3ee5d8dbe9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-fcdfb5d99-rkcnz
content-encoding
gzip
etag
W/"67091a90-9658"
age
174098
expires
Mon, 13 Oct 2025 06:13:28 GMT
x-cache
HIT, HIT, MISS
date
Mon, 14 Oct 2024 06:37:08 GMT
content-type
application/x-javascript
last-modified
Fri, 11 Oct 2024 12:31:12 GMT
x-cache-hits
1, 0, 0
x-served-by
cache-ams21077-AMS, cache-lax-kwhp1940027-LAX, cache-lax-kwhp1940035-LAX
vary
Accept-Encoding
cache-control
max-age=31622400
x-timer
S1728887828.085837,VS0,VE8
x-styx-req-id
1924e4de-8861-11ef-b957-86ae226cd428
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
16064
server
nginx
token
www.sangfor.com/session/
43 B
522 B
Fetch
General
Full URL
https://www.sangfor.com/session/token
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/themes/custom/sangfor/front-end/public/assets/scripts/widgets/article.js?v=2.7
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9c8125a41dc6c5ce3086100e691e56086fa4627c503bbd4a913ca90558f1f870
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-d-5c8cd649cb-wzbxl
content-encoding
gzip
age
0
x-content-type-options
nosniff
x-generator
Drupal 9 (https://www.drupal.org)
expires
Sun, 19 Nov 1978 05:00:00 GMT
x-cache
MISS, MISS, MISS
x-ua-compatible
IE=edge
date
Mon, 14 Oct 2024 06:37:11 GMT
content-type
text/plain; charset=UTF-8
x-served-by
cache-ams21023-AMS, cache-lax-kwhp1940061-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 0
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=300
vary
Accept-Encoding
cache-control
must-revalidate, no-cache, private
x-timer
S1728887832.726945,VS0,VE193
x-styx-req-id
be381877-89f6-11ef-b87b-7eaec3dbcd23
via
1.1 varnish, 1.1 varnish, 1.1 varnish
permissions-policy
interest-cohort=()
accept-ranges
bytes
content-length
63
content-language
en
server
nginx
statistics.php
www.sangfor.com/core/modules/statistics/
0
271 B
XHR
General
Full URL
https://www.sangfor.com/core/modules/statistics/statistics.php
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/sites/default/files/js/js_bzB0iLngivU62X37QpI6Gpz7k3EkyXaTOnQh7orgZbo.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
*/*
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

x-pantheon-styx-hostname
styx-fe1fe2-c-fcdfb5d99-m7f6g
content-encoding
gzip
age
0
x-cache
MISS, MISS, MISS
date
Mon, 14 Oct 2024 06:37:12 GMT
content-type
text/html; charset=UTF-8
x-served-by
cache-ams2100110-AMS, cache-lax-kwhp1940035-LAX, cache-lax-kwhp1940035-LAX
x-cache-hits
0, 0, 0
vary
Accept-Encoding, Cookie, Cookie
strict-transport-security
max-age=300
x-timer
S1728887833.734122,VS0,VE179
x-styx-req-id
bed1ba76-89f6-11ef-9a09-52e503d7f733
via
1.1 varnish, 1.1 varnish, 1.1 varnish
accept-ranges
bytes
content-length
20
server
nginx
elqCfg.min.js
images.sangfor.com/i/
6 KB
3 KB
Script
General
Full URL
https://images.sangfor.com/i/elqCfg.min.js
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.33.40.142 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-33-40-142.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
3346de8e2ae1bfde250c7ac5c06f79a0a60c7faef8e5e08a2c9e8fbf5ec2c9e8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

X-Robots-Tag
noindex, nofollow
Content-Encoding
gzip
ETag
"5fbd42741dd4da1:0"
X-Content-Type-Options
nosniff
Expires
Mon, 14 Oct 2024 06:37:13 GMT
P3P
CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Date
Mon, 14 Oct 2024 06:37:13 GMT
Content-Type
application/x-javascript
Last-Modified
Fri, 12 Jul 2024 05:36:33 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Cache-Control
no-store
Pragma
no-cache
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2183
X-XSS-Protection
1; mode=block
v1_wzqpkpwvuopibcld.js
wa.arounddeal.com/wv/
960 B
884 B
Script
General
Full URL
https://wa.arounddeal.com/wv/v1_wzqpkpwvuopibcld.js
Requested by
Host: www.sangfor.com
URL: https://www.sangfor.com/farsight-labs-threat-intelligence/cybersecurity/new-rcru64-ransomware-variant
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.164.193.241 Richardson, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
69-164-193-241.ip.linodeusercontent.com
Software
nginx/1.22.1 / PHP/8.0.30
Resource Hash
6429cc091657f28263cd4c1d129eba97e8f1abccdc40a488d7ffb70a7146f7c5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.sangfor.com/

Response headers

Transfer-Encoding
chunked
Cache-Control
no-cache
Content-Encoding
gzip
Connection
keep-alive
Access-Control-Allow-Methods
GET, POST, OPTIONS, GET, POST, OPTIONS
Access-Control-Allow-Origin
*, *
Date
Mon, 14 Oct 2024 06:37:12 GMT
Content-Type
text/html; charset=UTF-8
Vary
Accept-Encoding
Server
nginx/1.22.1
X-Powered-By
PHP/8.0.30
/
wa.arounddeal.com/wa/
1 B
357 B
XHR
General
Full URL
https://wa.arounddeal.com/wa/
Requested by
Host: wa.arounddeal.com
URL: https://wa.arounddeal.com/wv/v1_wzqpkpwvuopibcld.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.164.193.241 Richardson, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
69-164-193-241.ip.linodeusercontent.com
Software
nginx/1.22.1 / PHP/8.0.30
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-type
application/json; charset=UTF-8
Referer
https://www.sangfor.com/

Response headers

Transfer-Encoding
chunked
Content-Encoding
gzip
Connection
keep-alive
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
*
Date
Mon, 14 Oct 2024 06:37:13 GMT
Content-Type
text/html; charset=UTF-8
Vary
Accept-Encoding
Server
nginx/1.22.1
X-Powered-By
PHP/8.0.30
/
wa.arounddeal.com/wa/ Frame
0
0
Preflight
General
Full URL
https://wa.arounddeal.com/wa/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.164.193.241 Richardson, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
69-164-193-241.ip.linodeusercontent.com
Software
nginx/1.22.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.sangfor.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers
DNT, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Range
Access-Control-Allow-Methods
GET, POST, DELETE, OPTIONS
Access-Control-Allow-Origin
*
Access-Control-Max-Age
1728000
Connection
keep-alive
Content-Length
0
Content-Type
text/plain; charset=utf-8
Date
Mon, 14 Oct 2024 06:37:13 GMT
Server
nginx/1.22.1
/
wa.arounddeal.com/wa/
1 B
357 B
XHR
General
Full URL
https://wa.arounddeal.com/wa/
Requested by
Host: wa.arounddeal.com
URL: https://wa.arounddeal.com/wv/v1_wzqpkpwvuopibcld.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.164.193.241 Richardson, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
69-164-193-241.ip.linodeusercontent.com
Software
nginx/1.22.1 / PHP/8.0.30
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-type
application/json; charset=UTF-8
Referer
https://www.sangfor.com/

Response headers

Transfer-Encoding
chunked
Content-Encoding
gzip
Connection
keep-alive
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
*
Date
Mon, 14 Oct 2024 06:37:13 GMT
Content-Type
text/html; charset=UTF-8
Vary
Accept-Encoding
Server
nginx/1.22.1
X-Powered-By
PHP/8.0.30
/
wa.arounddeal.com/wa/ Frame
0
0
Preflight
General
Full URL
https://wa.arounddeal.com/wa/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
69.164.193.241 Richardson, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
69-164-193-241.ip.linodeusercontent.com
Software
nginx/1.22.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.sangfor.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers
DNT, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Content-Type, Range
Access-Control-Allow-Methods
GET, POST, DELETE, OPTIONS
Access-Control-Allow-Origin
*
Access-Control-Max-Age
1728000
Connection
keep-alive
Content-Length
0
Content-Type
text/plain; charset=utf-8
Date
Mon, 14 Oct 2024 06:37:13 GMT
Server
nginx/1.22.1
svrGP
s757079.t.eloqua.com/visitor/v200/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
td.doubleclick.net
URL
https://td.doubleclick.net/td/rul/11481739312?random=1728887829032&cv=11&fst=1728887829032&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9176098020za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&did=dMDhkMT&gdid=dMDhkMT&npa=0&us_privacy=1YNY&pscdl=noapi&auid=964798882.1728887829&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config%3Bpage_placeholder%3DPLACEHOLDER_page_location
Domain
td.doubleclick.net
URL
https://td.doubleclick.net/td/rul/658559639?random=1728887829118&cv=11&fst=1728887829118&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v888876710z8834067541za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sangfor.com%2Ffarsight-labs-threat-intelligence%2Fcybersecurity%2Fnew-rcru64-ransomware-variant&hn=www.googleadservices.com&frm=0&tiba=New%20RCRU64%20Ransomware%20Variant%20Discovered%20by%20Sangfor%20FarSight%20Labs%20%7C%20Sangfor&npa=0&us_privacy=1YNY&pscdl=noapi&auid=964798882.1728887829&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Domain
td.doubleclick.net
URL
https://td.doubleclick.net/td/ga/rul?tid=G-SS797RGCZV&gacid=1741506203.1728887829&gtm=45be4a90v888876710z8834067541za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101671035~101686685&z=127457894
Domain
td.doubleclick.net
URL
https://td.doubleclick.net/td/ga/rul?tid=G-21N5DLV7PF&gacid=1741506203.1728887829&gtm=45je4a90v894187644za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101533421~101671035~101686685&z=923673192
Domain
www.google.com
URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LczTogeAAAAAA5eA9bXICZ0-6LDyr2C5kFjBakY&co=aHR0cHM6Ly93d3cuc2FuZ2Zvci5jb206NDQz&hl=en&v=aR-zv8WjtWx4lAw-tRCA-zca&size=invisible&cb=u6hbh8eat97
Domain
s757079.t.eloqua.com
URL
https://s757079.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=757079&ref2=elqNone&tzo=600&ms=553&optin=disabled

Verdicts & Comments Add Verdict or Comment

86 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 function| gtag object| dataLayer object| drupalSettings object| Drupal object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client function| urlupdate function| handleFormSubmit function| resetSubmitButton function| addChangeHandler object| form object| nodes object| dom0 function| getParentElement function| handleDocumentLoad function| getElqFormSubmissionToken function| getHostName function| processLastFormField object| CookieControl function| __uspapi function| addUspapiLocatorFrame function| __handleUspapiMessage function| propagateIABStub object| Cookiebot object| CookieConsent function| LiveValidation function| LiveValidationForm object| Validate object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| myFunction function| LoadEvent number| mft function| fbq function| _fbq string| _linkedin_partner_id object| _linkedin_data_partner_ids object| _elqQ object| CookiebotDialog object| CookieConsentDialog object| GooglebQhCsO function| onYouTubeIframeAPIReady object| gaGlobal object| recaptcha object| closure_lm_958404 object| gaplugins object| gaData function| lintrk boolean| _already_called_lintrk object| ORIBILI object| fe833 object| newsletterInput object| newsletterInputValidation function| revalidateForm function| validateAndSubmit object| webpackChunksangfor function| $ function| jQuery number| CB_jQueryHoldReadyStarted function| Ya function| ja function| Ka function| Qs function| Ua function| Ga function| on function| Js function| gt function| es object| Alpine number| CB_OnTagsExecuted_Processed function| advt object| _elq function| addEventListenerBase

15 Cookies

Domain/Path Name / Value
.sangfor.com/ Name: _gcl_au
Value: 1.1.964798882.1728887829
.sangfor.com/ Name: _ga_SS797RGCZV
Value: GS1.1.1728887829.1.0.1728887829.60.0.0
.sangfor.com/ Name: _ga_NP5KMJMZXN
Value: GS1.1.1728887829.1.0.1728887829.0.0.0
.sangfor.com/ Name: _ga_21N5DLV7PF
Value: GS1.1.1728887829.1.0.1728887829.60.0.0
.sangfor.com/ Name: _ga
Value: GA1.2.1741506203.1728887829
.sangfor.com/ Name: _gid
Value: GA1.2.1410896035.1728887829
.sangfor.com/ Name: _gat_gtag_UA_15510522_1
Value: 1
.sangfor.com/ Name: _fbp
Value: fb.1.1728887829658.775522544398908509
.linkedin.com/ Name: li_sugr
Value: 219c1465-fa9d-4c13-89c6-75cc7155fc59
.linkedin.com/ Name: bcookie
Value: "v=2&ee663c44-1711-41f4-87e3-6638c031eae1"
.linkedin.com/ Name: lidc
Value: "b=TGST07:s=T:r=T:a=T:p=T:g=2956:u=1:x=1:i=1728887829:t=1728974229:v=2:sig=AQG0telCIHWRZrNaOXprPMr6SVOS6C5v"
.linkedin.com/ Name: UserMatchHistory
Value: AQKXditgdP44YgAAAZKJvrUP8EZp9w_Pgvy8hO9I5b6gJoMxHYmZvwXMXayeTyqCC_PSnq-nHOcWWw
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQISFEv8VsmDYAAAAZKJvrUPr3226AGVgURSEpNJdsS4E_kmqAB8QrAOllnXmxCs5BlgxJDnlOPDL5nprdKByQ
.www.linkedin.com/ Name: bscookie
Value: "v=1&202410140637095cfd6d5a-1933-4b99-8aae-9508bfae0d83AQEhB34fqKBT-1MFD91yMou_uDLxmYbc"
.doubleclick.net/ Name: IDE
Value: AHWqTUkQhgjfpu5r3Frtx9t3KnOmQUAXlt88UxJ_RXlzUAz014eDjXoOQ2rAeIxB

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
connect.facebook.net
consent.cookiebot.com
consentcdn.cookiebot.com
download.sangfor.com.cn
googleads.g.doubleclick.net
images.sangfor.com
img06.en25.com
imgsct.cookiebot.com
ipapi.co
px.ads.linkedin.com
px4.ads.linkedin.com
s757079.t.eloqua.com
snap.licdn.com
stats.g.doubleclick.net
td.doubleclick.net
unpkg.com
wa.arounddeal.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.sangfor.com
s757079.t.eloqua.com
td.doubleclick.net
www.google.com
13.107.42.14
142.250.72.99
142.250.80.66
142.251.40.132
192.29.201.57
2001:4860:4802:34::181
23.207.6.152
23.33.40.142
2600:141b:1c00:16::17c4:309
2600:141b:1c00:2588::f09
2600:141b:1c00:258b::f09
2600:141b:1c00:6::17df:d105
2606:4700:20::681a:92c
2606:4700::6811:f9cb
2607:3f40:ff03::7ff
2607:f8b0:4004:c19::9a
2607:f8b0:4006:80c::2002
2607:f8b0:4006:816::200e
2607:f8b0:4006:81f::2008
2620:1ec:21::14
2a03:2880:f112:83:face:b00c:0:25de
2a04:4e42:200::645
31.13.71.7
69.164.193.241
01b80650d5df17eac7605ba1d5feac89fdba2a6496ceedf58ba0eb3ee5d8dbe9
049a620eeb9f38870ebbf2d23745063622e976a29ba6a9d0b5b94e1198116a31
098fc51c00b27479bf9564ff913f642e836ac863b346c43819f09a80936ec0a5
0bbdc93be13aed296857de8ce67b8a4875b191a6aa5e0c4f7efe2e531b9267d3
0e7be44c483765ba40bdb8fb79142f703593f411ec138f8c258b025c46c583c0
0f1a313da6a88cb8813fb2f0e5b214586baeff74f032fe1c151d6c2a705cba96
0ff2232dd16ddb2e39fd85d6dd9f4571e0d6e5770c510e3946200772ccea1c12
1119831ac0d66497778edfd50e1c4454c369a9e215974b22748512f5f94ea5b4
125917e83a2fdc404792d691b5f572c72408a1fbc6bea8c8c5ea76efc952f8b5
14054a79120f273f1fe554b4d62296e779e36fa70da6f9a159919b533b808443
1419f43d240049ef0b962f7d84526f0b41e4fd3c5376f21e75fc195895a203d4
19ba61e585dc696f1222273bb4dea2f9ea0475e7e587fc41f09a9f6a5d0100e6
1ab18b6349502e2ff94ae18400f17f3e453a7f14dd3ba45f88751e78ddc47a0b
1c04a80bf1f07f432ebf3f677b015e854b58efd124649588ea04f136e3eb3554
1dae51845d58e1f038ca809955fa1f4a3b2114a05d9071a06ffe5f3e2d2dc816
221f8c9253e16004a0fc662867a8c9ca2f8626ee34643314be21511b500fd35d
23e4d60cfac088ba6eb24b76c0726eec2077c2f164c17f4e9906f43c3ac4d4ca
2632350150729e5432013ca98c01588c89c707f4dcf359076ce8b90cbf369dc3
284aa1609b16851463de01ab149eb88b09375632c13713e662e0830abddf8bec
2ef14706d7ea03c01ea58bc28980cd3c345b2814e38d9fa9051d3cccf245bbd8
300e0a19f0415d8cbbb83d10272bc792632f48175d9be777937bee14825e419b
30b0f26470c915ef09c50d127690c860685641df1f66409f0aec3d260186d388
3346de8e2ae1bfde250c7ac5c06f79a0a60c7faef8e5e08a2c9e8fbf5ec2c9e8
36ca976922a5bc02835846fc4b6243e2f110320afe24279c3dc022d4df3c24a6
36ef1cf6246ce3d596a572d7b0e947a7088eefb1af6373f1a0669c9189a6728e
3b781230055b26f1e594711cde4d1633bd22ad32ac912a815ae58793a8c75069
3c3b0fdb91418f8c6538ec2a686c6d49b619494effc576611c2ccdb1440e7b2b
41a49f5e2794f7440f5a4cca9a3384eeec0505922b2f21b6dfd1299bc275ef95
42fcc2e1fa91f2656f4fe39ab0ce936e6358d9ea1a3847baa4abaeb30fc6340e
43a82cd8f2c063b414db0ad551d1c7a2ec384f4347d300609e5b490b4c8c40a1
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
48ba1993011db4834882d81b2153753437607292f704a6543d4466c0f6d1372a
4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da
4ef8764b15fc01e7dab43f9b379996e763ecee58df1115f69142d4db17194cbd
5a399207c12d45df8892cffc11528a6666e85d182999f90c97f654c1f7b4d5b5
5b34b175179a2b7207902dfb82f3bd5ddcecffed15372771abc7ac81941a89a6
5b63874935b493559810133aff35028591cd64ce758994e710d8347a4b0d401d
5d133963887abdf2441256145edf463224b54d7457a231a291bfd6e29a0e6f09
5e6e5066c2153c8e15f1bb3051b8dfd7dfd1e5b947a80e0ec16c266b5ab50369
5f75bfbfbf0c7cac2c87d6ca5de0661aedc188b0900b6cef5efbaea134b53302
60df6999405b8e3907c141cf4fb76812e272d0890b9e759ea66d1343cfaa20dd
6429cc091657f28263cd4c1d129eba97e8f1abccdc40a488d7ffb70a7146f7c5
65caebd5a0a65049f5509277b50ec0b57e5b087c08ca8ba7c65e2a4643f7a08a
6737f2f0ac1fb89f6a3f645062d8f504cd5f78fefff2be86ae82bc544de8fa24
6879f6200421154baabd4682320d1a1ff600830520ff73697f61c1c8759a6a3f
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6e8ea35cfdff4770e3e0d3c98e9e78f8818f4c5f44561274dca027fd1e3fe41b
6f307488b9e08af53ad97dfb42923a1a9cfb937124c976933a7421ee8ae065ba
6fbbf1e444fd365c5c0d4c96461eee486e5a33784b3f199d92fe69567e932770
6fe067bf4e83889b5dc2d32f88835854a7e5ee95fec799ba1558a20cfb5e6f3a
71c4d85ab6e7bd8471cb0bed91b04311f338dddd2aa3827f0c4790e8b7b53d0e
7434fc40a30edaa357cb3873be0c68e0e6ac7bce734c4b3a458368d0865d9205
76383787d84ba9588f39fa845cfd80b0d645719f3f9ac32be4fc92b18b1d148c
8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979
818f9cbde752ad72e51413c9230dd1526c1f6ea916c034d597d551ce979f831f
82254875473203cbd5e10c02ca9677baf7ab978a518f6b1cc6acc7a8b1872b63
83bd6fedd1fe68e130019dcc9ac407bc349c9f6f36874716c7e73be94dc9e462
873798cf5a9cc4cd81e7fc20017683455be4e1bbf14553aa56182e1f05a6bfd5
8c861ea0c6c43eb8839b5dcbb171bc584c342268fcb203ab9c45d339fd7f400e
90473a1a619e183dde264afd0632ecbaa69a98ce8a4ed8be947417e47a666670
9c8125a41dc6c5ce3086100e691e56086fa4627c503bbd4a913ca90558f1f870
9e337c7f8bc51113fb2f0eb2585f03a7b3b0588f3661a2f51c4025d4b17d2a40
a23be5f9c9deae65e75b7d0c546c2a5be5c0b55ccad42eb43a341acbfc74fd2e
a4a56097c13b4b80ccc5209678fd00cbc77c981fa14f42b357ab82568624aba4
a69b4fc935fdcdf89fedafbdf69d22213a923ae6adc9af0e7f19b079cc43ada0
a8342a4c16e3fddd19edb61bdf17e984a875a520d408e9ff24f989d8ee4b4021
a9794eb161a19e97283a6b27ad43932837f5638f85a3cf08cec9ef6a9cd9c721
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
aac00b0dd1b83a91bb40a96104b60a1a76bbf7887ecdc78f824a751533f8d9f6
acc56b2df173f77e03fbd422205fa16c2067e01f996313c37d301146f12d67cf
b30b70e2067e407e427ac15a978091acb030d9b2db360ea2a3ce3eec6ef474e5
bc58caa4613d0c671ee8347e5925bcf6022f662ac917a845f1227e46c5fb6979
bf0ea76b9a9f65fd58137769faf6b921b44767ab99b325c9fb842fed339f80d4
c0db478481c2f2dd767a0b11d2407e6466f3a833c14b219bc1311089b5e51ac9
c30e4b76b88aba11e97e78e219d797b895179efbc93b99dc9d6c440c0511b505
c7e56b6438ce7b0803d9c06b7ee1c8ce6db280dac58e0f8f56490336c2bec194
c8159ad6bb4d0a09d41a0bee72d4c486b2cc7ceffaa82f9c098ec9240a03da28
cc639c62a725f411cbfa123171585ae887e67acbfc7cec1aadb033eeb4c998a1
cedb71958c703923a2df24aff20e6250b7d506e60c5f8931f5f4a82ff3f8cef4
d19d0a77d9895780fe41eb1b9bc0e086f513cbec51c97a3d74fd245be5d2ea68
d8a957038679125d4840554fc43375697e662283121561afdefc2c3fbecaf729
dab07d9602e567920b7dffb7c0903e16674cb502594342b7240ecad7bb0027c4
dd33484b1c193c68f5616a406865d1754ca67353899a46ce65400470a7dd084c
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e567bae5c224611444ca52690cb055113b4faf0395b38e565c846cf0f20b4d9b
e96f4f4298c7d1a94f2fd78ad214ecc6bdfbc7632c1e4927e8c32b29914fdaed
eafbdcc4eab9ccd535cebb16f2f960eecc341496cc3edede446bf5d90321660b
ebaccbb59ffac8f54448f61dae2a3cca80036be36348f2e116d25056d83a7e76
ec1637554b155c6bec0d5c076d76866f2e584c17d2dbd4c55f7cc13c6477b210
ee4fab2ab809e4d56d1d103ec66b27ef7a8668139eb428620a2c816a9d7ccef6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
effa68298eeabf7434140c33108e997e9ac91a3d03d81398cdf471172ee50a7c
f66f3eb40dc841ff138652d06134d9532130782bf247dd3c4e0d1709b29839f6
fbb8fad500a2857ce80ec8fb10d2d9bcf96becf86d9cbafad061aceae07c2f53
fe32d73e471032dfa34593cc106238ecbf6b7bd859eb13256fd00bacb32da0dc
fe4cb9cdf002e1c523e75d6f15bd558ac573ee06af67ec43aadbb1a9e4348a36