urlscan.io logo urlscan.io
SecurityTrails logo

www.nisos.com Open in urlscan Pro
162.159.134.42  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Submission: On June 14 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 32 IPs in 5 countries across 26 domains to perform 108 HTTP transactions. The main IP is 162.159.134.42, located in and belongs to CLOUDFLARENET, US. The main domain is www.nisos.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 7th 2022. Valid for: a year.
This is the only time www.nisos.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
50 162.159.134.42 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 18.66.97.10 16509 (AMAZON-02)
1 52.200.29.199 14618 (AMAZON-AES)
8 2.17.100.193 20940 (AKAMAI-ASN1)
5 2a00:1450:400... 15169 (GOOGLE)
1 52.222.236.63 16509 (AMAZON-02)
3 2606:4700:e6:... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
1 2a02:26f0:310... 20940 (AKAMAI-ASN1)
1 5 2600:9000:20c... 16509 (AMAZON-02)
1 2001:4860:480... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 34.255.78.124 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:237... 16509 (AMAZON-02)
4 4 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
1 2a05:d018:cc3... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 34.243.212.207 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a02:26f0:480... 20940 (AKAMAI-ASN1)
1 2606:4700::68... 13335 (CLOUDFLAR...)
108 32
50    162.159.134.42 (None, )

ASN13335 (CLOUDFLARENET, US)
www.nisos.com
2    2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
3    2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2606:4700::6812:1634 (United States)

ASN13335 (CLOUDFLARENET, US)
kit.fontawesome.com
1    2606:4700::6812:893b (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-scripts.com
1    18.66.97.10 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-10.fra56.r.cloudfront.net
static.hotjar.com
1    52.200.29.199 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-200-29-199.compute-1.amazonaws.com
lltrck.com
8    2.17.100.193 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-193.deploy.static.akamaitechnologies.com
j.6sc.co
c.6sc.co
b.6sc.co
5    2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    52.222.236.63 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-63.fra56.r.cloudfront.net
script.hotjar.com
3    2606:4700:e6::ac40:ca1c (United States)

ASN13335 (CLOUDFLARENET, US)
ka-f.fontawesome.com
2    2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
3    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
1    2a02:26f0:3100::1735:28c0 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
5    2600:9000:20c3:6c00:6:9280:1080:93a1 (United States)

ASN16509 (AMAZON-02, US)
s.adroll.com
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
2    2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    34.255.78.124 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-78-124.eu-west-1.compute.amazonaws.com
in.hotjar.com
1    2606:4700::6810:75be (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsadspixel.net
2    2606:4700::6811:6bc7 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hscollectedforms.net
forms.hscollectedforms.net
1    2606:4700::6810:8ace (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
3    2606:4700::6812:18c4 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
1    2606:4700::6811:836e (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsleadflows.net
1    2600:9000:237d:6200:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.linkedin.oribi.io
4    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
www.linkedin.com
1    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
1    2a05:d018:cc3:fe05:4ebd:aca3:7153:70f6 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
d.adroll.com
1    2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    34.243.212.207 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-243-212-207.eu-west-1.compute.amazonaws.com
content.hotjar.io
1    2606:4700::6811:d6f3 (United States)

ASN13335 (CLOUDFLARENET, US)
forms.hsforms.com
1    2a02:26f0:480:23::1726:629c (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
ipv6.6sc.co
1    2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)
track.hubspot.com
Apex Domain
Subdomains		 Transfer
50 nisos.com
www.nisos.com
476 KB
9 6sc.co
j.6sc.co — Cisco Umbrella Rank: 6484
c.6sc.co — Cisco Umbrella Rank: 9628
ipv6.6sc.co — Cisco Umbrella Rank: 6605
b.6sc.co — Cisco Umbrella Rank: 4269
14 KB
6 adroll.com
s.adroll.com — Cisco Umbrella Rank: 2705
d.adroll.com — Cisco Umbrella Rank: 1432
25 KB
5 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 408
www.linkedin.com — Cisco Umbrella Rank: 563
px4.ads.linkedin.com — Cisco Umbrella Rank: 6542
5 KB
5 gstatic.com
fonts.gstatic.com
75 KB
4 fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 1987
ka-f.fontawesome.com — Cisco Umbrella Rank: 4145
24 KB
3 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2377
16 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 389
13 KB
3 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 749
script.hotjar.com — Cisco Umbrella Rank: 1067
in.hotjar.com — Cisco Umbrella Rank: 5501
73 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 82
225 KB
2 hscollectedforms.net
js.hscollectedforms.net — Cisco Umbrella Rank: 4971
forms.hscollectedforms.net — Cisco Umbrella Rank: 5088
26 KB
2 google.de
www.google.de — Cisco Umbrella Rank: 4835
515 B
2 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 124
395 B
2 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 2890
www.google.com — Cisco Umbrella Rank: 3
652 B
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 60
21 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 80
2 KB
1 hubspot.com
track.hubspot.com — Cisco Umbrella Rank: 2462
1 KB
1 hsforms.com
forms.hsforms.com — Cisco Umbrella Rank: 4470
983 B
1 hotjar.io
content.hotjar.io — Cisco Umbrella Rank: 5923
161 B
1 oribi.io
cdn.linkedin.oribi.io — Cisco Umbrella Rank: 1027
377 B
1 hsleadflows.net
js.hsleadflows.net — Cisco Umbrella Rank: 4538
88 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2379
21 KB
1 hsadspixel.net
js.hsadspixel.net — Cisco Umbrella Rank: 3542
3 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 960
5 KB
1 lltrck.com
lltrck.com — Cisco Umbrella Rank: 33485
1 hs-scripts.com
js.hs-scripts.com — Cisco Umbrella Rank: 2641
1 KB
108 26
Domain Requested by
50 www.nisos.com www.nisos.com
6 b.6sc.co www.nisos.com
5 s.adroll.com 1 redirects www.googletagmanager.com
s.adroll.com
www.nisos.com
5 fonts.gstatic.com www.nisos.com
3 px.ads.linkedin.com 3 redirects
3 js.hs-banner.com js.hs-scripts.com
js.hs-banner.com
3 bat.bing.com www.googletagmanager.com
bat.bing.com
www.nisos.com
3 ka-f.fontawesome.com kit.fontawesome.com
3 www.googletagmanager.com www.nisos.com
www.googletagmanager.com
2 www.google.de www.nisos.com
2 stats.g.doubleclick.net www.googletagmanager.com
www.google-analytics.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 fonts.googleapis.com www.nisos.com
1 track.hubspot.com
1 ipv6.6sc.co j.6sc.co
1 c.6sc.co j.6sc.co
1 forms.hsforms.com www.nisos.com
1 forms.hscollectedforms.net js.hscollectedforms.net
1 content.hotjar.io script.hotjar.com
1 www.google.com www.nisos.com
1 d.adroll.com s.adroll.com
1 px4.ads.linkedin.com www.nisos.com
1 www.linkedin.com 1 redirects
1 cdn.linkedin.oribi.io snap.licdn.com
1 js.hsleadflows.net js.hs-scripts.com
1 js.hs-analytics.net js.hs-scripts.com
1 js.hscollectedforms.net js.hs-scripts.com
1 js.hsadspixel.net js.hs-scripts.com
1 in.hotjar.com script.hotjar.com
1 region1.analytics.google.com www.googletagmanager.com
1 snap.licdn.com www.googletagmanager.com
1 script.hotjar.com static.hotjar.com
1 j.6sc.co www.nisos.com
1 lltrck.com www.nisos.com
1 static.hotjar.com www.nisos.com
1 js.hs-scripts.com www.nisos.com
1 kit.fontawesome.com www.nisos.com
108 37

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.linkedin.com
www.facebook.com
www.instagram.com
Subject Issuer Validity Valid
nisos.com
Cloudflare Inc ECC CA-3		 2022-10-07 -
2023-10-06		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
*.fontawesome.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-11-22 -
2023-12-23		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-03 -
2024-05-02		 a year crt.sh
*.hotjar.com
Amazon ECDSA 256 M01		 2023-03-09 -
2024-04-06		 a year crt.sh
lltrck.com
Go Daddy Secure Certificate Authority - G2		 2022-07-25 -
2023-08-26		 a year crt.sh
6sc.co
R3		 2023-05-25 -
2023-08-23		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
www.bing.com
Microsoft RSA TLS CA 02		 2023-02-16 -
2023-08-16		 6 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2023-02-01 -
2024-01-31		 a year crt.sh
s.adroll.com
Amazon RSA 2048 M01		 2023-06-03 -
2024-07-01		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-05-19 -
2023-08-11		 3 months crt.sh
www.google.de
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
linkedin.oribi.io
Amazon RSA 2048 M01		 2023-06-08 -
2024-07-07		 a year crt.sh
d.adroll.com
Amazon RSA 2048 M01		 2022-11-08 -
2023-12-07		 a year crt.sh
www.google.com
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
*.hotjar.io
Amazon ECDSA 256 M02		 2023-03-02 -
2024-03-30		 a year crt.sh
hubspot.com
Cloudflare Inc ECC CA-3		 2023-02-05 -
2024-02-05		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Frame ID: CB6D8CD080E6C3EB1E51D301E53BE3CC
Requests: 107 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Page not found - Nisos

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • (?:a|s)\.adroll\.com
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • kit\.fontawesome\.com/([0-9a-z]+).js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • (?:/([\d.]+))?/slick(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • swiper(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

108
Requests

98 %
HTTPS

76 %
IPv6

26
Domains

37
Subdomains

32
IPs

5
Countries

1111 kB
Transfer

4124 kB
Size

25
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 77
  • https://s.adroll.com/j/pre/ZCNLOBHP6JAMPK46MHW4HJ/FQF5LWUC4ZDBZCUBYYYETE/fpconsent.js HTTP 302
  • https://s.adroll.com/j/pre/index.js
Request Chain 88
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4343073&time=1686757145147&url=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4343073&time=1686757145147&url=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4343073%26time%3D1686757145147%26url%3Dhttps%253A%252F%252Fwww.nisos.com%252Fresearch%252Ftrigona-ransomware-explained%252F***IOCs%253A***IP%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4343073&time=1686757145147&url=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&cookiesTest=true&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4343073&time=1686757145147&url=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&cookiesTest=true&liSync=true&e_ipv6=AQISnHDlA0HQvgAAAYi6j3zY6ITuhmLschvSLo9Jd1u2w9DW2ZfBmtKRE4kqt9O_a-BSmMAcdvvI

108 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request ***IOCs:***IP
www.nisos.com/research/trigona-ransomware-explained/ 		134 KB
26 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9198751141182778ff336c74f4d7e3ad6757f13199c7958dcb7be81182fa2c34
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache, must-revalidate, max-age=0
cf-cache-status
DYNAMIC
cf-ray
7d73a9f48a962c43-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 14 Jun 2023 15:39:04 GMT
expires
Wed, 11 Jan 1984 05:00:00 GMT
ki-cache-type
None
ki-cf-cache-status
BYPASS
ki-edge
v=19.0.6;mv=1.1.3
link
<https://www.nisos.com/wp-json/>; rel="https://api.w.org/"
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q6vjZZZ6Ifj2Kfa7GdAs4vzSvPDFpp31n8RsQcxmZP7RlH%2BAIYzmiSGllMdBSbGg44IpKBctRUs%2F9YFlS%2FnBZrxIX351NSvccUkurA%2FpVqFwD%2Be8ResIMr0sJXpzcq0%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
x-edge-location-klb
1
x-frame-options
SAMEORIGIN
x-kinsta-cache
HIT
style.min.css
www.nisos.com/wp-includes/css/dist/block-library/ 		95 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-includes/css/dist/block-library/style.min.css?ver=3bc2f6d635f19ab24e7adf5b4e33d3b8
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,88b53538fc0e54512cead375ab30fb58fbd06633718ae385fd75a2b970c9cfd5
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,88b53538fc0e54512cead375ab30fb58fbd06633718ae385fd75a2b970c9cfd5
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 06 Apr 2023 17:43:35 GMT
server
cloudflare
etag
W/"642f04c7-17ced"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8dQ%2FRCMC3D%2F85S1NtNLdgcAkcbC68HZYKw4Dev6FN%2FWnmkAPsZvTTPS3%2BEjMpdJQVaZ4JkjA0ucCy%2BwZVrA%2BMnl6O4Sf0Rk0nhL7BWaaioto8CBpBt04dF7T0DxdEjA%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f89f9e2c43-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
swiper.min.css
www.nisos.com/wp-content/plugins/dg-blog-carousel/styles/ 		19 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/plugins/dg-blog-carousel/styles/swiper.min.css?ver=3bc2f6d635f19ab24e7adf5b4e33d3b8
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
46bbc7b22b8c58dc664cd4b31da0906636b96c8d64b839b1671d3eff081f6c1e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,4b3cc2a010bb32274103334332a2dc990b984e5e8e6ff72c0b368b32b5be1896
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
335
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 02 Aug 2022 16:43:01 GMT
server
cloudflare
etag
W/"62e95415-4d50"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BLs0W1dwU%2BK3GlJOww6XM8D2tZ4obIw8f9bZY55INwZSAllQHK%2BevTl3D6F7PlG6Ot4272l60T%2BIqgh3Hlt9ClMwWEsKuWJiO01vwp%2FZyRO4uAm2KQP8bHxe%2BzhCnwU%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f89fa02c43-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
style.css
www.nisos.com/wp-content/plugins/monarch/css/ 		113 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/plugins/monarch/css/style.css?ver=1.4.14
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f820d93daf383e178bda2912f5bee00e90e56390597820622643fa8e5e487143
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,b39b0a0ede3780dcb00d16eb59c7dd039b8dcbedaebee368cb2819b843baa6a0
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,b39b0a0ede3780dcb00d16eb59c7dd039b8dcbedaebee368cb2819b843baa6a0
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 14 Oct 2021 19:09:25 GMT
server
cloudflare
etag
W/"61688065-1c56d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BFGCcnuOgI1hMj3s4OIXyoCLQL%2Bq85dWsZ2JYKpElwPByhNVWIeX9%2FwLaXsm1gZSPeTF0GWZ8R4vm3rGCIyXp7IfO4YSEdjE%2F2rObXaUCv3mIHYt0rh0PXPRdpnOewo%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f89fa22c43-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
css
fonts.googleapis.com/ 		5 KB
775 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,700
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
67eb879fb1645c73ccbaac598e815fd3901eb5114228021d686b8b5e470edbbd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 14 Jun 2023 14:44:53 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 14 Jun 2023 15:39:04 GMT
front.min.css
www.nisos.com/wp-content/plugins/popups-for-divi/styles/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/plugins/popups-for-divi/styles/front.min.css?ver=3.0.5
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba2eeab126375c9cc2fabe9a6fe35f25dea57c52df280e6e24a790f5f45be878
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,b9ac426e1e9d65602937f14f305030ead098ae4fcde8d4be7c3254c79215cbe6
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
291046
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 06 Jul 2022 19:34:32 GMT
server
cloudflare
etag
W/"62c5e3c8-1c9f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=81zxUUrbt3kmdVDH%2BYwTR8Cs47I%2BamaSRPbiqUcU6OmXWbaSwDRbSFZR0HcUjrf9sC%2BdtYom%2BiS3WiwEmXLtWwXB8aceN9%2BeuSj2E7e3HpzldETTQfJ9Td3nOpzq%2BMQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f9287337f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
search-filter.min.css
www.nisos.com/wp-content/plugins/search-filter-pro/public/assets/css/ 		36 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/plugins/search-filter-pro/public/assets/css/search-filter.min.css?ver=2.5.14
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c90d3c0b0e49b95857fbd4a60728451deb97ac4079be355467deac9ee7de4a4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,1a81ac67ffe4c03d4748628c61333e8eeded4c74b90ca49d8a289d47712195e0
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
1015577
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 24 Apr 2023 15:06:23 GMT
server
cloudflare
etag
W/"64469aef-91f3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pVAE7y4qHQzY5d5mxnMsv0QPov%2FNxhepX288L%2B6llALI2GuBVdaZTGzWF9Qub8ijlpeVJxLqGdKu7ecc2znW9XBj6NvhnE97%2Fg%2ByWVvT61b9Hi7USVd2drOYuDtCFPE%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f9287437f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
style.min.css
www.nisos.com/wp-content/themes/Divi/ 		26 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/themes/Divi/style.min.css?ver=4.20.4
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba7e231732c5791c70061b395c1d28b929f28ed1f6ec000fad64727a36c46da3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,f386483d672dda793762337e3261104edf5cb2f404140c243f9c14656dae14ea
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
291045
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 06 Apr 2023 17:46:18 GMT
server
cloudflare
etag
W/"642f056a-680e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EBJYAK8GDwdkS3PrTqZ%2FNSSyJ0xq70XFqx9yX075s9QTg6VMRgwOh9VNjH7PhOZi3cgbCf4oFOSBWsu6DT43L%2BUl0pY0Lmedb0R7MWZWuudh6aaUSUTi8pg700%2BeuAU%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f9287537f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
et-divi-dynamic-tb-9107-late.css
www.nisos.com/wp-content/et-cache/notfound/ 		628 B
886 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/et-cache/notfound/et-divi-dynamic-tb-9107-late.css?ver=1686688277
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
925d5ba38a0c2f9ab7df22566d1b0eec56615e69ea93b84c5e79a7f3074eb02a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,b47d06dbde3646fc81f045ef7513995d9fb0a135e6ea93559961d5a990709b23
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
211
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 13 Jun 2023 20:49:18 GMT
server
cloudflare
etag
W/"6488d64e-274"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mDup%2FkrGP9x72Yj83MdD9NX8WZIQp10Ng7MB5A5ZsDbIwMXVZMLcPltf%2Bne4TAglU2bLkVdadeUy1oVf%2BIPoAE9Q6C5Uyzw8KGMkiBjA%2BkMnQ1%2BAkidX6TKtuF7plVs%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f9287637f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
et-divi-dynamic-tb-9107.css
www.nisos.com/wp-content/et-cache/notfound/ 		94 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/et-cache/notfound/et-divi-dynamic-tb-9107.css?ver=1686688277
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b4e13a4e12823ec6fe43ef5d7775abe7c9badf09c6f51693eb7722a924c68e9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,0e5bcf162e766100d4f58674917f3c0b49427be5fc96c3cf52cccb60a32d53c4
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
211
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 13 Jun 2023 20:31:17 GMT
server
cloudflare
etag
W/"6488d215-17757"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qy0qJygAQwoGGuuPD8qMGL6RstlRlRI91AbvhOU%2Bp4rM2x%2FhDwrDo3blWFwKcXd5WHShvLAtbhrsSXRsziNcW0nWYuCpN27K%2Fu6hPvURazGN58xBLeyRYjyXUrr6AnU%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f9287737f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
style.min.css
www.nisos.com/wp-content/plugins/dg-advanced-heading/styles/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/plugins/dg-advanced-heading/styles/style.min.css?ver=1.0.1
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
26764edc2000ff1b83064a99effb1fe10e7cddf5b1a2c406a6d10a86b852eda6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,873323157c00d783cb7b90d4a55e8b95210eb876e983f1cbd8f760fd27167860
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
291045
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 08 Sep 2022 14:34:06 GMT
server
cloudflare
etag
W/"6319fd5e-e6e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZsAEgnPygpPUrWNTgL4EOZqonJjYyCkqmeN3BvE1Lqm4GTRgCSFFRJwC8vFxuxajbwtxAYjG7IRVfB1yZQY%2BgoKdjKmjtjd0mt7YIaFN6FzaBPNRPvl3uGII%2Fi%2FTZYA%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f9287837f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
style.min.css
www.nisos.com/wp-content/plugins/dg-blog-carousel/styles/ 		11 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/plugins/dg-blog-carousel/styles/style.min.css?ver=1.0.15
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43bfa4cb8df3cc265a138e9e526679040ac26b50498319031ad41b77c6f01f84
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,05dbb013f7db58185451dafd6adb5d0d3af981ef13fa9b8c85327b9cd3d3990d
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
291045
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 02 Aug 2022 16:43:01 GMT
server
cloudflare
etag
W/"62e95415-2a52"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rX01gMSuEcCIgVVqweDXUuXliTLXaKPfejgFjvVo3%2FpSUnzHrKK3IWQWX3pelWLgdMo809SZXPyEWlYX9PGo6EQPEontHtAZjOWFVMoFNHZdxBW9bX%2BQEv2uhSVF9O8%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f9287937f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
style.min.css
www.nisos.com/wp-content/plugins/supreme-modules-pro-for-divi/styles/ 		414 KB
30 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/plugins/supreme-modules-pro-for-divi/styles/style.min.css?ver=4.9.34
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fa5ba6fab394d537af1ad89a49479e9953ab0f96251532163c794a3ccea938e3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,e5fe29412d6e3f9b5710560ecd0b725d41299e76601fa54cb5e50bd3012a00ac
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
291046
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 09 May 2023 17:29:27 GMT
server
cloudflare
etag
W/"645a82f7-678e2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bPPp4%2BDs8w8Db4ZkDNCRZDNpZED1ZdfUajoiZFkx%2B8Efz7gXmF0%2FQLinupNynXglwa83FZxOAy1EcJX1ADAwqu3y9f71mcTk5jnUGKGXJ2Nn7%2BDcr5r0%2B0nrfjIf9Fs%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f9287a37f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
magnific_popup.css
www.nisos.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/css/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/css/magnific_popup.css?ver=4.9.34
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca3af915877e0f119ce0df14dfce6249f76222c600e23882fa7c7f99788971cc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,af73cdea617c649b330ae3647a74cb9865332f0fc5ed8ac13914c1055476e559
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
73126
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 06 Apr 2023 17:46:19 GMT
server
cloudflare
etag
W/"642f056b-1946"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JHiRTpNRbaW8F0E33aLGveaHGOJE9RYtFkJizuT%2Fz0HtxT1lFUnUBCE9Mt9MpT7PHO0rYmt8%2FHt4VQziEIuYHk8BcD%2BYmYM3eVCdqRBYy0j3wa4mWe7eTOdehOwm8zs%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f9287c37f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
swiper.css
www.nisos.com/wp-content/plugins/supreme-modules-pro-for-divi/public/css/ 		22 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/plugins/supreme-modules-pro-for-divi/public/css/swiper.css?ver=4.9.34
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e53a639010f02dd7e7c3859f82daeffa535fc069b3e4145640af023dc386f86
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,90e094d277e81dee92dfbd4dcca5ace43e2396d58bc08f6445b0b4f70a582a67
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
73126
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 09 May 2023 17:29:27 GMT
server
cloudflare
etag
W/"645a82f7-5737"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SETtcAVGOo8e80b%2BwJxKQRQhOjC9VjpXk0jY8teeIOOhWd%2FoPMN3P3txRayd7yQs3j9%2BzF8c5%2BZiQgIbnJJ1nUgILiDTSpdS8B2N%2BEzfCl1sAmUGxXtWh0uxRB6wJlI%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f9287f37f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
popup.css
www.nisos.com/wp-content/plugins/supreme-modules-pro-for-divi/public/css/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/plugins/supreme-modules-pro-for-divi/public/css/popup.css?ver=4.9.34
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
56c81b4086d742cf938f6fbc06de7dab26cce2ea6a889b6cf94a356251495631
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,ae94453bdf50fc9455df1902d94914353c270ba72508d3e932b0923ec729caa0
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
73126
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 09 May 2023 17:29:27 GMT
server
cloudflare
etag
W/"645a82f7-1b60"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NMRsJhj3umEe%2FSaywlC7xgxYv8s6YeYQiZTdw%2F1ZbfrU59z3ozjOicZSWTNavdq%2BQ%2BQbCG8Kz4NTz3k6fXlssdFUVKkDuQiCRVolfJe%2B8aSk6vgBdPlW%2B93MQ%2BQqneY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f9288137f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
animate.css
www.nisos.com/wp-content/plugins/supreme-modules-pro-for-divi/public/css/ 		83 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/plugins/supreme-modules-pro-for-divi/public/css/animate.css?ver=4.9.34
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2414767fbf3e93d3269cb3795b6c667da0f58a8f662dfd8aabb0807243d1134f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,270c2e6f46317d504dabd8865e09334f4c600b3d816303dcf30efc674623751b
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
73126
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 09 May 2023 17:29:27 GMT
server
cloudflare
etag
W/"645a82f7-14d7b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FbPY%2BbSaCcimzgjePHPg7FioUZVvQjfdwwjBy7oBhW3ENWLhINCb%2BeT%2FHk7M74CEemZBhxfk1eR5LO5H%2FL%2BxR1h3fXNKHbIwF0idGq%2Brbjsgh4wIVGFcb09HpJKHTI4%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f9288237f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
readmore.css
www.nisos.com/wp-content/plugins/supreme-modules-pro-for-divi/public/css/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/plugins/supreme-modules-pro-for-divi/public/css/readmore.css?ver=4.9.34
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e103f8eeb3f4ba878184dea6d2137c6d5d2e0356e62fb5b8385c3d0e0ec598fd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,6c03f7226438a7d0fd440a1b10df2303dbebae4899b7b6b71ba8f6cb98aafa48
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
211
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 09 May 2023 17:29:27 GMT
server
cloudflare
etag
W/"645a82f7-6b2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VvAsL2V%2BG%2FR0vRvOj1fw6PYuC1dC9bwsvSSNxnex79Ifpp%2B2JiaY8qzL5YtcnGzaZOZ75%2BWHKsbhe2NmUYSFXvHq9I5IQ7JTjMWf0N1vJk1ZcnPFxQMwY29NUk%2FNDSE%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f9288337f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
style.css
www.nisos.com/wp-content/uploads/custom-layouts/ 		18 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/uploads/custom-layouts/style.css?ver=41
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d6a60541b6205300575d1c6a1e92c4c139f4dccadfe00ff9b3a85ceb6c81110
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,c7200c1295aca72f5be4b699166384fdb3a236a124f28cdaaafaa14443142a83
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
73126
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 06 Apr 2023 17:40:13 GMT
server
cloudflare
etag
W/"642f03fd-472b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LDuxt8ThzP5p6fc0Io3ijLcgWi14QC5ofbNTgneA88%2Bk0IG37x7V0Sq1L4ufdq6%2Fj2zj1M5ejCufI2FC%2F88Arz69kzDBCmft9sSwayXr9ywknLoqrWtCkgLQ3J56%2BUM%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f9288437f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
slick.css
www.nisos.com/wp-content/themes/nisos-child/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/themes/nisos-child/slick.css?ver=3bc2f6d635f19ab24e7adf5b4e33d3b8
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99a15b32a81b6f965c2e5bd6c582f7ffc73adfa751fc2465a00f3104e7a6cf95
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,5fbc5fe2c5a13b70a03e378015eed45fa113cc3e07dcc33bb6263b8300b7142d
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
73126
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 22 Nov 2021 15:10:41 GMT
server
cloudflare
etag
W/"619bb2f1-1327"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J%2BuOC3Gxn45f6IKSIN8jgwkXoCvy%2FXITQaM4XNXjMWJYFTP3tkA7pfj7tDIUqXGjcOetknS1LlZZpaCZ9X7EECVWAmsO5BPWxfBAj%2Fi2wO5xF8Str3MergxDzgs3TRU%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f9288637f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
style.css
www.nisos.com/wp-content/themes/nisos-child/ 		14 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/themes/nisos-child/style.css?ver=4.20.4
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
754233622f501da9f79ca0d4626d442150d84aee8a909201132fa960b2bf803c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,fbe70093782887fcb889dc883ac3b9ba916e10dafbb96ba5a96a080863c496f0
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
73126
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 24 Jan 2023 20:21:41 GMT
server
cloudflare
etag
W/"63d03dd5-3778"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kQiDAm0Oz2H%2Fm42ioPYcgv6rb8%2F%2BE3jt2QFbFE0NIXe1kkPTHFFc7xCHj8Nw2NWvLIpAQJ%2BgaQlF8%2Fep9dz4G8d3HVVCExahnrrA7FZh70L0LbSkjS4xTR%2BSSXRtBJI%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f9288737f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
DOMPurify.min.js
www.nisos.com/wp-content/plugins/svg-support/vendor/DOMPurify/ 		21 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/plugins/svg-support/vendor/DOMPurify/DOMPurify.min.js?ver=1.0.1
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
50c36bc2a71485bc6939c1f5de3d1b38ff260d9de91dac1855df0b50c35d81bd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,0e8150840593df9bd0f4ce4a0b74b2d49d90c869f1ea097b1379495e962f0cac
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
101807
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 22 Dec 2022 15:13:47 GMT
server
cloudflare
etag
W/"63a4742b-52b1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7bkU5pyUVlqkTC%2FnwfE3SVN9MqH%2Flb8nnr4hw9y6a9kMD1J%2FPhSf4SRcvFLEjmcJyxukCoozO4IesGCgaswk2euOWnYj2ibgkX5quUD8qkb65s3AEIuh3fZOXhEUSV8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f9288837f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.min.js
www.nisos.com/wp-includes/js/jquery/ 		88 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,222a13131a49c24deee95ba060d5206b4903536022794aad6170fb9f1fefc9c8
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
101807
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 06 Apr 2023 17:43:35 GMT
server
cloudflare
etag
W/"642f04c7-15ed7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tz9sG0%2FJsfieJoI0LCzSjsu2F%2BekjBHRflOFQNLQxAEi2NBeNBrFgy4zxadgC3YFOlCHz5OmIV2e700nFDTPNL%2FXfuxDluCOVH%2FVZqlW1h6LsgIo%2FugO2cr54fkdGeo%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f9288937f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery-migrate.min.js
www.nisos.com/wp-includes/js/jquery/ 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,14cf7fc0bbdcb4c27f17e961d028f68223e417036e493f75213810624f82c00b
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
291046
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 06 Apr 2023 17:43:35 GMT
server
cloudflare
etag
W/"642f04c7-3470"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7jlV9M9q3m%2BV96rm4zS%2BAwXpvKAGzMYUYL9TUrxewSQ0%2BnEnCm5CakhCq6bcrE47MEMvWGWK9opvFR19r8PvgjAc6kyS2fEB2aXGmksLTnM4ItAsUMjPqjHU0ucVHO8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f9288b37f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
svgs-inline-min.js
www.nisos.com/wp-content/plugins/svg-support/js/min/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/plugins/svg-support/js/min/svgs-inline-min.js?ver=1.0.1
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eabc19480b6212343af7996aa06029eb00e8a05d9709b4c8b05e3222558a12f1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,7bcad437b9e70caddd0e55c4807867d6de7c499835da36a897bf620af656900d
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
101807
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 22 Dec 2022 15:13:47 GMT
server
cloudflare
etag
W/"63a4742b-601"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KCjzrJuq8j7sDcQxxOWRaT8f6SVIpgXjTi2Ng82d3MsPXBtUQh41Kq4P6LYQuj3rlaI50xPpexRgUfkT37Gg51OIK9teoXfbNSe%2B8%2BN2qEhLRkPgOYn0%2BrpUccpK7S0%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f9288c37f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
ie-compat.min.js
www.nisos.com/wp-content/plugins/popups-for-divi/scripts/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/plugins/popups-for-divi/scripts/ie-compat.min.js?ver=3.0.5
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b6aed488d128d02850cfb20b4de28a2eceffddd04342f413bbe88a141235a976
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,f748acf366c5bbea00b8be5fad3d89e32a05b1a742a6208421cc074a828b78b6
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
291045
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 06 Jul 2022 19:34:32 GMT
server
cloudflare
etag
W/"62c5e3c8-2712"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TB7iM2uOm0oMGssyK4rW4joMS6CBabMj0b8zYl8frDZRX9k4ZWgropk1%2Bo1QuVjgpDD9puW4EcwpxiKQC7QqxgA%2BBShH3rjQThXsqe9bMhiaZMfRat4xng5GVi981rU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f9289137f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
search-filter-build.min.js
www.nisos.com/wp-content/plugins/search-filter-pro/public/assets/js/ 		64 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/plugins/search-filter-pro/public/assets/js/search-filter-build.min.js?ver=2.5.14
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fbcc9f3151a357828aa120dc98bafa35359d42c83b4cd39693009f43e2ae9098
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,0c21e2bb1283e80621ac1ad2d9d182dcd66450e1edb18a20184fc4a0a8ab1726
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
291045
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 24 Apr 2023 15:06:23 GMT
server
cloudflare
etag
W/"64469aef-10074"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s8mhow9ZxkaytDeibSkc60vrzWYIPrSWMhlXGB2OGI6piZWmK%2B01NTsWvFr7GDsUSNLJ4lOLNlIxRSUt7mnxk%2Bgd1AfemOTZFh1jk5MtPzC1AxUyy2vxXRue9H%2BM0ro%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f9289437f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
chosen.jquery.min.js
www.nisos.com/wp-content/plugins/search-filter-pro/public/assets/js/ 		28 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/plugins/search-filter-pro/public/assets/js/chosen.jquery.min.js?ver=2.5.14
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
73881513a7e7f8944a311bea8e80e9fad946e256ae74d62b5c8d469dc6df0186
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,280351e81b2a6fc9a850db62a7374c4403d3b3f2c511e8e6644f509e144b27b9
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
291045
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 24 Apr 2023 15:06:23 GMT
server
cloudflare
etag
W/"64469aef-71c1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3lxX9Du8vK5OxFeAUvtQxPPLIt5Ppr5WoP1MxL8EaPMlCzT1m5Axv4jDdaU2pTADVu9N6jRmm2E9%2Bl8DIlK4qTIHp0WB9V49vosZUf%2Bac7EXPMmLvivdahnFUr71pKU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9f9289737f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
css2
fonts.googleapis.com/ 		799 B
806 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Zilla+Slab&display=swap
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5489746d9317f7924511ff59d5781ef51906900a231fe46684c1e512a09ef076
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 14 Jun 2023 15:32:03 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 14 Jun 2023 15:39:04 GMT
js
www.googletagmanager.com/gtag/ 		127 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-145073476-1
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b3c7d79390abd409e12c63a94504bbb4caa7d0234e1527b5a6a6e3c38b6520e4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
50192
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 14 Jun 2023 15:39:04 GMT
alt-nisos-logo.png
www.nisos.com/wp-content/uploads/2023/04/ 		18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.nisos.com/wp-content/uploads/2023/04/alt-nisos-logo.png
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
57f4680898f2af59bf83a8bedb562603677780be4133457db08e6314c6438723
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,9e1cc11f922671cae97c6059e0bef5e438bbaee348bf1fa087f49aef62e5be2d
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
101807
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
18447
last-modified
Mon, 17 Apr 2023 14:31:45 GMT
server
cloudflare
etag
"643d5851-480f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UqtkQ1J4xwsVWz2YzVh66YeA%2Fkai68IHVb8IycMD5Jm%2FpEpQMpBLBb1YiVCLgq75iUV3ABwrEdnjJWe6u8cGWuGTQbKGpMxAaSJ88VsTMcYGKhEvLpYSX9XTysPysB4%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
accept-ranges
bytes
cf-ray
7d73a9fa19ec37f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
NISOS_logo_high_res_vert_white@2x.png
www.nisos.com/wp-content/uploads/2021/01/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.nisos.com/wp-content/uploads/2021/01/NISOS_logo_high_res_vert_white@2x.png
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10fd67d6c6eac5cdfda0b370fb6b23bc1fc4b9f1f1a7cb8b401aac906f2a6822
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,c548b1b1af14ae1266c3e98a1feac25ef7fcd047721cb91230d4687e03a7c78e
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
73127
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
9652
last-modified
Thu, 02 Dec 2021 00:19:22 GMT
server
cloudflare
etag
"61a8110a-25b4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZjVTh%2FZAHPvbHiCLkcrHVjzTWi6NUmUoEpmkH2LaGxRFiIK9eIgi2Mn8Qw8NTFgND6EKzWwoi6VsrUn4Lp0sWaLYsNM05o8Q%2B39xjwnLNphGlt9UQxBhQx7GN%2FrHxQk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
accept-ranges
bytes
cf-ray
7d73a9fa19ee37f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
9379eed59c.js
kit.fontawesome.com/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://kit.fontawesome.com/9379eed59c.js
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8ef3755c1c0e73dd384a7a7c4d07fb899808284d0639a70d7db43fc51c3e6419
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
https://www.nisos.com/
Origin
https://www.nisos.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
strict-transport-security
max-age=31536000; preload
content-encoding
gzip
cf-cache-status
REVALIDATED
server
cloudflare
access-control-max-age
3000
access-control-allow-methods
GET, OPTIONS
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=60, public, must-revalidate
vary
origin, accept-encoding, access-control-request-headers, access-control-request-method
cf-ray
7d73a9fa9a583a68-FRA
access-control-allow-headers
accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id
F2iQX2kT2Tj49XAf7nSB
imagesloaded.min.js
www.nisos.com/wp-includes/js/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,ac16e648bbd8ab246c8802531e2e281b0d0094b44172184e8992cc74dcb58374
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
101806
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 14 Oct 2021 19:08:54 GMT
server
cloudflare
etag
W/"61688046-15fd"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G0xjpoegvdnQMdSfi395eDSEl2DmPHYo2UsNSpoCO4Rh6uvUooJ%2BkLekU6Bh0vb82bf8AIEhTP5gOXBmdHWn6VwrLGPJFBufsRvyzjSMhVITbtX0Rjn4Q8jYP3%2Fm1Gw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9fa09be37f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
masonry.min.js
www.nisos.com/wp-includes/js/ 		24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-includes/js/masonry.min.js?ver=4.2.2
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,186526930cac930fbf1401b86ea72183e8e160b637663475dbd3020cd6e38006
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
291046
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 14 Oct 2021 19:08:54 GMT
server
cloudflare
etag
W/"61688046-5e4a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cJe3TW8s81BV%2FRNnIV0rk3uyd4uYvpqaspvnTpUXPHXC5WWRd%2Frn%2BkLpCUcr8dbpNyleNWGWqwd5jNl%2FJoqMvlONsvkvRv1353jn5jcTxX4dOtCp%2FvvODabdAYSVelc%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9fa09c037f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
custom-layouts.js
www.nisos.com/wp-content/plugins/custom-layouts/assets/js/frontend/ 		362 B
904 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/plugins/custom-layouts/assets/js/frontend/custom-layouts.js?ver=1.4.9
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e71262c3e6d9eac19580f7725c2f1619790e8feb7fa6f536c029d94dcedc128
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,5b613f47a8eddddb04331b01c34c663b8c0c661de721af79ee619081763329b5
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
176145
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 06 Apr 2023 17:40:12 GMT
server
cloudflare
etag
W/"642f03fc-16a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OdONXYOl1Rm3XOofqf9V9q8lDx7p%2FAgzrwkHzM54Hv67799BIgBe65Ok0unFjaIxwLZbf0uSGTBoRaqUq3n4ECyzENapNXUDqS6xJyilr1jo6CsT%2B4zM25FGj46nsq8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9fa19d137f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
anime.min.js
www.nisos.com/wp-content/plugins/dg-advanced-heading/scripts/ 		17 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/plugins/dg-advanced-heading/scripts/anime.min.js?ver=8.7.1
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
71f229efc891fac06cdafe9765967f3dc1ce71db155e7130042e7e64aab7f43a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,8daca3b0c76ead811179a1bb2cba48637591af5a6347a97d69bef348ae5dabc8
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
291045
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 08 Sep 2022 14:34:06 GMT
server
cloudflare
etag
W/"6319fd5e-437e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CyoOy7b5IJef5p%2FPbXBBqvF2KBscwGHPv7nC0O3HV4HVl5DHY%2FZyetTm2J5o0N5QXmTLBEfUGxfSJJ%2BEQh%2FefTCEW0cyDS2hKa80qWAbp%2FGwOf4KuPJhCBhFWD0pc2c%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9fa19d737f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
swiper.min.js
www.nisos.com/wp-content/plugins/dg-blog-carousel/scripts/ 		135 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/plugins/dg-blog-carousel/scripts/swiper.min.js?ver=5.2.1
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a75aa5bab9865958cd01d39856dc37e96491296ef55f5d2fdce2915b1ea1c58
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,e66a057b995eae5a249d4c5562c57804698c142eb05edea085f1b7e7e2549fe1
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
291046
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 02 Aug 2022 16:43:00 GMT
server
cloudflare
etag
W/"62e95414-21cea"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D40DSJTxOjOycaA1XQpXhNXv5t%2BrIe2NzOOzrU8yYrGgmP9FdHJ4rmpfzuqK3dC2nxwOYe5btUUznA5GFwiWaWM33po8UbmSAbq8JXk9ipSR1JWVSc7mqSw%2Bv9OvJZg%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9fa19d937f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
6068438.js
js.hs-scripts.com/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-scripts.com/6068438.js?integration=WordPress&ver=10.1.16
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:893b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70ae0915da9da7c67f9eff7bbb9ad8088a7f8d0b5738cf498e33c923e50eb287

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:05 GMT
content-encoding
br
cf-cache-status
EXPIRED
x-hubspot-correlation-id
bd8ac87c-2579-4fc4-bc04-b2d85324488b
x-evy-trace-route-service-name
envoyset-translator
x-envoy-upstream-service-time
5
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
94dae2d6-68e8-425c-9132-3f591810e4b7
last-modified
Wed, 14 Jun 2023 15:36:14 GMT
server
cloudflare
x-trace
2B7D15EE4B92F3FA28911D607240335D952ED9356B000000000000000000
vary
origin, Accept-Encoding
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://www.nisos.com
x-evy-trace-virtual-host
all
cache-control
public, max-age=60
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-598c95b5b7-mst4w
cf-ray
7d73a9fa9b1a926b-FRA
expires
Wed, 14 Jun 2023 15:40:05 GMT
idle-timer.min.js
www.nisos.com/wp-content/plugins/monarch/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/plugins/monarch/js/idle-timer.min.js?ver=1.4.14
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
80fa756dda143f69fb3ce750e905cc8188150dc4c6b7539bf3627fe26530b405
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,d0dbb38299fae013682e2a5637d1349fb5f6339fc7e063c7134c2acae29be3a3
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
101799
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 14 Oct 2021 19:09:25 GMT
server
cloudflare
etag
W/"61688065-a4b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9wzb2ylxuhJqnS1sN5phrIM5pcr76jin6L1CfIUUl578atxbA5VmRWC29rJYVI3lSo9gkkIcBaTV3C5sPhOxcIiY8CsPoolRpeseK5C9W%2BrZ5zFyvMUxDBuoaCRtMi4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9fa19db37f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
custom.js
www.nisos.com/wp-content/plugins/monarch/js/ 		26 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/plugins/monarch/js/custom.js?ver=1.4.14
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43b5c9ad80f0a5d1c63568583e9cf6cd5ca8454a680f4ee80d5d63d00b15a360
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,f11c497a4440a3b44ec456d9755a2d49a57e835b202d0bc8a566875f94868ce2
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
176143
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 14 Oct 2021 19:09:25 GMT
server
cloudflare
etag
W/"61688065-6855"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TOWO%2Bb1Fo%2BOiYCSpynSn0zRSFMeYlTj8csbI6TSsYvadJcNXkOVSpv%2FqfqQ4s%2Bmx4XeVtQUqh9JUOeVHOEku2RG4ZjvyFeZ64uq30V5IRwvlmdS9CGzg%2FdIa4ghfUtA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9fa19dd37f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
front.min.js
www.nisos.com/wp-content/plugins/popups-for-divi/scripts/ 		65 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/plugins/popups-for-divi/scripts/front.min.js?ver=3.0.5
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b5cec8800ffe6b92993466f61ec4f4d5ee6dee946a942b9356559821585fb650
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,23af53dee9725f3caaf30aca7a821d7286e5bc7619b02a4a822f326c90fa97a7
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
376
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 06 Jul 2022 19:34:32 GMT
server
cloudflare
etag
W/"62c5e3c8-10394"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z%2FiU1AuD55Jd5b5Xmzyth7XLvoQUCeK3qtnLP0dtKryHXxQGunztYxk9iDFx9Nas2tOPOS9W57nzzRArhbfbHop9tvyzxwBNrF0e4MlsUBydZw6lBYZENAiS1xE62F0%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9fa19de37f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
core.min.js
www.nisos.com/wp-includes/js/jquery/ui/ 		21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,09feba44757de3dc5eefee3fddbc61100ff6515bf8096daa7e267547e18f3509
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
291045
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 06 Apr 2023 17:43:35 GMT
server
cloudflare
etag
W/"642f04c7-53be"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fZ%2FXCFwtfhBEX2DuGKvuzJbzmDCSKcpWfbMxYbzqqOvLROC9Xmcudch8zcGGKZuy6atkogLac5z3f8ULAJCiNbG18ps8E3RKmfkG7Xk65fZsqqNz%2FAS3LDgQsDbVl4w%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9fa19df37f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
datepicker.min.js
www.nisos.com/wp-includes/js/jquery/ui/ 		36 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-includes/js/jquery/ui/datepicker.min.js?ver=1.13.2
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db5ffd916dbeb4938cc236cb3a42e73a56987f28c5deb9f3beccbe2c4af19307
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,9bdfe29266775059ca7799e044a7ced0e5a22604c5e7816be9718a10e3621d64
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
291045
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 06 Apr 2023 17:43:35 GMT
server
cloudflare
etag
W/"642f04c7-8f79"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hdLXFUBJ0uHvLN05ymtW%2BV3qUPVyjc8IgL2pf80aURbhmzYp5qzM1kSZfam7xA39zwPlBRB07TUg6w4kQo7f82hsHp4u0l2b4L2r0l3BJjgFphs3jXHTgsmMgO%2BDW0o%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9fa19e137f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
slick.js
www.nisos.com/wp-content/themes/nisos-child/ 		42 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/themes/nisos-child/slick.js?ver=1.5.3
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0521badda7c602b73185aa5e23dd04fcb5f5ce5e0f1d693ff2cf9474178c1fee
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,7f28b306da0223e553d055dba958a569ba4b06045676e30a0a81032de4e77caa
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
73125
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 22 Nov 2021 15:10:41 GMT
server
cloudflare
etag
W/"619bb2f1-a794"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TLXS%2FmuRAJygq3X8xv7HY2MUu2WN%2BfmwGxctUU3SOVqaPZf2D0qTkSMnIyT7U0RCM9TtqBLRnm%2FAyMteIAp2Nze54XLULTUmVo2o%2F3VudkXAouuWlFgB%2FxNd1D1Mxjo%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9fa19e337f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
main.js
www.nisos.com/wp-content/themes/nisos-child/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/themes/nisos-child/main.js
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
67154bc8868a4e60ffeb64c6512e70acb648a5420a5eb7eaf86b20bb0a8457e3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,2497eda5ba28c1994d05448790851963bf661954a158a9d28c1a909c4ced576f
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
73123
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 24 Jan 2023 19:31:39 GMT
server
cloudflare
etag
W/"63d0321b-1800"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C7yDfdHdGm66oogxZ3BwuuUJICjmk7Zdq9ysM7CjiHc%2B59P%2FPXWWpX87JZ17WTLwJX0oEbORJGajhJLprbqFqw8DBjx1IHNhQAa5GbdljhWBsjIdzJLv2ZyY7A2nzsc%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9fa19e437f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
scripts.min.js
www.nisos.com/wp-content/themes/Divi/js/ 		268 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/themes/Divi/js/scripts.min.js?ver=4.20.4
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
97490bd354a26885acf09c0ba5b4c3c76d12bb55193f13456d3aa2ded6eda6fd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,0078fe226f21135f02b76b9cea82d51452e37145e772c0de1ad7931b4196d7b1
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
101796
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 06 Apr 2023 17:46:19 GMT
server
cloudflare
etag
W/"642f056b-42f5a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DvYIosBGm3kOILbvgQnHQVa8gjSFZaT1LtLPp1bLAhKPJeaEtPXFW%2BeL1pgfv8D8THDxd%2BGNrJXfWX72ulVlHVYCgy0PzHXBQFFPLPnwXQisfkKfKQ9S15mj2EtNS7w%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9fa19e537f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.fitvids.js
www.nisos.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.fitvids.js?ver=4.20.4
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
462747422c6af30aa81a0373fa1cfd736455cef52bdbb816f67be9531d84eace
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,7f53c136c574ac7f93303a17b8c2e84d7698ba503053c26c12a25b7b65d2e809
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
73123
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 06 Apr 2023 17:46:19 GMT
server
cloudflare
etag
W/"642f056b-d15"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wnI0SYUN3zQZFDE%2BOl8WoMd1DywM%2Fq28grpiKAcE%2FcrUxn7HLsMk38WYRTOtKGk2qa35WF3wgNbrRI5McnBS9ny8%2FzR3X3iEIrdCCjQxUW3LkSv2zD64EnhGOXs5Av4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9fa19e637f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
frontend-bundle.min.js
www.nisos.com/wp-content/plugins/dg-advanced-heading/scripts/ 		16 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/plugins/dg-advanced-heading/scripts/frontend-bundle.min.js?ver=1.0.1
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36e3278d17196da0532b353687c478f36936ecc8b6493d0b176ba69fdff05427
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,c231fe047aace500e7fb3a658afade5bf646b52fb2f2451aa05032563266a943
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
291045
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 08 Sep 2022 14:34:06 GMT
server
cloudflare
etag
W/"6319fd5e-40a4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hl%2FO1J1kIjPR1e23vtwPINQ3MxjiWjB52YMGbvjeeGSEjAuAEye0Ag4rU2W5WfcrreDgVnrOgJWJZ2GHMQrWNK5lqHomWUFHBSZniUQB%2BGQwdi4ky%2FSqFhDVFBxXGyY%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9fa19e837f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
frontend-bundle.min.js
www.nisos.com/wp-content/plugins/dg-blog-carousel/scripts/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/plugins/dg-blog-carousel/scripts/frontend-bundle.min.js?ver=1.0.15
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1786585ac9beb929463e7f963468e7e40da9b7b0111a0aab6673abdd2309b0b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,b7d3ae58bce83150d812aa0cf8fb54ef4132df3ccfd7a0b7c69e118919a2446e
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
291046
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 02 Aug 2022 16:43:00 GMT
server
cloudflare
etag
W/"62e95414-1054"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VsL%2FVc4BJ%2BM7AYEyIPK6HDWALbkVMsdnY8CoCXiiuV7LqdZiuhz0AuSRSGhpzMVDRDa1m%2BrwwRREGJQ9Avcjzji7LxtPDDQRF17mb0qlqyHSPiZcloBqC9EcxLzN%2Bcs%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9fa19e937f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
common.js
www.nisos.com/wp-content/themes/Divi/core/admin/js/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/themes/Divi/core/admin/js/common.js?ver=4.20.4
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1ca76922f55b389b8f590ae7e3bcc3a2dccdce3aff1e5a4335af081b76a414ea
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,350374433f14b9e16af3c54b9a984c379cdda6c3314c5fa4572f3406a048d4fe
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
73123
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 06 Apr 2023 17:46:18 GMT
server
cloudflare
etag
W/"642f056a-53f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ayPyUE6frpCxpG3z9zSU45NcKkbRyXftU9e2VeBcjXSSSgwsMsUSIUDgPfgNw%2FJsl0NUkIwXz6tKzUxgtN2yRZ%2FZ4%2FVblR41ePn5YEhBQ0QgAAV6GPOtUZKv5yiuA0E%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9fa19eb37f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
lazyload.min.js
www.nisos.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,a19d81d2b3a4e8aab2799c388ddcec8c72ef5af8b1bd2f9718c88cf1557ecadd
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
291045
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 10 May 2023 12:27:01 GMT
server
cloudflare
etag
W/"645b8d95-22bc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TZra32AQAOnYKZXty8oUBIvwGXKGWvWkQr%2FKEJ5hneXdZ1fGnyj7ZA%2FmwMhfyR5X6qLHRW0e9MxlM1OJpL1nWvevHZtCsY4Ff74zSOO%2FgtkO5z443fRqKbtWXDRif8E%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9fa19ef37f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
gtm.js
www.googletagmanager.com/ 		255 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TCFL7R7
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3ac3498e2065b5dd9db302c03d1a0ac220af0ac6a7df598d26e9df912f8d9c2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
90691
x-xss-protection
0
last-modified
Wed, 14 Jun 2023 15:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 14 Jun 2023 15:39:04 GMT
hotjar-3206651.js
static.hotjar.com/c/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-3206651.js?sv=5
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-10.fra56.r.cloudfront.net
Software
/
Resource Hash
12d03201aa733372057226d7a64c2fa3544859acb87fd88347950d1fbe66727a
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Wed, 14 Jun 2023 15:39:04 GMT
via
1.1 11e35514d631a9a9566fd489de935c06.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
age
40
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
etag
W/91c8c2780ab96eb20c5a53bda714aa6d
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cache-control
max-age=60
x-amz-cf-id
gEZYTeRlWoAJ9k0vi0tRR3ppFNucGcAhzrn2UAvRxCazNSBjvoZD9A==
lt-v3.js
lltrck.com/scripts/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://lltrck.com/scripts/lt-v3.js?llid=33234
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.200.29.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-200-29-199.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers
6si.min.js
j.6sc.co/ 		35 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
4aec96eddab69454e554bb60664da2e5043c363ebef6921644f619523e7274d7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 17 May 2023 00:27:16 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"64641f64-8a3f"
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, proxy-revalidate
accept-ranges
bytes
content-length
11052
expires
Wed, 14 Jun 2023 15:39:04 GMT
et-divi-dynamic-tb-9107-late.css
www.nisos.com/wp-content/et-cache/notfound/ 		628 B
882 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/et-cache/notfound/et-divi-dynamic-tb-9107-late.css
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
925d5ba38a0c2f9ab7df22566d1b0eec56615e69ea93b84c5e79a7f3074eb02a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,f4b3b59bfbc6d2cfd542d8c58d34ce9cbf6150ed35167059d381c9c8631bfedd
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
210
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 13 Jun 2023 20:49:18 GMT
server
cloudflare
etag
W/"6488d64e-274"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qXWrbjwKk0yxQas8wFMj8eWVOyIxmAm0u4iiJ4d87i861SbvpUSstQhGctqbHQWqoFqaSwWwH%2FGor7qLmQVI9%2FZUuXhaGvQUjbhRPTeB6ofl4gsZRnayHxO47Zv5oxM%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9fa19f237f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
2sDPZGJYnIjSi6H75xkZZE1I0yCmYzzQtuZnIGiV3w.woff2
fonts.gstatic.com/s/assistant/v18/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/assistant/v18/2sDPZGJYnIjSi6H75xkZZE1I0yCmYzzQtuZnIGiV3w.woff2
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
71e85b13d24a31d782e71da9f9192b5160369ec5ad1cb37988555d3eb93225d9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nisos.com/
Origin
https://www.nisos.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sat, 10 Jun 2023 11:59:05 GMT
x-content-type-options
nosniff
age
358799
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12868
x-xss-protection
0
last-modified
Fri, 24 Jun 2022 19:44:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 09 Jun 2024 11:59:05 GMT
modules.woff
www.nisos.com/wp-content/themes/Divi/core/admin/fonts/modules/social/ 		10 KB
7 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.nisos.com/wp-content/themes/Divi/core/admin/fonts/modules/social/modules.woff
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/wp-content/et-cache/notfound/et-divi-dynamic-tb-9107-late.css?ver=1686688277
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
20476c3fffc3c6f35095c566e8eff0342e3ddb73841c39b58455dc970522e7f7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.nisos.com/wp-content/et-cache/notfound/et-divi-dynamic-tb-9107-late.css?ver=1686688277
Origin
https://www.nisos.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,d48bfb68e0c79abe90e09219ab29fbbce8c657ef768bca57e406056af03018b3
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
101806
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 06 Apr 2023 17:46:18 GMT
server
cloudflare
etag
W/"642f056a-28e8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d6J%2FFVpX7azMqmkcP1sJkwz4BWoKeLQVL8ehU361mE2oaRUzwBic7RoPNALeCsqDdXWF%2B7Gb1rvuphsIv4TtTsocQpK09dDA3Kp2P1G71ldDOdL2KtwvmYRwIKdhDAE%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/font-woff
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
cf-ray
7d73a9fa3a1f37f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-4I-FWUU1.woff2
fonts.gstatic.com/s/rubik/v26/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/rubik/v26/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-4I-FWUU1.woff2
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ece9d22203d0bc59232a7ff5bc7b4df4342c89630387b0366595ba92b724957e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nisos.com/
Origin
https://www.nisos.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 16:33:21 GMT
x-content-type-options
nosniff
age
428743
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24396
x-xss-protection
0
last-modified
Wed, 08 Mar 2023 21:57:31 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 08 Jun 2024 16:33:21 GMT
2sDPZGJYnIjSi6H75xkZZE1I0yCmYzzQttRnIGiV3w.woff2
fonts.gstatic.com/s/assistant/v18/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/assistant/v18/2sDPZGJYnIjSi6H75xkZZE1I0yCmYzzQttRnIGiV3w.woff2
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bd94017c98cb7e9337f4bcc1e3dbf22ad1e048853d188bf896591d9e1f11af67
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nisos.com/
Origin
https://www.nisos.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sat, 10 Jun 2023 17:39:55 GMT
x-content-type-options
nosniff
age
338349
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12880
x-xss-protection
0
last-modified
Fri, 24 Jun 2022 19:44:51 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 09 Jun 2024 17:39:55 GMT
2sDPZGJYnIjSi6H75xkZZE1I0yCmYzzQtjhgIGiV3w.woff2
fonts.gstatic.com/s/assistant/v18/ 		12 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/assistant/v18/2sDPZGJYnIjSi6H75xkZZE1I0yCmYzzQtjhgIGiV3w.woff2
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3175dd776c73e3f90beb2340fd7d138a7fce24c1054a73f08216b1aa7e357534
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nisos.com/
Origin
https://www.nisos.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Tue, 13 Jun 2023 15:49:21 GMT
x-content-type-options
nosniff
age
85783
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12768
x-xss-protection
0
last-modified
Fri, 24 Jun 2022 19:45:02 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 12 Jun 2024 15:49:21 GMT
2sDPZGJYnIjSi6H75xkZZE1I0yCmYzzQtgFgIGiV3w.woff2
fonts.gstatic.com/s/assistant/v18/ 		12 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/assistant/v18/2sDPZGJYnIjSi6H75xkZZE1I0yCmYzzQtgFgIGiV3w.woff2
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6ca9f43967b272f585a9feb7ffc604462bea2cd2339e0a173899fe45e95b37c5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nisos.com/
Origin
https://www.nisos.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sat, 10 Jun 2023 16:31:32 GMT
x-content-type-options
nosniff
age
342452
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12772
x-xss-protection
0
last-modified
Fri, 24 Jun 2022 19:44:59 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 09 Jun 2024 16:31:32 GMT
modules.5718b73ab85bca652332.js
script.hotjar.com/ 		270 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.5718b73ab85bca652332.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3206651.js?sv=5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.236.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-236-63.fra56.r.cloudfront.net
Software
/
Resource Hash
5bad0658ea23d85d08fe0c5484686cf9c7e7ebefefc47627c8013a0f1647c289
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 09:34:07 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 94328d2509009edc0657f5c786a93e42.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P4
age
21897
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
70036
last-modified
Wed, 14 Jun 2023 09:33:13 GMT
etag
"aa0a9ff38247ad4cf62104f735a1a78c"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
KTtcPzRm6EmTIgbYxXh-lWZr9z2e2pVtGqyF0YEXtpU_nUjeixv03w==
free.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ 		59 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=9379eed59c
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/9379eed59c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:ca1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
via
1.1 2e4a0520ad8fe16707823b20e9441e08.cloudfront.net (CloudFront)
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C2
age
117324
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
etag
W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AJ1aVOctucg%2Ftwe5wNMGg82trk1CRkrnqeXrgKzW77etbnybAUUwt7f4dr8OaX7TA5MnRudpCalS9hFIfRPo2U7%2FiBGfLKDoVeKDvM0OLZySw2RVOqcUAShTuoBHp8QIZYah40AkR4s46P9oq6cNTzqijQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31556926
vary
Accept-Encoding
cf-ray
7d73a9fbcc4e372d-FRA
access-control-allow-headers
fa-kit-token
x-amz-cf-id
S9LBNOgUoLdIGVJFR4N9yEScuwiymsNvL5dSaaDRzhTfAXBFI9UcSw==
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ 		26 KB
5 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=9379eed59c
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/9379eed59c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:ca1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
via
1.1 fdc45b521af7652438141328494a79d2.cloudfront.net (CloudFront)
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C2
age
190915
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
etag
W/"76f34b71fc9fb641507ff6a822cc07f5"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Quv8CKcGyHbnoqWfACLeCokOPdLpgjj%2BHKruoFjiATpn4Nbw5NsDIHDBvWG9EHygqlpuHJlA52B3g3360GculQxktE4QQMCDdoT4EV8n1F4WE56EV0ElaSOcJHwg%2Fc60xC2ZsNDCzn0aJFfQX0PQhWw1w%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31556926
vary
Accept-Encoding
cf-ray
7d73a9fbcc51372d-FRA
access-control-allow-headers
fa-kit-token
x-amz-cf-id
0mCvml5y67_2YFmALx7AqeAU1k_JZyNB7ouChXKawfyCtADrnSQUWg==
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ 		3 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-font-face.min.css?token=9379eed59c
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/9379eed59c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:ca1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
via
1.1 8e83c42d247a31c5b365c08a0352d8f8.cloudfront.net (CloudFront)
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C2
age
190915
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
etag
W/"f2e0b2680d9b0bcb6e0039c4424e5a59"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IuQPTys%2BerS%2Bn%2BUHe1szau9TFBxZaed5Mdz7%2B4De9Y0HHIwVA3v6g1cE9060Dn5bDzqof7kQhglc%2BHm5gNbjQ88xflmF%2F9Kve2ePPiGkNS9BZ8zSKZY3Q4YzDMD%2FptqhnQ8V8CbgbJzhegprNPlKygKILA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31556926
vary
Accept-Encoding
cf-ray
7d73a9fbcc50372d-FRA
access-control-allow-headers
fa-kit-token
x-amz-cf-id
sFOuUjmMJmi_ZwevGb31GigDCqh4r9cnI6Xeu66hDkRZNV1FEVIKjg==
js
www.googletagmanager.com/gtag/ 		255 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-CTEG3MX1VW&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-145073476-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
dd54d0b84122836e0d7ca34b162129cd8a48f557a7f539be1f6eba2aeb44cb19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:04 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
88925
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 14 Jun 2023 15:39:04 GMT
analytics.js
www.google-analytics.com/ 		51 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-145073476-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 14 Jun 2023 15:04:48 GMT
last-modified
Mon, 17 Apr 2023 22:36:01 GMT
server
Golfe2
age
2056
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20737
expires
Wed, 14 Jun 2023 17:04:48 GMT
bat.js
bat.bing.com/ 		40 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCFL7R7
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Wed, 14 Jun 2023 15:39:04 GMT
last-modified
Thu, 11 May 2023 18:08:27 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: EC5C5F8181BF401CA39BDE166ED5CDA8 Ref B: FRA31EDGE0815 Ref C: 2023-06-14T15:39:04Z
etag
"80df77953384d91:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
12183
insight.min.js
snap.licdn.com/li.lms-analytics/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCFL7R7
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3100::1735:28c0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 10 Jan 2023 17:22:56 GMT
x-cdn
AKAM
vary
Accept-Encoding
content-type
application/x-javascript;charset=utf-8
cache-control
max-age=34734
accept-ranges
bytes
x-datastream-cache-status
1
content-length
4777
roundtrip.js
s.adroll.com/j/ 		67 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/roundtrip.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCFL7R7
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:6c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
226c9a2c80c75e3c5d7d197c484adb7d63e6ea36270af348bc223be73e8cd059

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

X-Amz-Version-Id
7FBoqqSL1b96.AgPH.JEYo4TSgYS0kb0
Content-Encoding
gzip
Via
1.1 22a1b3c2f1a7b6d72ce563a230b92a90.cloudfront.net (CloudFront)
Date
Wed, 14 Jun 2023 15:09:39 GMT
Age
1855
X-Amz-Cf-Pop
MUC50-C1
X-Amz-Server-Side-Encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Last-Modified
Tue, 09 May 2023 21:27:29 GMT
Server
AmazonS3
Etag
W/"7866810a321f41ea101e7bcfaa572323"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Access-Control-Max-Age
600
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
Fixe8j-m4a8WYQH7DkmcV_HpmqXFM33LBYNOscQBQBHMM0Jkz78bpA==
collect
region1.analytics.google.com/g/ 		0
244 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-CTEG3MX1VW&gtm=45je36c0&_p=1358951137&_gaz=1&cid=543957577.1686757145&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1686757144&sct=1&seg=0&dl=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&dt=Page%20not%20found%20-%20Nisos&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CTEG3MX1VW&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Jun 2023 15:39:05 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.nisos.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
47 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-CTEG3MX1VW&cid=543957577.1686757145&gtm=45je36c0&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CTEG3MX1VW&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Jun 2023 15:39:05 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.nisos.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-CTEG3MX1VW&cid=543957577.1686757145&gtm=45je36c0&aip=1&z=1741597486
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Jun 2023 15:39:05 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
visit-data
in.hotjar.com/api/v2/client/sites/3206651/ 		148 B
322 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://in.hotjar.com/api/v2/client/sites/3206651/visit-data?sv=5
Requested by
Host: script.hotjar.com
URL: https://script.hotjar.com/modules.5718b73ab85bca652332.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.255.78.124 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-255-78-124.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ca9d3bdace9ebc26af8da67aaf1e2392aa60db9e2b889568f318a768773c3a68

Request headers

Referer
https://www.nisos.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

date
Wed, 14 Jun 2023 15:39:05 GMT
content-encoding
br
vary
Accept-Encoding
access-control-max-age
86400
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, no-store
access-control-allow-credentials
true
collect
www.google-analytics.com/j/ 		2 B
206 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j100&a=1358951137&t=pageview&_s=1&dl=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&ul=en-us&de=UTF-8&dt=Page%20not%20found%20-%20Nisos&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=524027882&gjid=338379374&cid=543957577.1686757145&tid=UA-145073476-1&_gid=955359668.1686757145&_r=1&gtm=457e36c0&jsscut=1&z=625124425
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.nisos.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 14 Jun 2023 15:39:05 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.nisos.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
index.js
s.adroll.com/j/exp/ZCNLOBHP6JAMPK46MHW4HJ/ 		38 B
795 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/exp/ZCNLOBHP6JAMPK46MHW4HJ/index.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:6c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e6c19d4ee9832249a4a542057fe1cda984efb525973cb294831ec5ecc42367f7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

X-Amz-Version-Id
DjOpQH2sw6uC5p3PKudk47QAd2CrhYAs
Date
Wed, 14 Jun 2023 15:33:20 GMT
Via
1.1 22a1b3c2f1a7b6d72ce563a230b92a90.cloudfront.net (CloudFront)
Age
27799
X-Amz-Cf-Pop
MUC50-C1
X-Amz-Server-Side-Encryption
AES256
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
38
Last-Modified
Tue, 21 Mar 2023 16:36:52 GMT
Server
AmazonS3
Etag
"f5a64db38c4218cefe3f9d7531faf9a1"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Max-Age
600
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
jYjOcCQ_l9evs3Ngzzrbx--i9Ek99FHiRSS4Sssh3uT3Q2Yr-yJAZw==
index.js
s.adroll.com/j/pre/
Redirect Chain
  • https://s.adroll.com/j/pre/ZCNLOBHP6JAMPK46MHW4HJ/FQF5LWUC4ZDBZCUBYYYETE/fpconsent.js
  • https://s.adroll.com/j/pre/index.js
0
756 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/pre/index.js
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
HTTP/1.1
Server
2600:9000:20c3:6c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

X-Amz-Version-Id
nQEe8wQ7h0ROt7P4GJfDfstto6x684Hy
Date
Tue, 13 Jun 2023 20:37:24 GMT
Via
1.1 22a1b3c2f1a7b6d72ce563a230b92a90.cloudfront.net (CloudFront)
Age
68524
X-Amz-Cf-Pop
MUC50-C1
X-Amz-Server-Side-Encryption
AES256
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
0
Last-Modified
Wed, 15 Jan 2020 23:54:18 GMT
Server
AmazonS3
Etag
"d41d8cd98f00b204e9800998ecf8427e"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Max-Age
600
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
kMYtnxx1KNv5gk8KMTh6bhmKndLvcmay8UlfY5EjK1DM1mZHye-D1A==

Redirect headers

Date
Wed, 14 Jun 2023 07:55:46 GMT
Via
1.1 22a1b3c2f1a7b6d72ce563a230b92a90.cloudfront.net (CloudFront)
Age
27799
X-Amz-Cf-Pop
MUC50-C1
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
0
Server
AmazonS3
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/xml
Location
https://s.adroll.com/j/pre/index.js
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
CCszMH2AiSjIu9IiPUYR3rLMiSF3_FT2L0nMqXQpMIwufxwnXYnxgw==
index.js
s.adroll.com/j/pre/ZCNLOBHP6JAMPK46MHW4HJ/FQF5LWUC4ZDBZCUBYYYETE/ 		0
808 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/pre/ZCNLOBHP6JAMPK46MHW4HJ/FQF5LWUC4ZDBZCUBYYYETE/index.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:6c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

X-Amz-Version-Id
_bUiIGpFoqC9pllPMxuBpAUJZavfgMUL
Date
Wed, 14 Jun 2023 15:33:22 GMT
Via
1.1 4699c08b44211e17f977ca0133ec5e8e.cloudfront.net (CloudFront)
Age
344
X-Amz-Cf-Pop
MUC50-C1
X-Amz-Server-Side-Encryption
AES256
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
0
Last-Modified
Mon, 12 Jun 2023 12:21:56 GMT
Server
AmazonS3
Etag
"d41d8cd98f00b204e9800998ecf8427e"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Access-Control-Max-Age
600
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
OJOcf-qWYcY70UEBZ0y8m94VSj-DcR9eHEvkI9BUtPqKtCR4jF3yWA==
149003803.js
bat.bing.com/p/action/ 		0
119 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/149003803.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
date
Wed, 14 Jun 2023 15:39:04 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 4ADB5B84500D4DD886A96D6BC145DB3B Ref B: FRA31EDGE0815 Ref C: 2023-06-14T15:39:05Z
x-cache
CONFIG_NOCACHE
0
bat.bing.com/action/ 		0
288 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=149003803&tm=gtm002&Ver=2&mid=f03e566c-8ef4-4848-bce1-a5b57fb5c9dc&sid=98164fd00ac911ee823f251dc899d2c9&vid=981678d00ac911eeb1cd47fc3904edb8&vids=1&msclkid=N&gtm_tag_source=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Page%20not%20found%20-%20Nisos&p=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&r=&lt=1162&evt=pageLoad&sv=1&rn=787116
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 14 Jun 2023 15:39:04 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: B460DB5FF5EB4FB69CDD757BA0750337 Ref B: FRA31EDGE0815 Ref C: 2023-06-14T15:39:05Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
348 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-145073476-1&cid=543957577.1686757145&jid=524027882&gjid=338379374&_gid=955359668.1686757145&_u=YADAAUAAAAAAACAAI~&z=1930428143
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.nisos.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Wed, 14 Jun 2023 15:39:05 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.nisos.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
fb.js
js.hsadspixel.net/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6068438.js?integration=WordPress&ver=10.1.16
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:75be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eed334d1c96abd8c03aacf86a2a30fb9d391290f27e49b0fa456a7af8f1a1bf8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:05 GMT
x-amz-version-id
wXOaVt.1FYp5SJSGbufdokAhWgyD7J.j
via
1.1 f4c38e024a95b76a27c9f3dc9ff2eda6.cloudfront.net (CloudFront)
cf-cache-status
HIT
content-encoding
br
x-amz-cf-pop
IAD12-P1
age
352
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.381/bundles/pixels-release.js&cfRay=7d73a1645efd2bd1-FRA
x-cache
Hit from cloudfront
cache-tag
staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
0
x-amz-replication-status
COMPLETED
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
f02043fc-ec74-438d-b710-c589e686fcf0
last-modified
Mon, 05 Jun 2023 12:31:29 UTC
server
cloudflare
etag
W/"3907b3424cd18a581148905ead09299a"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-hs-cache-status
HIT
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-57ff77fcd-h6thn
cf-ray
7d73a9fd78fb2bec-FRA
x-amz-cf-id
0zkRyS8OuXYDsn1vblatIg3CzKvoL43t87reJdpzk7nNpuZCylVtCQ==
x-hs-target-asset
adsscriptloaderstatic/static-1.381/bundles/pixels-release.js
collectedforms.js
js.hscollectedforms.net/ 		69 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hscollectedforms.net/collectedforms.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6068438.js?integration=WordPress&ver=10.1.16
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:6bc7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f148a333a7585ab1391cceb303d946f5bf1b38ba6bb8eae863125ccde728bb3

Request headers

Referer
https://www.nisos.com/
Origin
https://www.nisos.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:05 GMT
x-amz-version-id
S1jmwKbmrdTaJO._teNI0LpuWSvl4WIJ
via
1.1 31341771a4bfa40d7b1f61883ffb56c6.cloudfront.net (CloudFront)
cf-cache-status
HIT
content-encoding
br
x-amz-cf-pop
IAD12-P1
age
303
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.378/bundles/project.js&cfRay=7d73a297aa342bb2-FRA
x-cache
Hit from cloudfront
cache-tag
staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
2
x-amz-replication-status
COMPLETED
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
11d61425-3ad2-4bf0-9de2-8a31d005bbc3
last-modified
Tue, 13 Jun 2023 09:45:35 UTC
server
cloudflare
etag
W/"b19afd994dc32a5784e74169cca8128a"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
x-hs-cache-status
HIT
cache-control
s-maxage=600, max-age=300
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-57ff77fcd-cxzff
cf-ray
7d73a9fd898c2bcf-FRA
x-amz-cf-id
bCt-fkF_PyWjs7S9PyHK6gGZ6HA4EBBjr_IG0FwsEoEyy2P9uw9YRQ==
x-hs-target-asset
collected-forms-embed-js/static-1.378/bundles/project.js
6068438.js
js.hs-analytics.net/analytics/1686756900000/ 		66 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1686756900000/6068438.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6068438.js?integration=WordPress&ver=10.1.16
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:8ace , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc75fde9d885436158a8f8cf693cd18c626e9ae9ebae204e19df8832220a9588

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:05 GMT
x-amz-version-id
null
content-encoding
br
cf-cache-status
HIT
x-amz-request-id
JDP9TTWP5H1FJXHN
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
age
41
x-envoy-upstream-service-time
20
x-amz-id-2
hDnoGiYjqRf9GOVhGlJXEw1bz9NqUQSw/jShUCc2oZGwL6GiXLmnfgesKUUbYxowmQ4ZOrVANvk=
x-evy-trace-listener
listener_https
x-request-id
30cc7324-ba36-40b7-90c0-6d781b83d30a
x-evy-trace-route-configuration
listener_https/all
last-modified
Wed, 31 May 2023 18:58:16 GMT
server
cloudflare
etag
W/"53f50056e73efe4d372a3c3d7b9e2afa"
vary
origin, Accept-Encoding
content-type
text/javascript
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-f4w7q
cache-control
max-age=300,public
access-control-allow-credentials
false
cf-ray
7d73a9fd882618d6-FRA
expires
Wed, 14 Jun 2023 15:43:24 GMT
6068438.js
js.hs-banner.com/ 		60 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/6068438.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6068438.js?integration=WordPress&ver=10.1.16
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:18c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea452eadc5efaf0bc3c4c5285e5f1b4f4c92a5b01c26c99d7f5f89c9442749ac

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:05 GMT
x-amz-version-id
lPvgFgL3qGjwKQFUqumxetd2DFL88LOM
content-encoding
br
cf-cache-status
REVALIDATED
x-amz-request-id
2J58R725YB93J2HC
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-envoy-upstream-service-time
51
x-amz-id-2
M0GQQ1EjgftxMU6+K5Vv+lQ9Nyu7GEVF5yoqzKXAVvKr1wjsVMxUj5y5rqWJbqAP7bHeipU4HI8=
x-evy-trace-listener
listener_https
x-request-id
cc0de366-3f5f-479b-aabf-e2ca1508a916
x-evy-trace-route-configuration
listener_https/all
last-modified
Mon, 17 Apr 2023 15:46:35 GMT
server
cloudflare
etag
W/"21995b8612a52259cde29a69cc701923"
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://www.nisos.com
x-evy-trace-virtual-host
all
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300,public
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-9vnjb
vary
origin, Accept-Encoding
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
7d73a9fd7e9e91e7-FRA
expires
Wed, 14 Jun 2023 15:44:05 GMT
leadflows.js
js.hsleadflows.net/ 		545 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6068438.js?integration=WordPress&ver=10.1.16
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:836e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53c6e25ad853b5a6ad922795465a0e178c87af06b8a7ab3bde53b7b6939902c8

Request headers

Referer
https://www.nisos.com/
Origin
https://www.nisos.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-encoding
br
age
73259
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1213/bundle/main/lead-flows-release.js&cfRay=7d6cad72ddee1d9c-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"e0a28490756bd60883ddd702b459f472"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=86400, max-age=0
x-hs-target-asset
lead-flows-js/static-1.1213/bundle/main/lead-flows-release.js
date
Wed, 14 Jun 2023 15:39:05 GMT
x-amz-version-id
8pz0uDcBGYlrsmWQyDnHbF47HkG8cM.I
via
1.1 e8eec15d9551dd475d4c478f9fbb5f04.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
IAD12-P3
x-cache
Hit from cloudfront
cache-tag
staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
7
x-evy-trace-route-configuration
listener_https/all
x-request-id
eb111204-5dc9-4e5c-87fb-01c616d1abab
last-modified
Tue, 06 Jun 2023 12:07:08 UTC
server
cloudflare
access-control-max-age
3000
x-hs-cache-status
MISS
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-57ff77fcd-x5fmx
cf-ray
7d73a9fd8ed8904e-FRA
x-amz-cf-id
MpKrpGnjgRXZCr3IjBoZRg8k170JGsHpV3Ze5ETIn5JXkzkroWjekQ==
token
cdn.linkedin.oribi.io/partner/4343073/domain/nisos.com/ 		36 B
377 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.linkedin.oribi.io/partner/4343073/domain/nisos.com/token
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:237d:6200:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept
*
Referer
https://www.nisos.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 14:01:50 GMT
content-encoding
gzip
via
1.1 09dddedbac44fa07d4af5f638358fa8a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
5834
vary
accept-encoding
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=11068
x-amz-cf-id
IaegeeDUiQV9AwPECY4olx3FhwKptZRaRWFZuYIR4mcFTfP3T_Po3Q==
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4343073&time=1686757145147&url=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4343073&time=1686757145147&url=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&cookiesTest=true
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4343073%26time%3D1686757145147%26url%3Dhttps%253A%252F%252Fwww.nisos.com%252Frese...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4343073&time=1686757145147&url=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&cookiesTest=true&liSync=true
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4343073&time=1686757145147&url=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&cookiesTest=true&liSync=tr...
0
267 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4343073&time=1686757145147&url=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&cookiesTest=true&liSync=true&e_ipv6=AQISnHDlA0HQvgAAAYi6j3zY6ITuhmLschvSLo9Jd1u2w9DW2ZfBmtKRE4kqt9O_a-BSmMAcdvvI
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:05 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: A033DF5DC3A44113BE10A45797E808EE Ref B: DUS30EDGE0905 Ref C: 2023-06-14T15:39:06Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-ltx1
x-li-proto
http/2
content-length
0
x-li-uuid
AAX+GMCDnsCQJ9pCYsrpiA==

Redirect headers

date
Wed, 14 Jun 2023 15:39:04 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 80867F8304C44E7BBF22E4E89402AC9D Ref B: FRAEDGE1919 Ref C: 2023-06-14T15:39:05Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4343073&time=1686757145147&url=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&cookiesTest=true&liSync=true&e_ipv6=AQISnHDlA0HQvgAAAYi6j3zY6ITuhmLschvSLo9Jd1u2w9DW2ZfBmtKRE4kqt9O_a-BSmMAcdvvI
x-li-proto
http/2
content-length
0
x-li-uuid
AAX+GMB/jEymvVfLuMIk/g==
ZCNLOBHP6JAMPK46MHW4HJ
d.adroll.com/consent/check/ 		466 B
559 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d.adroll.com/consent/check/ZCNLOBHP6JAMPK46MHW4HJ?pv=62013586202.93309&arrfrr=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&_s=656b8cd2135ea0819f6f36311599a8e9&_b=2
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:cc3:fe05:4ebd:aca3:7153:70f6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
e378721c45d2af78b05933aad86189845b438d8dc799d9def9c379fc4b2b45d8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:05 GMT
server
nginx/1.22.1
content-length
466
content-type
application/javascript
ga-audiences
www.google.com/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-145073476-1&cid=543957577.1686757145&jid=524027882&_u=YADAAUAAAAAAACAAI~&z=1878058257
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Jun 2023 15:39:05 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-145073476-1&cid=543957577.1686757145&jid=524027882&_u=YADAAUAAAAAAACAAI~&z=1878058257
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Jun 2023 15:39:05 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
content.hotjar.io/ 		56 B
161 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://content.hotjar.io/?gzip=1
Requested by
Host: script.hotjar.com
URL: https://script.hotjar.com/modules.5718b73ab85bca652332.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.243.212.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-212-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
c35cb6c4a2a1fa2a539d286ab602431f2c6369047e24af66d3ab95bc50dae1fe

Request headers

Referer
https://www.nisos.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

access-control-allow-origin
*
date
Wed, 14 Jun 2023 15:39:05 GMT
content-length
56
vary
Origin
content-type
application/json
json
forms.hscollectedforms.net/collected-forms/v1/config/ 		115 B
445 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=6068438&utk=
Requested by
Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:6bc7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
486c0b266a6576698325f0f56089aa3891fdc3f6f0d8f162435e3bfca57848fb

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.nisos.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:05 GMT
content-encoding
br
cf-cache-status
DYNAMIC
x-hubspot-correlation-id
6967d91d-5c1d-4da6-9ce5-13139c6248b8
x-evy-trace-route-service-name
envoyset-translator
x-envoy-upstream-service-time
2
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
db0b7a9a-cc3f-4c00-a3bf-f8e66aa03701
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.nisos.com
x-evy-trace-virtual-host
all
cache-control
max-age=0
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-57ff77fcd-8rxrz
access-control-max-age
180
x-robots-tag
none
access-control-allow-headers
*
cf-ray
7d73a9fe1a602bcf-FRA
counters.gif
forms.hsforms.com/embed/v3/ 		35 B
983 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:d6f3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Wed, 14 Jun 2023 15:39:05 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
CF-Cache-Status
DYNAMIC
X-HubSpot-Correlation-Id
1e2d15ed-d8f9-4fc6-8dc3-8a290b45cde7
x-evy-trace-route-service-name
envoyset-translator
x-envoy-upstream-service-time
1
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Content-Length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
773a60fd-a660-4fa4-b8b0-19a3a3c4af4c
Server
cloudflare
X-Trace
2B0CFB60901E9CDDD5E3E47097D6DA004F58EFE5CC000000000000000000
Vary
origin
Content-Type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-759c64d45c-llkhw
Access-Control-Expose-Headers
X-Origin-Hublet
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
false
X-Robots-Tag
none
CF-RAY
7d73a9ff5c8a03a6-FRA
view
js.hs-banner.com/cookie-banner-public/v1/activity/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:18c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.nisos.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin
https://www.nisos.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age
604800
cf-cache-status
DYNAMIC
cf-ray
7d73aa006a343a8a-FRA
content-length
0
content-type
application/octet-stream
date
Wed, 14 Jun 2023 15:39:06 GMT
server
cloudflare
timing-allow-origin
*
vary
origin
x-envoy-upstream-service-time
0
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-ns2gd
x-evy-trace-virtual-host
all
x-request-id
671d702d-c39f-46c4-9a1b-be9e29561535
view
js.hs-banner.com/cookie-banner-public/v1/activity/ 		0
168 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Requested by
Host: js.hs-banner.com
URL: https://js.hs-banner.com/6068438.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:18c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.nisos.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 14 Jun 2023 15:39:06 GMT
cf-cache-status
DYNAMIC
x-hubspot-correlation-id
09d4bdc8-b499-4a73-9392-a316ba8cd22e
x-evy-trace-route-service-name
envoyset-translator
x-envoy-upstream-service-time
12
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
481fa5ee-4d9d-4524-a88b-1b2eb1fc86cf
server
cloudflare
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin
https://www.nisos.com
x-evy-trace-virtual-host
all
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
vary
origin
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-v9vn7
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
7d73aa02ed313a8a-FRA
/
c.6sc.co/ 		7 B
192 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:06 GMT
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
text/html
access-control-allow-origin
https://www.nisos.com
access-control-allow-credentials
true
access-control-allow-headers
*
content-length
7
/
ipv6.6sc.co/ 		23 B
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ipv6.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:629c Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
9396a03f992569985b844f39a0e20187bd4f89bd03b35137050ba22c50798297

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Jun 2023 15:39:06 GMT
vary
Origin
content-type
text/html
access-control-allow-origin
https://www.nisos.com
cache-control
max-age=0, no-cache, no-store
6si-ipv6
2001:1b60:2:240:3247::2
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="468543_388391900_181608709_25_1087_159_0_-";dur=1
content-length
23
expires
Wed, 14 Jun 2023 15:39:06 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
484 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=3dfff14e51083acf56ac79a38773850e&svisitor=null&visitor=6f9a0a77-7d95-4152-867b-28ffd8a171f2&session=9573afbb-67b3-4a91-80fa-5fbd9d4f4388&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2014%20Jun%202023%2015%3A39%3A04%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2014%20Jun%202023%2015%3A39%3A04%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%223dfff14e51083acf56ac79a38773850e%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2014%20Jun%202023%2015%3A39%3A04%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2014%20Jun%202023%2015%3A39%3A04%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20-%20Nisos%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&pageViewId=cd3b6ab0-3556-4184-80ab-5ca9f31d6a30
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:06 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5e502810-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
__ptq.gif
track.hubspot.com/ 		45 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3485376358&v=1.1&a=6068438&ct=standard-page&pu=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&t=Page+not+found+-+Nisos&cts=1686757146196&vi=e16d0c1842f637907a3a3783bd755bc1&nc=true&ce=false&pt=1&cc=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
53c3a646-c8a6-4509-aee7-930db0eadbae
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
5
alt-svc
h3=":443"; ma=86400
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
7ae1fe56-5ceb-41b4-a97c-0ff1180c7091
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=784iLnpncivhbmq23hvo83GYzJlDA7gaQDDsV5dC88SVX%2B0uYky4yViwoc76XDVAktHOTjFWQLF0%2FtuJK7cQ3kk3H6bxs4J8SLmWG9%2FCKas7ePfzcr9H10bMaZgISfU0dkKKOIITgsyffwBkTltH"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-5f6448c676-86grs
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
7d73aa046a960857-FRA
x-robots-tag
none
alt-nisos-logo.png
www.nisos.com/wp-content/uploads/2023/04/ 		18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.nisos.com/wp-content/uploads/2023/04/alt-nisos-logo.png
Requested by
Host: www.nisos.com
URL: https://www.nisos.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
57f4680898f2af59bf83a8bedb562603677780be4133457db08e6314c6438723
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:06 GMT
ki-cache-tag
55585fc0-2726-4e8a-bfac-54fdf091b637,9e1cc11f922671cae97c6059e0bef5e438bbaee348bf1fa087f49aef62e5be2d
cf-cache-status
HIT
ki-edge
v=19.0.6;mv=1.1.3
x-content-type-options
nosniff
age
101809
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
18447
last-modified
Mon, 17 Apr 2023 14:31:45 GMT
server
cloudflare
etag
"643d5851-480f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x%2FkXHzuX03wtadw14jgMsb2UjROJ10diuQp%2Fx%2BXW28B2cjWz0gY6mnAd4my0cJzmQdcGo4gWyR1viNBmzmN7EM%2FSYG3TeFmGTd5HvUSsq%2F%2FAlwYIqxMTUs8%2BTZ2tRRI%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=2592000
ki-cache-type
CDN
accept-ranges
bytes
cf-ray
7d73aa03df0237f5-FRA
ki-cf-cache-status
HIT
x-edge-location-klb
1
expires
Thu, 31 Dec 2037 23:55:55 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
484 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=3dfff14e51083acf56ac79a38773850e&svisitor=null&visitor=6f9a0a77-7d95-4152-867b-28ffd8a171f2&session=9573afbb-67b3-4a91-80fa-5fbd9d4f4388&event=ipv6&q=%7B%22address%22%3A%222001%3A1b60%3A2%3A240%3A3247%3A%3A2%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20-%20Nisos%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&pageViewId=cd3b6ab0-3556-4184-80ab-5ca9f31d6a30
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:06 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
484 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=3dfff14e51083acf56ac79a38773850e&svisitor=null&visitor=6f9a0a77-7d95-4152-867b-28ffd8a171f2&session=9573afbb-67b3-4a91-80fa-5fbd9d4f4388&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2014%20Jun%202023%2015%3A39%3A07%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2014%20Jun%202023%2015%3A39%3A04%20GMT%22%2C%22timeSpent%22%3A%222355%22%2C%22totalTimeSpent%22%3A%222355%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20-%20Nisos%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&pageViewId=cd3b6ab0-3556-4184-80ab-5ca9f31d6a30
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:07 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Fri, 21 Feb 2020 18:57:20 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"5e502810-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
484 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=3dfff14e51083acf56ac79a38773850e&svisitor=null&visitor=6f9a0a77-7d95-4152-867b-28ffd8a171f2&session=9573afbb-67b3-4a91-80fa-5fbd9d4f4388&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2014%20Jun%202023%2015%3A39%3A08%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2014%20Jun%202023%2015%3A39%3A07%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223356%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20-%20Nisos%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&pageViewId=cd3b6ab0-3556-4184-80ab-5ca9f31d6a30
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:08 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"615ccf10-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
485 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=3dfff14e51083acf56ac79a38773850e&svisitor=null&visitor=6f9a0a77-7d95-4152-867b-28ffd8a171f2&session=9573afbb-67b3-4a91-80fa-5fbd9d4f4388&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2014%20Jun%202023%2015%3A39%3A09%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2014%20Jun%202023%2015%3A39%3A08%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224357%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20-%20Nisos%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&pageViewId=cd3b6ab0-3556-4184-80ab-5ca9f31d6a30
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:09 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 02:04:22 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f03226-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
485 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=3dfff14e51083acf56ac79a38773850e&svisitor=null&visitor=6f9a0a77-7d95-4152-867b-28ffd8a171f2&session=9573afbb-67b3-4a91-80fa-5fbd9d4f4388&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2014%20Jun%202023%2015%3A39%3A10%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2014%20Jun%202023%2015%3A39%3A09%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225358%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Page%20not%20found%20-%20Nisos%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.nisos.com%2Fresearch%2Ftrigona-ransomware-explained%2F***IOCs%3A***IP&pageViewId=cd3b6ab0-3556-4184-80ab-5ca9f31d6a30
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.nisos.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 15:39:10 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"60bb2e15-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

201 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 boolean| credentialless object| onbeforetoggle object| onscrollend object| divimode_loader object| DiviAreaConfig object| DiviPopupData object| DiviPopup object| DiviArea string| gtm4wp_datalayer_name object| dataLayer function| DOMPurify undefined| $ function| jQuery string| cssTarget string| ForceInlineSVGActive string| frontSanitizationEnabled object| SF_LDATA object| searchAndFilter function| wNumb object| _hsq object| dataLayer_content function| hj object| _hjSettings function| gtag boolean| llcookieless object| formalyze object| _6si function| EvEmitter function| imagesLoaded function| jQueryBridget function| getSize function| matchesSelector object| fizzyUIUtils function| Outlayer function| Masonry function| anime function| Swiper object| leadin_wordpress object| monarchSettings object| divimode_front function| _createClass function| _classCallCheck function| RocketBrowserCompatibilityChecker object| RocketPreloadLinksConfig object| DIVI object| et_builder_utils_params object| et_frontend_scripts object| et_pb_custom object| et_pb_box_shadow_elements function| Waypoint function| et_pb_debounce function| et_pb_smooth_scroll function| et_pb_form_placeholders_init function| et_duplicate_menu function| et_pb_remove_placeholder_text function| et_fix_fullscreen_section function| et_bar_counters_init function| et_fix_pricing_currency_position function| et_pb_set_responsive_grid function| et_pb_set_tabs_height function| et_pb_box_shadow_apply_overlay function| et_pb_init_nav_menu function| et_pb_toggle_nav_menu function| et_pb_apply_sticky_image_effect function| et_pb_menu_inject_inline_centered_logo function| et_pb_menu_inject_item function| et_pb_reposition_menu_module_dropdowns boolean| et_load_event_fired boolean| et_is_transparent_nav boolean| et_is_vertical_nav boolean| et_is_fixed_nav boolean| et_is_minified_js boolean| et_is_minified_css boolean| et_force_width_container_change function| et_pb_init_woo_star_rating function| et_pb_wrap_woo_attribute_fields_in_span function| et_calculate_fullscreen_section_size function| et_pb_init_modules function| etFixDividerSpacing function| etInitWooReviewsRatingStars boolean| et_calculating_scroll_position boolean| et_side_nav_links_initialized function| dgadh_animation object| lazyLoadOptions object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules function| LazyLoad object| google_tag_manager object| google_tag_data function| et_calculate_header_values function| et_change_primary_nav_position function| et_fix_page_container_position function| et_pb_window_side_nav_scroll_init function| et_pb_side_nav_page_init object| images boolean| is_image object| iframes boolean| is_iframe object| rocket_lazy object| FontAwesomeKitConfig string| GoogleAnalyticsObject function| ga function| bodhisvgsInlineSupport function| et_pb_slider_init function| et_countdown_timer function| et_countdown_timer_labels function| et_pb_tabs_init function| et_pb_circle_counter_update function| et_apply_parallax function| et_parallax_set_height function| et_apply_builder_css_parallax function| et_pb_play_overlayed_video function| et_pb_resize_section_video_bg function| et_pb_center_video function| et_pb_adjust_video_margin function| et_fix_slider_height function| et_pb_submit_newsletter function| et_fix_testimonial_inner_width function| et_pb_video_background_init function| et_animate_element function| et_process_animation_data function| et_has_animation_data function| et_get_animation_classes function| et_remove_animation function| et_remove_animation_data function| et_reinit_waypoint_modules function| et_calc_fullscreen_section function| debounced_et_apply_builder_css_parallax function| et_pb_parallax_init function| et_pb_fullwidth_header_scroll function| et_pb_search_init function| et_pb_search_percentage_custom_margin_fix function| et_pb_comments_init function| et_pb_shop_add_hover_class string| _linkedin_data_partner_id string| adroll_adv_id string| adroll_pix_id boolean| __adroll_loaded function| onYouTubeIframeAPIReady object| gaGlobal object| gaplugins object| gaData function| UET function| UET_init function| UET_push string| adroll_sid object| adroll object| __adroll boolean| adroll_optout object| adroll_loaded object| adroll_ext_network object| adroll_callbacks function| adroll_tpc_callback object| ueto_fffecc207b object| uetq object| _hsp function| lintrk boolean| _already_called_lintrk object| adroll_exp_list object| __adroll_consent_data boolean| PIXELS_RAN object| enabledEventSettings object| __hsCollectedFormsDebug object| _paq function| sanitizeKey boolean| _hstc_loaded object| globalRoot undefined| hns function| bindToWindowOnError function| defineProperties object| leadflows object| hubspot function| OutpostErrorReporter function| _registerAvailablePopup object| _availablePopups boolean| popupPoliceActive undefined| hns2 undefined| jade undefined| I18n undefined| Pikaday undefined| reqwest undefined| exports undefined| define boolean| LEAD_FLOWS_RAN boolean| COMMON_SETUP_RAN boolean| __adroll_consent boolean| __adroll_consent_is_gdpr string| __adroll_consent_user_country string| __adroll_consent_adv_country boolean| _hspb_ran boolean| _hspb_loaded string| et_location_hash function| et_pb_init_woo_custom_button_icon string| waypointContextKey boolean| _hstc_ran string| __hsUserToken number| expireDateTime

25 Cookies

Domain/Path Name / Value
.nisos.com/ Name: _gcl_au
Value: 1.1.1387124440.1686757145
.nisos.com/ Name: _ga_CTEG3MX1VW
Value: GS1.1.1686757144.1.0.1686757144.60.0.0
.nisos.com/ Name: _hjSessionUser_3206651
Value: eyJpZCI6ImQ2NzBiYzA3LTVhNWItNTk2MS05MGY0LWFhODY3ZjQ1N2NmMSIsImNyZWF0ZWQiOjE2ODY3NTcxNDUwMjQsImV4aXN0aW5nIjpmYWxzZX0=
.nisos.com/ Name: _hjFirstSeen
Value: 1
.nisos.com/ Name: _hjIncludedInSessionSample_3206651
Value: 1
.nisos.com/ Name: _hjSession_3206651
Value: eyJpZCI6ImNmZGIyNDUxLWQ4ODYtNGNhNi05OWM4LTNjN2NjYWM0NTNiMCIsImNyZWF0ZWQiOjE2ODY3NTcxNDUwMzUsImluU2FtcGxlIjp0cnVlfQ==
.nisos.com/ Name: _hjAbsoluteSessionInProgress
Value: 0
.nisos.com/ Name: _ga
Value: GA1.2.543957577.1686757145
.nisos.com/ Name: _gid
Value: GA1.2.955359668.1686757145
.nisos.com/ Name: _gat_gtag_UA_145073476_1
Value: 1
.nisos.com/ Name: _uetsid
Value: 98164fd00ac911ee823f251dc899d2c9
.nisos.com/ Name: _uetvid
Value: 981678d00ac911eeb1cd47fc3904edb8
.bing.com/ Name: MUID
Value: 1A94EF4D2CA16F623E66FC7D2D0D6EED
www.nisos.com/ Name: ln_or
Value: eyI0MzQzMDczIjoiZCJ9
.linkedin.com/ Name: li_sugr
Value: 683fa0a1-a141-49e4-afac-9610123274d7
.linkedin.com/ Name: bcookie
Value: "v=2&78580299-8ffa-4ff6-8cbb-b5a9c9952128"
.linkedin.com/ Name: lidc
Value: "b=TGST09:s=T:r=T:a=T:p=T:g=2537:u=1:x=1:i=1686757145:t=1686843545:v=2:sig=AQFdd4mIUaTQa6-XAzWYPCwwtwZayB5o"
.linkedin.com/ Name: UserMatchHistory
Value: AQIFN3-BwzegQwAAAYi6j3t9oOXa1KISsie64fbEBZ0fhTv9X9BrHWrxyyqrLu0TxZqE4K22tUnk6A
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQKIo9Sv1__RtQAAAYi6j3t9LGinJLZ0kn7M8v1JUH7Xn_uja-gIohzhgZdGXcoj9ph-9WGuAsJ5xsMTmOpdFA
.www.linkedin.com/ Name: bscookie
Value: "v=1&20230614153905ca56bf96-808b-4a64-8263-8c723b5f0a35AQGhKtq8D596XUUeGq9uEEum1aIDVJta"
.linkedin.com/ Name: li_gc
Value: MTswOzE2ODY3NTcxNDU7MjswMjFCLwuIpwtAGTymtlnONBd8tpnjHxHWkW2LKlyRp5r2Cg==
www.nisos.com/ Name: _gd_visitor
Value: 6f9a0a77-7d95-4152-867b-28ffd8a171f2
www.nisos.com/ Name: _gd_session
Value: 9573afbb-67b3-4a91-80fa-5fbd9d4f4388
.hubspot.com/ Name: __cf_bm
Value: YJsdx9GbGYLcwItpD04rublQ4ITZHSl9p94tG3Xf.x8-1686757146-0-AUUzUdc+LqsRVf+sB5FLFnlccPugGWpBdWfu40gHvJiGUyGSJoPWE20dSphWYgcMmqAlMEddeveye+W6eTQANeM=
.6sc.co/ Name: 6suuid
Value: bd641102225202001adf8964ac01000036704401

2 Console Messages

Source Level URL
Text
network error URL: https://www.nisos.com/research/trigona-ransomware-explained/***IOCs:***IP
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://lltrck.com/scripts/lt-v3.js?llid=33234
Message:
Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

b.6sc.co
bat.bing.com
c.6sc.co
cdn.linkedin.oribi.io
content.hotjar.io
d.adroll.com
fonts.googleapis.com
fonts.gstatic.com
forms.hscollectedforms.net
forms.hsforms.com
in.hotjar.com
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
ka-f.fontawesome.com
kit.fontawesome.com
lltrck.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
s.adroll.com
script.hotjar.com
snap.licdn.com
static.hotjar.com
stats.g.doubleclick.net
track.hubspot.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
www.nisos.com
13.107.42.14
162.159.134.42
18.66.97.10
2.17.100.193
2001:4860:4802:32::36
2600:9000:20c3:6c00:6:9280:1080:93a1
2600:9000:237d:6200:2:53b2:240:93a1
2606:4700::6810:75be
2606:4700::6810:8ace
2606:4700::6811:6bc7
2606:4700::6811:836e
2606:4700::6811:d6f3
2606:4700::6812:1634
2606:4700::6812:18c4
2606:4700::6812:893b
2606:4700::6813:9a53
2606:4700:e6::ac40:ca1c
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:806::2003
2a00:1450:4001:827::200e
2a00:1450:4001:828::2008
2a00:1450:4001:828::200a
2a00:1450:4001:830::2003
2a00:1450:4001:831::2004
2a00:1450:400c:c00::9b
2a02:26f0:3100::1735:28c0
2a02:26f0:480:23::1726:629c
2a05:d018:cc3:fe05:4ebd:aca3:7153:70f6
34.243.212.207
34.255.78.124
52.200.29.199
52.222.236.63
0521badda7c602b73185aa5e23dd04fcb5f5ce5e0f1d693ff2cf9474178c1fee
0a75aa5bab9865958cd01d39856dc37e96491296ef55f5d2fdce2915b1ea1c58
0e53a639010f02dd7e7c3859f82daeffa535fc069b3e4145640af023dc386f86
10fd67d6c6eac5cdfda0b370fb6b23bc1fc4b9f1f1a7cb8b401aac906f2a6822
12d03201aa733372057226d7a64c2fa3544859acb87fd88347950d1fbe66727a
1ca76922f55b389b8f590ae7e3bcc3a2dccdce3aff1e5a4335af081b76a414ea
20476c3fffc3c6f35095c566e8eff0342e3ddb73841c39b58455dc970522e7f7
226c9a2c80c75e3c5d7d197c484adb7d63e6ea36270af348bc223be73e8cd059
2414767fbf3e93d3269cb3795b6c667da0f58a8f662dfd8aabb0807243d1134f
26764edc2000ff1b83064a99effb1fe10e7cddf5b1a2c406a6d10a86b852eda6
2b4e13a4e12823ec6fe43ef5d7775abe7c9badf09c6f51693eb7722a924c68e9
2d6a60541b6205300575d1c6a1e92c4c139f4dccadfe00ff9b3a85ceb6c81110
3175dd776c73e3f90beb2340fd7d138a7fce24c1054a73f08216b1aa7e357534
36e3278d17196da0532b353687c478f36936ecc8b6493d0b176ba69fdff05427
3ac3498e2065b5dd9db302c03d1a0ac220af0ac6a7df598d26e9df912f8d9c2f
43b5c9ad80f0a5d1c63568583e9cf6cd5ca8454a680f4ee80d5d63d00b15a360
43bfa4cb8df3cc265a138e9e526679040ac26b50498319031ad41b77c6f01f84
462747422c6af30aa81a0373fa1cfd736455cef52bdbb816f67be9531d84eace
46bbc7b22b8c58dc664cd4b31da0906636b96c8d64b839b1671d3eff081f6c1e
486c0b266a6576698325f0f56089aa3891fdc3f6f0d8f162435e3bfca57848fb
4aec96eddab69454e554bb60664da2e5043c363ebef6921644f619523e7274d7
50c36bc2a71485bc6939c1f5de3d1b38ff260d9de91dac1855df0b50c35d81bd
53c6e25ad853b5a6ad922795465a0e178c87af06b8a7ab3bde53b7b6939902c8
5489746d9317f7924511ff59d5781ef51906900a231fe46684c1e512a09ef076
56c81b4086d742cf938f6fbc06de7dab26cce2ea6a889b6cf94a356251495631
57f4680898f2af59bf83a8bedb562603677780be4133457db08e6314c6438723
5bad0658ea23d85d08fe0c5484686cf9c7e7ebefefc47627c8013a0f1647c289
67154bc8868a4e60ffeb64c6512e70acb648a5420a5eb7eaf86b20bb0a8457e3
679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d
67eb879fb1645c73ccbaac598e815fd3901eb5114228021d686b8b5e470edbbd
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6ca9f43967b272f585a9feb7ffc604462bea2cd2339e0a173899fe45e95b37c5
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8
70ae0915da9da7c67f9eff7bbb9ad8088a7f8d0b5738cf498e33c923e50eb287
71e85b13d24a31d782e71da9f9192b5160369ec5ad1cb37988555d3eb93225d9
71f229efc891fac06cdafe9765967f3dc1ce71db155e7130042e7e64aab7f43a
73881513a7e7f8944a311bea8e80e9fad946e256ae74d62b5c8d469dc6df0186
754233622f501da9f79ca0d4626d442150d84aee8a909201132fa960b2bf803c
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7f148a333a7585ab1391cceb303d946f5bf1b38ba6bb8eae863125ccde728bb3
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6
80fa756dda143f69fb3ce750e905cc8188150dc4c6b7539bf3627fe26530b405
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8c90d3c0b0e49b95857fbd4a60728451deb97ac4079be355467deac9ee7de4a4
8e71262c3e6d9eac19580f7725c2f1619790e8feb7fa6f536c029d94dcedc128
8ef3755c1c0e73dd384a7a7c4d07fb899808284d0639a70d7db43fc51c3e6419
9198751141182778ff336c74f4d7e3ad6757f13199c7958dcb7be81182fa2c34
925d5ba38a0c2f9ab7df22566d1b0eec56615e69ea93b84c5e79a7f3074eb02a
9396a03f992569985b844f39a0e20187bd4f89bd03b35137050ba22c50798297
97490bd354a26885acf09c0ba5b4c3c76d12bb55193f13456d3aa2ded6eda6fd
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3
99a15b32a81b6f965c2e5bd6c582f7ffc73adfa751fc2465a00f3104e7a6cf95
a1786585ac9beb929463e7f963468e7e40da9b7b0111a0aab6673abdd2309b0b
aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a
b3c7d79390abd409e12c63a94504bbb4caa7d0234e1527b5a6a6e3c38b6520e4
b5cec8800ffe6b92993466f61ec4f4d5ee6dee946a942b9356559821585fb650
b6aed488d128d02850cfb20b4de28a2eceffddd04342f413bbe88a141235a976
ba2eeab126375c9cc2fabe9a6fe35f25dea57c52df280e6e24a790f5f45be878
ba7e231732c5791c70061b395c1d28b929f28ed1f6ec000fad64727a36c46da3
bc75fde9d885436158a8f8cf693cd18c626e9ae9ebae204e19df8832220a9588
bd94017c98cb7e9337f4bcc1e3dbf22ad1e048853d188bf896591d9e1f11af67
c35cb6c4a2a1fa2a539d286ab602431f2c6369047e24af66d3ab95bc50dae1fe
ca3af915877e0f119ce0df14dfce6249f76222c600e23882fa7c7f99788971cc
ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
ca9d3bdace9ebc26af8da67aaf1e2392aa60db9e2b889568f318a768773c3a68
db5ffd916dbeb4938cc236cb3a42e73a56987f28c5deb9f3beccbe2c4af19307
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd54d0b84122836e0d7ca34b162129cd8a48f557a7f539be1f6eba2aeb44cb19
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb
e103f8eeb3f4ba878184dea6d2137c6d5d2e0356e62fb5b8385c3d0e0ec598fd
e378721c45d2af78b05933aad86189845b438d8dc799d9def9c379fc4b2b45d8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6c19d4ee9832249a4a542057fe1cda984efb525973cb294831ec5ecc42367f7
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
ea452eadc5efaf0bc3c4c5285e5f1b4f4c92a5b01c26c99d7f5f89c9442749ac
eabc19480b6212343af7996aa06029eb00e8a05d9709b4c8b05e3222558a12f1
ece9d22203d0bc59232a7ff5bc7b4df4342c89630387b0366595ba92b724957e
eed334d1c96abd8c03aacf86a2a30fb9d391290f27e49b0fa456a7af8f1a1bf8
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
f820d93daf383e178bda2912f5bee00e90e56390597820622643fa8e5e487143
fa5ba6fab394d537af1ad89a49479e9953ab0f96251532163c794a3ccea938e3
fbcc9f3151a357828aa120dc98bafa35359d42c83b4cd39693009f43e2ae9098
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869